[go: up one dir, main page]

WO2025186249A1 - Concept for accessing a cryptocurrency wallet on a remote server - Google Patents

Concept for accessing a cryptocurrency wallet on a remote server

Info

Publication number
WO2025186249A1
WO2025186249A1 PCT/EP2025/055836 EP2025055836W WO2025186249A1 WO 2025186249 A1 WO2025186249 A1 WO 2025186249A1 EP 2025055836 W EP2025055836 W EP 2025055836W WO 2025186249 A1 WO2025186249 A1 WO 2025186249A1
Authority
WO
WIPO (PCT)
Prior art keywords
wallet
cryptocurrency
control apparatus
key
cryptographic secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/EP2025/055836
Other languages
French (fr)
Other versions
WO2025186249A8 (en
Inventor
Hugo Embrechts
Dimitri Torfs
Michele MINELLI
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Europe Bv
Sony Group Corp
Original Assignee
Sony Europe Bv
Sony Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Europe Bv, Sony Group Corp filed Critical Sony Europe Bv
Publication of WO2025186249A1 publication Critical patent/WO2025186249A1/en
Publication of WO2025186249A8 publication Critical patent/WO2025186249A8/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/223Payment schemes or models based on the use of peer-to-peer networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3678Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes e-cash details, e.g. blinded, divisible or detecting double spending
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Definitions

  • the present disclosure relates to a concept for accessing a cryptocurrency wallet on a remote server, and in particular to a wallet control apparatus, wallet control method, and wallet control computer program, to a wallet service apparatus, wallet service method and wallet service computer program.
  • Cryptocurrencies i.e., currencies that exist digitally and use cryptography to secure transactions, e.g., on a blockchain
  • Cryptocurrency transactions usually involve the use of a so-called wallet, which is a computer program being used to store and manage cryptographic secrets that can be used to sign cryptocurrency transactions.
  • a cryptocurrency transaction on the blockchain is a digital event that records a transfer of cryptocurrency units from one address to another. This process is facilitated by blockchain technology, which acts as a decentralized and distributed ledger. Each transaction is securely encrypted and needs to be verified and confirmed by the network participants, known as nodes or miners, before it is permanently added to the blockchain.
  • a first type of wallet is referred to as “self-custodial wallet”.
  • self-custodial wallets the wallet owners do not rely on a third party to store and operate private keys that control the assets in the wallet.
  • self-custodial wallets such as hardware wallets, also called cold storage, web or mobile wallets, and desktop wallets.
  • the recovery of lost, stolen, or broken devices is typically possible by using a recovery phrase (often 24 words) with which the keys can be regenerated. This recovery phrase must be stored in a safe place.
  • Self-custodial wallets may be considered to carry a high risk for permanent loss because of human errors.
  • a second type of wallet is referred to as “custodial wallet”.
  • the wallet owner delegates the storage and operation of the private keys that control assets in a wallet to a third party.
  • these third parties such as big exchange markets, do not store the assets in individual wallets but keep them in large pools. In this respect, the wallet is more like an account on the bank.
  • custodial wallets may be vulnerable to large- scale attacks on custodial wallet providers.
  • the risk of bankruptcies of custodial wallet providers (sometimes because of large scale attacks) is non-negligible.
  • a third type of wallet is referred to as “smart contract wallet”.
  • the assets in a smart contractbased wallet are controlled by an (Ethereum) smart contract.
  • Such smart contract wallets provide a number of different features, such as multi-signature authorization, rate limits, social recovery (friends can help recover the wallet), temporary locking of wallet, etc.
  • smart contract wallets may be considered to be still rather sensitive to human errors (so that the wallet owners need to be well organized).
  • the adaptation of concepts such as smart contracts is growing.
  • the present disclosure proposes a wallet control apparatus that is external to a cryptocurrency wallet.
  • the wallet control apparatus is associated with an owner of the cryptocurrency wallet hosted in a trusted execution environment (TEE) on a remote server.
  • the wallet control apparatus may be implemented as a portable user device, such as smartphones, tablet PCs, laptop PCs, desktop PCs, etc.).
  • the TEE also sometimes referred to as “enclave” refers to a secure area in the remote server designed to ensure that sensitive data is stored, processed, and protected in a secure environment.
  • the TEE offers a level of protection against software attacks and provides a secure execution space for confidential and critical operations. This secure area may be isolated in terms of processing and memory from the rest of the remote server’s operating system and applications, ensuring that code and data loaded into the TEE are protected with respect to confidentiality and integrity.
  • the wallet control apparatus comprises processing circuitry which is configured to store, in a memory of or associated with the wallet control apparatus, information on at least one cryptographic secret associated with the cryptocurrency wallet and used (by the TEE) for signing transactions on a cryptocurrency blockchain.
  • the cryptographic secret associated with the cryptocurrency wallet and used (by the TEE) for signing transactions on a cryptocurrency blockchain may be a (private) wallet key or an entropy, from which wallet keys can be derived.
  • the transaction may involve a transfer of cryptocurrency units from one wallet address to another. This process may be facilitated by the blockchain, which acts as a decentralized ledger that records all transactions across a network of computers.
  • the memory storing the information on the at least one cryptographic secret may be internal memory of the wallet control apparatus or may be external memory to the wallet control apparatus (such as a cloud storage, for example).
  • the processing circuitry of the wallet control apparatus is further configured to send the cryptographic secret (e.g. wallet key) from the wallet control apparatus to the remote server for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
  • the wallet key(s) need not be kept in the cryptocurrency wallet or the TEE itself, but may be stored externally at the wallet control apparatus or a cloud storage associated with the user/owner of the cryptocurrency wallet hosted in the TEE. In this way, upgrading the TEE to a new release may be simplified, for example.
  • the cryptographic secret is a private key of the cryptocurrency wallet for performing transactions on the cryptocurrency blockchain or an entropy value from which wallet keys may be derived.
  • the private key may be regarded a piece of cryptographic data that enables a user to access and manage their cryptocurrency holdings.
  • the private key may be a long, secure, random alphanumeric code that may be used in cryptographic systems to sign transactions and prove ownership of a blockchain address. In the world of cryptocurrencies, it may act as a password to unlock and spend the funds associated with a public address.
  • the processing circuitry of the wallet control apparatus is further configured to receive the at least one cryptographic secret (e.g.
  • the cryptographic secret e.g. wallet key, entropy value
  • the cryptographic secret may be generated by the cryptocurrency wallet and then sent to the wallet control apparatus.
  • the cryptographic secret (e.g. wallet key, entropy value) is encrypted with a first master key of the cryptocurrency wallet.
  • the cryptographic secret may not be transferred between devices unencrypted.
  • the first master key may be a key of a symmetric encryption scheme.
  • the processing circuitry of the wallet control apparatus is configured to store the (received) cryptographic secret (e.g. wallet key, entropy value) encrypted with the first master key of the cryptocurrency wallet in a memory of or a memory associated with the wallet control apparatus.
  • the processing circuitry of the wallet control apparatus may be also configured to send the encrypted cryptographic secret from the wallet control apparatus to the remote server for signing the transactions on the cryptocurrency blockchain.
  • the cryptographic secret e.g., wallet key
  • the cryptographic secret may be sent in encrypted form from the wallet control apparatus to the TEE on the remote server.
  • the first master key may be a key of a symmetric encryption scheme of the of the cryptocurrency wallet, which may be generated at the remote server upon generation of the cryptocurrency wallet in the TEE.
  • the first master key may not be available outside the TEE.
  • the processing circuitry of the wallet control apparatus is further configured to receive the encrypted cryptographic secret in a message which is encrypted with a second master key of the cryptocurrency wallet.
  • the second master key may be a private master (enclave) key of the TEE.
  • the processing circuitry of the wallet control apparatus is further configured to receive a second public master key of the cryptocurrency wallet from the remote server upon generation of the TEE.
  • the second public master key may be the public enclave key of the TEE.
  • the public enclave key, along with its corresponding private key, may be generated as part of the initialization process of the TEE or enclave.
  • the public enclave key may be understood as the public part of a key pair used in the context of a TEE or a similar secure enclave, such as Intel's Software Guard Extensions (SGX) or AWS Nitro enclave, for example.
  • SGX Software Guard Extensions
  • AWS Nitro enclave for example.
  • the processing circuitry of the wallet control apparatus is further configured to include the cryptographic secret (e.g., wallet key) in a control instruction for the cryptocurrency wallet.
  • the processing circuitry of the wallet control apparatus is further configured to encrypt or sign the control instruction using the second (public) master key of the TEE (e.g., enclave key) and to send the encrypted/signed control instruction including the cryptographic secret from the wallet control apparatus to the remote server hosting the cryptocurrency wallet.
  • a purpose of the second (public) master key of the TEE may be to protect the message/instruction sent from the wallet control apparatus to the remote server/TEE. Then the wallet control apparatus can be sure that the message cannot be read outside the TEE.
  • control instructions may be signed using a (private) authorization key associated with the wallet control apparatus.
  • the present disclosure proposes a mobile device comprising the wallet control apparatus of any one of the previous examples.
  • the mobile device refers to portable electronic devices that allow users to access, manage, and communicate data and information while on the move. These devices may have wireless connectivity capabilities, such as Wi-Fi and Bluetooth, and may include cellular connectivity to access the internet and mobile networks. Examples of mobile user devices include smartphones, tablets, laptops and notebooks, etc.
  • the present disclosure proposes a method for controlling a cryptocurrency wallet hosted in a trusted execution environment on a remote server. The method may be a computer-implemented method.
  • the proposed method includes storing, in a memory of or associated with the wallet control apparatus, information on at least one cryptographic secret (e.g., wallet key, entropy value) associated with the cryptocurrency wallet and for signing transactions on a cryptocurrency blockchain, and sending the cryptographic secret from the wallet control apparatus to the remote server hosting the cryptocurrency wallet for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
  • a cryptographic secret e.g., wallet key, entropy value
  • the present disclosure proposes a computer program having computer-readable instructions that, when executed by a processor, perform the above method.
  • the present disclosure proposes a wallet service apparatus comprising processing circuitry configured to provide a trusted execution environment (TEE), host a cryptocurrency wallet inside the TEE, and host a wallet service application inside the TEE.
  • the wallet service application running on the processing circuitry of the wallet service apparatus is configured to receive a cryptographic secret (e.g., wallet key) from a remote wallet control apparatus associated with an owner of the cryptocurrency wallet for signing transactions on a cryptocurrency blockchain using the cryptographic secret.
  • a cryptographic secret e.g., wallet key
  • the cryptographic secret received from the remote wallet control apparatus is private key (or an entropy value) of the cryptocurrency wallet for performing transactions on the cryptocurrency blockchain.
  • the private key may be regarded a piece of cryptographic data that enables a user to access and manage their cryptocurrency holdings.
  • the private key may be used in cryptographic systems to sign transactions and prove ownership of a blockchain address.
  • the processing circuitry of the wallet service apparatus is configured to send information on the at least one cryptographic secret (e.g., wallet key(s), entropy value) for signing the transactions on the cryptocurrency blockchain to the remote wallet control apparatus upon generation of the cryptocurrency wallet in the TEE.
  • the processing circuitry of the wallet service apparatus is configured to send the cryptographic secret encrypted with a first master key of the cryptocurrency wallet.
  • the first master key may be a symmetric key for encrypting /decrypting the cryptographic secret.
  • the processing circuitry of the wallet service apparatus is configured to send the encrypted cryptographic secret in a message, the message being encrypted with a second master key of the cryptocurrency wallet.
  • the second master key may be a second private master key of the TEE.
  • the second private master key may be the private enclave key of the TEE.
  • the processing circuitry of the wallet service apparatus is configured to send a second public master key of the TEE to the remote wallet control apparatus upon generation of the TEE.
  • the second master key may be the public enclave key of the TEE.
  • the second public master key, along with its corresponding private key, may be generated as part of the initialization process of the TEE or enclave.
  • the processing circuitry of the wallet service apparatus is configured to receive (from the remote wallet control apparatus) the cryptographic secret being encrypted with the first master key of the cryptocurrency wallet, decrypt the encrypted cryptographic secret using the first master key of the cryptocurrency wallet, and sign a transaction on the cryptocurrency blockchain using the decrypted cryptographic secret (e.g., wallet key).
  • the processing circuitry of the wallet service apparatus is configured to receive (from the remote wallet control apparatus) the encrypted cryptographic secret (e.g., wallet key) in an encrypted control instruction for the cryptocurrency wallet.
  • the control instruction is encrypted using the second public master key of the TEE.
  • the processing circuitry of the wallet service apparatus is further configured to decrypt the encrypted control instruction using a second private master key of the TEE.
  • the processing circuitry of the wallet service apparatus is further configured to apply further layers of authentication to control instructions for the cryptocurrency wallet.
  • control instructions may be decrypted using a (public) authorization key associated with the wallet control apparatus.
  • the present disclosure proposes a wallet service method.
  • the method may be a computer-implemented method.
  • the proposed method includes providing a TEE, hosting a cryptocurrency wallet inside the TEE, and receiving a cryptographic secret from a remote wallet control apparatus associated with an owner of the cryptocurrency wallet for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
  • wallet keys may be still encrypted by a master secret only known by the wallet support service and the wallet keys may be decrypted inside the TEE/enclave of the wallet service apparatus.
  • the wallet service apparatus may only temporarily need to decrypt and manipulate the key when performing a transaction. For this it may receive the encrypted wallet key from the wallet owner’s device every time again when a transaction needs to be performed.
  • An upgrade of the TEE/enclave code is not problematic anymore since the wallet service apparatus at no time has access to any (encrypted) wallet key outside of the TEE/enclave. Operators cannot get hold of any wallet key, even if procedures are not respected.
  • Fig. 1A shows a block diagram of an example of a wallet control apparatus
  • Fig. IB shows a flow chart of an example of a wallet control method
  • Fig. 2A shows a block diagram of an example of a wallet service apparatus and of a system comprising the wallet service apparatus and a wallet control apparatus;
  • Fig. 2B shows a flow chart of an example of a wallet service method
  • Fig. 3 shows a first schematic diagram of a system comprising a wallet control apparatus and a remote server hosting a cryptocurrency wallet;
  • Fig. 4 shows a second schematic diagram of a system comprising a wallet control apparatus and a remote server hosting a cryptocurrency wallet;
  • Fig. 5 shows a third schematic diagram of a system comprising a wallet control apparatus and a remote server hosting a cryptocurrency wallet.
  • a wallet control apparatus 110 (and corresponding wallet control method, wallet control computer program, and mobile device 100 comprising the wallet control apparatus 110) and a wallet service apparatus 210 (and corresponding wallet service method, wallet service computer program, and remote server 200 comprising the wallet service apparatus 210).
  • a wallet control apparatus 110 and corresponding wallet control method, wallet control computer program, and mobile device 100 comprising the wallet control apparatus 110
  • a wallet service apparatus 210 and corresponding wallet service method, wallet service computer program, and remote server 200 comprising the wallet service apparatus 210.
  • these two components interact with each other. Accordingly, a major portion of the following introduction will focus on the interaction between the two components.
  • Fig. 1A shows a block diagram of an example of a wallet control apparatus 110 associated with an owner of a cryptocurrency wallet hosted in a trusted execution environment (TEE) on the remote server 200.
  • the wallet control apparatus 110 comprises processing circuitry 114, which is configured to provide the functionality of the wallet control apparatus 110.
  • the wallet control apparatus 110 further comprises an interface 112 (e.g., interface circuitry) for communicating with other entities, such as remote server 200 (shown in Fig. 2A), and/or storage circuitry 116 for storing information.
  • the processing circuitry 114 shown in Figs, 1 A is coupled with the optional interface 112 and the optional storage circuitry 116.
  • processing circuitry 114 may be configured to provide the functionality of the wallet control apparatus 110 in conjunction with the interface 112 (for communicating) and/or with storage circuitry 116 (for storing and retrieving information).
  • wallet control apparatus 110 may be part of a computer system, such as a personal computer, a tablet computer, or a smartphone.
  • the wallet control apparatus may be part of a mobile device 100, such as a tablet computer or smartphone.
  • the functionality of the wallet control apparatus may be provided as software, e.g., as a wallet control application being executed by the respective computer system.
  • the processing circuitry 114 of wallet control apparatus 110 is configured to store, in a memory associated with the wallet control apparatus 110 (or with the owner of a cryptocurrency wallet), information on at least one cryptographic secret associated with the cryptocurrency wallet and used for signing transactions on a cryptocurrency blockchain.
  • the memory storing the cryptographic secret for signing cryptocurrency transactions may be the storage circuitry 116 of wallet control apparatus 110. In other embodiments, it may also be a memory of another remote server (e.g., a cloud storage) associated with the owner of wallet control apparatus 110. According to embodiments of the present disclosure, the memory storing the cryptographic secret for signing cryptocurrency transactions is located outside the TEE of the remote server 200.
  • the cryptographic secret for signing transactions on the cryptocurrency blockchain may be a wallet key or the entropy, from which keys can be derived.
  • a wallet key in the context of cryptocurrency refers to a cryptographic key that enables a user to access and manage their cryptocurrency holdings within the digital cryptocurrency wallet.
  • the wallet key is fundamental to the operation of cryptocurrency wallets, as it provides the security mechanism for authenticating transactions and controlling access to cryptocurrency assets.
  • a private wallet key may be a secret alphanumeric code that is used to sign transactions, proving ownership of the cryptocurrency in a specific wallet.
  • the private key may be used to generate digital signatures for transactions. These signatures may verify that the transaction has been authorized by the owner of the wallet. Derived from the private wallet key using cryptographic algorithms, a public wallet key can be shared with others.
  • wallet address (a hashed version of the public key), to which others can send cryptocurrency.
  • the relationship between the public wallet key and the private wallet key may ensure that only the holder of the private wallet key can access funds sent to the wallet address.
  • the public wallet key may be used in the verification process of transactions.
  • the corresponding public wallet key can be used by the network to verify that the transaction was indeed authorized by the owner of the private wallet key.
  • private wallet keys are stored at the remote server 200 hosting the cryptocurrency wallet. However, this may be problematic, even when using TEEs or enclaves, especially since the service must be upgradable.
  • Upgrading TEEs or enclaves may involve manual procedures to hand over a master key to a new release of the enclave code, whenever a new release is necessary or desirable. If the procedures are not respected, an operator of the service could get hold of all wallet keys. Permanently storing all wallet keys in the TEE or enclave may also make the service more vulnerable for attacks. Therefore, the present disclosure proposes to store the wallet key(s) outside the TEE / enclave, for example in storage circuitry 116 of wallet control apparatus 110 or in a cloud storage associated with the owner of a cryptocurrency wallet.
  • the processing circuitry 114 of wallet control apparatus 110 is configured to send or transmit (e.g., via the interface 112) the cryptographic secret for signing transactions on the cryptocurrency blockchain (e.g., wallet key) for signing the transactions from the wallet control apparatus 110 to the remote server 200. That is, one or more wallet keys may be provided from the wallet control apparatus 110 to the TEE on the remote server 200 hosting the cryptocurrency wallet on demand, whenever a cryptocurrency transaction is to be carried out.
  • the cryptographic secret for signing transactions on the cryptocurrency blockchain e.g., wallet key
  • Fig. IB shows a flow chart of an example of a corresponding wallet control method 10 for controlling the cryptocurrency wallet hosted in the TEE on remote server 200.
  • Method 10 comprises storing 11, in the memory 116 associated with the wallet control apparatus 110 (or the owner), the cryptographic secret associated with the cryptocurrency wallet and for signing transactions on the cryptocurrency blockchain.
  • Method 10 further includes sending 12 (e.g., via the interface 112) the cryptographic secret from the wallet control apparatus 110 to the remote server 200 hosting the cryptocurrency wallet for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
  • Fig. 2A shows a block diagram of an example of a wallet service apparatus 210.
  • the wallet service apparatus 210 comprises processing circuitry 214, which is configured to provide the functionality of the wallet service apparatus 210.
  • the wallet service apparatus 210 further comprises an interface 212 (e.g., interface circuitry) for communicating with other entities, such as the wallet control apparatus 110 or mobile device 100, and/or storage circuitry 216 for storing information.
  • the processing circuitry 214 shown in Figs, 2A is coupled with the optional interface 212 and the optional storage circuitry 216.
  • the processing circuitry 214 may be configured to provide the functionality of the wallet service apparatus 210 in conjunction with the interface 212 (for communicating) and/or with the storage circuitry 216 (for storing and retrieving information).
  • the wallet service apparatus 210 may be part of a computer system, such as server 200.
  • the functionality of the wallet service apparatus 210 may be provided or controlled via software, e.g., by a wallet service application and/or an application for controlling the T
  • the processing circuitry 214 of wallet service apparatus 210 is configured to provide the TEE 220.
  • the processing circuitry 214 is configured to host a cryptocurrency wallet inside the TEE 220.
  • the processing circuitry 214 is configured to host a wallet service application 230 inside the TEE 220.
  • the wallet service application 230 is configured to receive at least one cryptographic secret (e.g., private wallet key) for signing transactions on a cryptocurrency blockchain from the remote wallet control apparatus 110 associated with the owner of the cryptocurrency wallet.
  • the wallet service application 230 may further be configured to sign the transaction(s) on the cryptocurrency blockchain using the received cryptographic secret.
  • Fig. 2A further shows a server 200 comprising the wallet service apparatus 210.
  • Fig. 2A further shows a system comprising the wallet service apparatus 210 and the wallet control apparatus 110, e.g., the server 200 comprising the wallet service apparatus 210 and the mobile device 100 comprising the wallet control apparatus 110.
  • Fig. 2B shows a flow chart of an example of a corresponding wallet service method 20.
  • the wallet service method 20 includes comprises providing 21 the TEE.
  • the wallet service method 20 includes hosting 22 the cryptocurrency wallet inside the TEE.
  • the wallet service method 20 includes hosting 23 the wallet service application inside the TEE.
  • the wallet service application performs the act 24 of receiving the cryptographic secret (e.g., private wallet key) for signing transactions on a cryptocurrency blockchain from a remote wallet control apparatus 110 associated with the owner of the cryptocurrency wallet.
  • the wallet service application may further perform the act of signing the transaction(s) on the cryptocurrency blockchain using the received cryptographic secret.
  • the cryptographic secret e.g., private wallet key
  • wallet control apparatus 110 wallet control method 10
  • wallet control computer program and mobile device 100 wallet control computer program and mobile device 100
  • Features introduced in connection with the wallet control apparatus 110 and wallet service apparatus 210 may likewise be included in the wallet control method 10, wallet control computer program and mobile device 100, and wallet service method 20, wallet service computer program and server 200, respectively.
  • the proposed concept is directed at storing a cryptographic secret (e.g., private wallet key) for signing transactions on a cryptocurrency blockchain outside the cryptocurrency wallet hosted by TEE 220.
  • a cryptographic secret e.g., private wallet key
  • the respective cryptographic secrets may be generated at the wallet service apparatus 210 and may then be communicated to the remote wallet control apparatus 110 to be stored in the storage circuitry 116 or another storage associated with the wallet control apparatus 110.
  • the cryptocurrency wallet is stored in TEE 220 of server 200.
  • the wallet service apparatus 210 is configured to provide, e.g., make available, control, or make accessible such a TEE.
  • TEEs There are various implementations of TEEs.
  • a TEE may also be called a secure enclave, for example.
  • a TEE is an execution environment that is encapsulated from (i.e., shielded from) other processes being executed on the processing circuitry providing the TEE.
  • processes being executed outside the particular TEE may be unable to read out, or write into, data or code being contained in the TEE.
  • the contents of the wallet, and the wallet service application might not be accessible from outside the TEE, e.g., except for an interface being used to update the wallet service application.
  • the software code of the wallet service application 230 being executed in the TEE 220 may be audited by a third party. It may be updated using the above-referenced interface, which may be cryptographically protected. The contents of the wallet may remain shielded inside the TEE 220 at any point.
  • public-private-key cryptography is used.
  • a private key of a cryptographic key pair is used to sign something, e.g., an instruction, or a certificate of identity, and the corresponding public key can be used to verify the signature.
  • the public key of the cryptographic key pair can be used to encrypt a piece of information, while the private key can be used to decrypt the piece of for- mation.
  • the cryptographic secret for signing transactions on a cryptocurrency blockchain may be a private wallet key of a cryptographic key pair.
  • the interface 112; 212 of the wallet control apparatus 110 and/or the wallet service apparatus 210 may correspond to one or more inputs and/or outputs for receiving and/or transmitting information, which may be in digital (bit) values according to a specified code, within a module, between modules or between modules of different entities.
  • the interface 112; 212 of the wallet control apparatus 110 and/or the wallet service apparatus 210 may comprise interface circuitry configured to receive and/or transmit information.
  • the processing circuitry 114; 214 of the wallet control apparatus 110 and/or the wallet service apparatus 210 may be implemented using one or more processing units, one or more processing devices, any means for processing, such as a processor, a computer or a programmable hardware component being operable with accordingly adapted software.
  • the described function of the 114; 214 of the wallet control apparatus 110 and/or the wallet service apparatus 210 may as well be implemented in software, which is then executed on one or more programmable hardware components.
  • Such hardware components may comprise a general-purpose processor, a Digital Signal Processor (DSP), a microcontroller, etc.
  • DSP Digital Signal Processor
  • At least the processing circuitry 214 of the wallet service apparatus 210 may be suitable for, e.g., configured to, providing/provide a trusted execution environment, such as Intel Software Guard Extensions, AMD Platform Security Processor or Secure Encrypted Virtualization, ARM TrustZone or RISC-V MultiZone, or AWS Nitro enclave.
  • a trusted execution environment such as Intel Software Guard Extensions, AMD Platform Security Processor or Secure Encrypted Virtualization, ARM TrustZone or RISC-V MultiZone, or AWS Nitro enclave.
  • the storage circuitry 116; 216 of the wallet control apparatus 110 and/or the wallet service apparatus 210 may comprise at least one element of the group of a computer readable storage medium, such as an magnetic or optical storage medium, e.g. a hard disk drive, a flash memory, Floppy-Disk, Random Access Memory (RAM), Programmable Read Only Memory (PROM), Erasable Programmable Read Only Memory (EPROM), an Electronically Erasable Programmable Read Only Memory (EEPROM), or a network storage.
  • a computer readable storage medium such as an magnetic or optical storage medium, such as an magnetic or optical storage medium, e.g. a hard disk drive, a flash memory, Floppy-Disk, Random Access Memory (RAM), Programmable Read Only Memory (PROM), Erasable Programmable Read Only Memory (EPROM), an Electronically Erasable Programmable Read Only Memory (EEPROM), or a network storage.
  • wallet control apparatus 110 More details and aspects of the wallet control apparatus 110, wallet service apparatus 210, remote server 200, wallet control method 10, wallet service method 20, system and computer program are mentioned in connection with the proposed concept, or one or more examples described above or below (e.g., Fig. 3 to 5).
  • the wallet control apparatus, wallet service apparatus, remote server, wallet control method, wallet service method, system and computer program may comprise one or more additional optional features corresponding to one or more aspects of the proposed concept, or one or more examples described above or below.
  • guarded (crypto) wallet is a new wallet type, which may be suitable for the average, non-tech savvy user who is not well organized. For example, it may be setup as a (paid) service that releases the user from worries about loss of keys. It may provide an easy, unsophisticated user experience, e.g., with a minimal user configuration for recovery. If possible, it may be implemented as a self-custodial wallet, while carrying a reduced security risk for (large scale) attacks.
  • the proposed concept comprises three components - the remote server 200, which may be a cloud service that receives the wallet assets (private keys) using secure enclave technology (like Intel SGX or AWS Nitro enclave) in such a way that the cloud provider cannot access the wallet assets.
  • the wallet may be operated by the users from a wallet control apparatus 110 (the second component) which may be hosted by a mobile phone 100, from which signed wallet instructions including wallet keys are sent to the wallets in the cloud where the wallet instructions are executed.
  • an external authentication infrastructure outside the control of the cloud service may be used for wallet access and/or recovery.
  • an SSI (Self-Sovereign Identity) infrastructure may be used.
  • SSI keys may be used that the user has registered with a government authority and for which the user received verifiable credentials.
  • other forms of authentication infrastructure may be used for access to government websites, banking services, etc.
  • the cloud service may configure trust anchors, ideally inside the enclave. These may be updated through software updates.
  • Fig- 3 shows a schematic diagram of a system 300 comprising a wallet control apparatus 110 hosting a wallet control app 310 and a remote wallet service apparatus 210 hosting a cryptocurrency wallet 320.
  • Fig. 3 shows the wallet support service with the secure enclave(s) 330 (the TEE).
  • the secure enclave 330 shields a cloud owner 340 from the operations in the enclave (so that a self-custodial cryptocurrency wallet can be implemented).
  • the enclave 330 may isolate small kernels of security sensitive code (such as the wallet service application) from the operating system and main software stacks. It may provide strong protection against attacks.
  • the wallet control apparatus 110 stores information on one or more private keys (or entropy values) 350 of the cryptocurrency wallet 320 for performing transactions on the cryptocurrency blockchain 360.
  • the information on the one or more private keys (or entropy values) 350 of the cryptocurrency wallet 320 may also be stored in a personal cloud storage (not shown) of the wallet owner 340.
  • the information on the one or more private wallet keys 350 may be one or more private keys themselves.
  • the information on the one or more private wallet keys 350 may be one or more entropy values from which several wallet keys may be derived, each of which can be used to sign blockchain transaction according to the concept of HD (Hierarchical Deterministic) wallet.
  • Entropy is a measure of randomness.
  • a high-entropy value typically 128 bits, 256 bits, or longer, may serve as a seed from which all subsequent keys are derived.
  • the entropy value may be generated from random physical movements (like mouse movements or keystroke timings) or secure random number generators provided by an operating system. It should be truly random to ensure the security of the derived keys.
  • the entropy may then be converted into a mnemonic phrase (a series of easy-to-remember words), allowing users to back up and restore their wallets.
  • This mnemonic through a deterministic process, can generate a master private key and chain code for the HD wallet. From the master private key and chain code, a virtually unlimited number of child wallet keys can be generated.
  • These wallet keys are organized in a tree-like structure with various branches, allowing for organized management of multiple cryptocurrency addresses and accounts within a single wallet.
  • the entropy value or the private wallet keys 350 may be created/generated at several moments in the lifecycle of cryptocurrency wallet 320, depending on the type of wallet and the method used for generating keys. For example, a common moment for generating the entropy value or a private wallet key 350 is during an initial setup of the cryptocurrency wallet 320. Thus, the entropy value or the private wallet key(s) 350 may be generated as part of the wallet creation process. Thus, upon generation of the cryptocurrency wallet 320 at remote server 200, the entropy value or the private wallet key(s) 350 may be generated by the cryptocurrency wallet and may then be sent or transmitted from server 200 to the wallet control apparatus 110. Compared to conventional cryptocurrency wallet concepts, the proposed concept does not store the entropy value or the wallet keys 350 at the server 200 hosting the cryptocurrency wallet 320 but external to that in the wallet control apparatus 110 or in personal cloud storage (not shown) of the wallet owner 340.
  • the wallet control apparatus 110 may be configured to receive the entropy value and/or the private wallet key(s) 350 from the remote server 200 upon generation of the cryptocurrency wallet 320. The received the entropy value and/or the private wallet key(s) 350 may then be stored either in the wallet control apparatus 110 or in personal cloud storage (not shown) of the wallet owner 340.
  • the entropy value and/or the private wallet key(s) 350 may be encrypted with a first master key 370 of the cryptocurrency wallet 320.
  • the first master key 370 may be used to encrypt the entropy value and/or private wallet key(s) 350 of the cryptocurrency wallet 320.
  • the entropy value and/or the private wallet key(s) 350 may not be transferred between the devices 110, 200 unencrypted.
  • the first master key 370 associated with the cryptocurrency wallet 320 may be a (symmetric) key of a symmetric encryption scheme.
  • a symmetric encryption scheme is a type of cryptographic system where the same key is used for both encryption of plaintext and decryption of ciphertext. This means that the sender and the recipient may share the same secret key (first master key 370), which must be kept confidential. For example, the symmetrical key (first master key 370) is not shared but left at the remote server side.
  • wallet control apparatus 110 may be configured to store the encrypted entropy value and/or the encrypted private wallet key(s) 350 which are encrypted with the first master key 370 of the cryptocurrency wallet in the storage circuitry 116 of the wallet control apparatus 110 or in personal cloud storage (not shown) of the wallet owner 340.
  • the wallet service apparatus 210 may send the encrypted cryptographic secret(s) 350 encrypted with the first master key 370 to wallet control apparatus 110 in a secure message which is encrypted or signed with a second master key of the cryptocurrency wallet 320.
  • the second master key may be a private enclave key of the enclave 330.
  • the secure message carrying the encrypted cryptographic secret(s) may be decrypted using the second public master key of the cryptocurrency wallet 320.
  • the second public master key may be a public enclave key of the enclave 330.
  • the public enclave key may be understood as the public part of a key pair used in the context of the TEE enclave, such as Intel's Software Guard Extensions (SGX) or AWS Nitro enclave, for example.
  • External applications such as wallet app 310, can use the public enclave key to encrypt data before sending it to the enclave, ensuring that the data remains confidential and can only be decrypted by the enclave.
  • Enclaves may use their private keys to sign data as part of an attestation process, proving to external entities that the data was processed securely within the enclave. The external entities can use the public enclave key to verify these signatures.
  • the wallet service apparatus 210 may send the public enclave key to the wallet control apparatus 110 upon generation of the enclave 330.
  • the wallet control apparatus 110 may receive the public enclave key of the enclave 330 from the wallet service apparatus 210 upon generation of the enclave 330.
  • the public enclave key, along with its corresponding private key, may be generated as part of the initialization process of the enclave 330.
  • the wallet service apparatus 210 might send the first master key 370 of the cryptocurrency wallet 320 to the remote wallet control apparatus 110 upon generation of the cryptocurrency wallet 320. This may be done using a secure message which may be signed with a private enclave key of the enclave 330, for example.
  • wallet control apparatus 110 may be configured to receive the first master key 370 from the wallet service apparatus 210 upon generation of the cryptocurrency wallet 320.
  • Wallet control apparatus 110 may read the secure message carrying the first master key 370 using a public enclave key of the enclave 330, for example.
  • the public enclave key may have been communicated from the wallet service apparatus 210 to the wallet control apparatus 110 beforehand.
  • the first master key 370 may also be available outside the enclave, for example in the storage circuitry 116 or the personal cloud storage of the wallet owner 340, so that the first master key 370 can be backed up. In preferred embodiments, the first master key 370 is not shared outside the wallet service apparatus 210.
  • wallet control apparatus 110 may send one or more encrypted private wallet key(s) 350 from the wallet control apparatus 110 to the wallet service apparatus 210 for signing transactions on the cryptocurrency blockchain 360.
  • the wallet support service may use the first master key 370 to decrypt the encrypted private wallet key(s) 350 received from the wallet control apparatus 110.
  • Wallet service apparatus 210 may then use the decrypted private wallet key(s) 350 to sign one or more transactions on the cryptocurrency blockchain 360.
  • the wallet control apparatus 110 may be configured to include the encrypted private wallet key(s) 350 in a control instruction (message) for the cryptocurrency wallet 320.
  • the wallet control apparatus 110 may encrypt or sign the control instruction using the public enclave key of the enclave 330 and send the encrypted/signed control instruction including the encrypted private wallet key(s) 350 from the wallet control apparatus 110 to the wallet service apparatus 210.
  • a purpose of the enclave key is to protect mes- sages/instructions sent from the wallet control apparatus 110 to the wallet service apparatus 210.
  • the wallet service apparatus 210 may receive the encrypted/signed control instruction including the encrypted private wallet key(s) 350 from the wallet control apparatus 110.
  • the wallet service apparatus 210 may decrypt the encrypted/signed control instruction using its private enclave key. The result of this is that the wallet service apparatus 210 may read the instructions related to the transaction as well as the encrypted private wallet key(s) 350.
  • the wallet service apparatus 210 may then decrypt the encrypted private wallet key(s) 350 using the first master key 370 of the cryptocurrency wallet and sign the transaction(s) on the cryptocurrency blockchain 360 using the decrypted private wallet key(s) 350.
  • Fig- 4 shows an embodiment of system 300 where control instruct! on s/messages from the wallet control apparatus 110 to the wallet service apparatus 210 are encrypted/signed using the public enclave key 410.
  • a REST controller 420 in the wallet service apparatus 210 may handle the control instruc- tions/messages and responses thereto according to the principles of REST (Representational State Transfer).
  • REST is an architectural style that defines a set of constraints and principles for creating web services.
  • REST controller 420 may be responsible for processing incoming HTTP request message, executing the appropriate logic, and returning the corresponding HTTP response messages.
  • REST controller 420 may request enclave 330 to sign the transaction ⁇ ) based on the encrypted private wallet key(s) 350.
  • Enclave 330 may decrypt the private wallet key(s) 350 using the first master key 370 and sign the transaction(s).
  • the signed transact on(s) may then be forwarded enclave 330 to REST controller 420, and from REST controller 420 to a blockchain client 430 executing the transaction(s) on the blockchain 360.
  • REST controller 420 may implement further optional features of layered security, such as an authentication layer to allow a plurality of wallet control apparatuses 110 associated with the wallet owner 340 to access the cryptocurrency wallet 320.
  • the wallet service apparatus 210 may be further configured to authenticate the owner 340 of the cryptocurrency wallet vis-a-vis the wallet service application 230 based on an authorization key which may be different per device 110 from which the cloud wallet can be accessed.
  • the cloud wallet 320 may only sign a transaction if it receives an instruction from the wallet app that is signed by this device key (or authorization key).
  • the wallet service application 230 may be configured to obtain a control instruction for registering a (new) authorization key at the cryptocurrency wallet 320 from a wallet control apparatus 110.
  • the wallet service apparatus 210 may be configured to register the (new) authorization key at the cryptocurrency wallet 320.
  • the wallet service apparatus 210 may be configured to execute instructions for controlling the cryptocurrency wallet 320 that are cryptographically protected based on the (new) authorization key.
  • a (new) authorization key is installed upon authentication of the wallet control apparatus 110, for the owner 340 of the cryptocurrency wallet, at the wallet service apparatus 210.
  • the (new) authorization key registered at the at the wallet 320 may be a (new) public key of a (new) device authorization key pair.
  • Control instructions from the one of the plurality of wallet control apparatuses 110 may be additionally signed with the private authorization key associated with the owner 340 and/or the respective wallet control apparatus 110, for example.
  • the control instructions may be decrypted using the public authorization key associated with the wallet control apparatus 110.
  • a subset of instructions for controlling the cryptocurrency wallet 320 require inclusion of a signed identification certificate of the owner 340 of the cryptocurrency wallet (e.g., the instructions may be signed using the private key that signs the authentication requests).
  • the processing circuitry 214 may be configured to authenticate the owner 340 of the cryptocurrency wallet vis-a-vis the wallet service application being executed in the TEE 330 of the server 200 as secondary security measure for a subset of instructions for controlling the cryptocurrency wallet.
  • the subset of instructions may comprise an instruction for setting a rate limit, an instruction for removing or changing a rate limit, an instruction for setting a usage control, an instruction for removing or changing a usage control, and the control instruction for registering the (new) authorization key.
  • the processing circuitry 214 of the wallet control apparatus 210 may be configured to include the signed identification certificate (e.g., sign the respective instructions with the private key that signs the authentication requests) with the subset of instructions for controlling the cryptocurrency wallet.
  • the wallet service application being configured to execute the subset of instructions upon authentication of the owner of the cryptocurrency wallet.
  • the wallet service application may be configured to verify the subset of instructions based on the information on the signed identification certificate, based on the information on the identity of the owner of the cryptocurrency wallet (and based on the public key of the trust anchor).
  • multi-signature schemes could be used to protect large operations.
  • the wallet in the enclave 330 would only proceed with a transaction if the request to perform the transaction is signed by multiple parties.
  • a party can be another person, or another device of the wallet owner.
  • the user could still involve a vault service to keep a second copy of the wallet key (or entropy value as above), which could then be used to recover the wallet key in case something goes wrong with the device (loss of device or encrypted wallet key).
  • a vault service to keep a second copy of the wallet key (or entropy value as above), which could then be used to recover the wallet key in case something goes wrong with the device (loss of device or encrypted wallet key).
  • An example (e.g., example 1) relates to a wallet control apparatus associated with an owner of a cryptocurrency wallet hosted in a trusted execution environment on a remote server, wherein the wallet control apparatus comprises processing circuitry configured to store, in a memory associated with the wallet control apparatus, information on at least one cryptographic secret associated with the cryptocurrency wallet and for signing transactions on a cryptocurrency blockchain, and send the cryptographic secret from the wallet control apparatus to the remote server for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
  • Another example relates to a previous example (e.g., example 1) or to any other example, further comprising that the cryptographic secret is a private key or entropy of the cryptocurrency wallet for performing transactions on the cryptocurrency blockchain.
  • Another example (e.g., example 3) relates to a previous example (e.g., one of the examples 1 or 2) or to any other example, further comprising that the processing circuitry is further configured to receive the cryptographic secret for signing the transactions on the cryptocurrency blockchain from the remote server upon generation of the cryptocurrency wallet in the trusted execution environment.
  • Another example (e.g., example 4) relates to a previous example (e.g., one of the examples 1 to 3) or to any other example, further comprising that the cryptographic secret is encrypted with a first master key of the cryptocurrency wallet.
  • Another example (e.g., example 5) relates to a previous example (e.g., example 4) or to any other example, further comprising that the processing circuitry is configured to store the cryptographic secret encrypted with the first master key of the cryptocurrency wallet, and send the encrypted cryptographic secret from the wallet control apparatus to the remote server.
  • Another example relates to a previous example (e.g., one of the examples 4 or 5) or to any other example, further comprising that the first master key is a symmetric key for encrypting /decrypting the cryptographic secret.
  • Another example relates to a previous example (e.g., one of the examples 4 to 6) or to any other example, further comprising that the processing circuitry is further configured to receive the encrypted cryptographic secret in a message which is encrypted with a second master key of the cryptocurrency wallet.
  • Another example (e.g., example 8) relates to a previous example (e.g., example 7) or to any other example, further comprising that the second master key is a private enclave key of the trusted execution environment.
  • Another example (e.g., example 9) relates to a previous example (e.g., example 8) or to any other example, further comprising that the processing circuitry is further configured to receive a second public master key of the trusted execution environment from the remote server upon generation of the trusted execution environment.
  • Another example (e.g., example 10) relates to a previous example (e.g., one of the examples 1 to 9) or to any other example, further comprising that the processing circuitry is further configured to include the cryptographic secret in a control instruction for the cryptocurrency wallet, sign the control instruction using a key generated by the wallet control apparatus, and send the signed control instruction including the cryptographic secret from the wallet control apparatus to the remote server hosting the cryptocurrency wallet.
  • Another example (e.g., example 11) relates to a mobile device comprising the wallet control apparatus of any one of examples 1 to 10.
  • An example (e.g., example 12) relates to a method for controlling a cryptocurrency wallet hosted in a trusted execution environment on a remote server, the method comprising storing, in a memory associated with the wallet control apparatus, information on at least one cryptographic secret associated with the cryptocurrency wallet and for signing transactions on a cryptocurrency blockchain, and sending the cryptographic secret from the wallet control apparatus to the remote server hosting the cryptocurrency wallet for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
  • An example (e.g., example 13) relates to a wallet service apparatus comprising processing circuitry configured to provide a trusted execution environment, host a cryptocurrency wallet inside the trusted execution environment, host a wallet service application inside the trusted execution environment, configured to receive a cryptographic secret from a remote wallet control apparatus associated with an owner of the cryptocurrency wallet for signing transactions on a cryptocurrency blockchain using the cryptographic secret.
  • Another example relates to a previous example (e.g., example 13) or to any other example, further comprising that the cryptographic secret is a private key or entropy of the cryptocurrency wallet for performing transactions on the cryptocurrency blockchain.
  • Another example relates to a previous example (e.g., one of the examples 13 or 14) or to any other example, further comprising that the processing circuitry is configured to send the cryptographic secret for signing the transactions on the cryptocurrency blockchain to the remote wallet control apparatus upon generation of the cryptocurrency wallet in the trusted execution environment.
  • Another example relates to a previous example (e.g., example 15) or to any other example, further comprising that the processing circuitry is configured to send the cryptographic secret encrypted with a first master key of the cryptocurrency wallet.
  • Another example relates to a previous example (e.g., example 16) or to any other example, further comprising that the first master key is a symmetric key for encrypting /decrypting the cryptographic secret.
  • Another example (e.g., example 18) relates to a previous example (e.g., one of the examples 16 to 17) or to any other example, further comprising that the processing circuitry is further configured to send the encrypted cryptographic secret in a message, the message being encrypted with a second master key of the cryptocurrency wallet.
  • Another example relates to a previous example (e.g., example 18) or to any other example, further comprising that the second master key is a second private master key of the trusted execution environment.
  • Another example relates to a previous example (e.g., example 19) or to any other example, further comprising that the processing circuitry is further configured to send a second public master key of the trusted execution environment to the remote wallet control apparatus upon generation of the trusted execution environment.
  • Another example relates to a previous example (e.g., one of the examples 16 to 20) or to any other example, further comprising that the processing circuitry is configured to receive the cryptographic secret being encrypted with the first master key of the cryptocurrency wallet, decrypt the encrypted cryptographic secret using the first master key of the cryptocurrency wallet, and sign a transaction on the cryptocurrency blockchain using the decrypted cryptographic secret.
  • Another example relates to a previous example (e.g., example 21) or to any other example, further comprising that the processing circuitry is configured to receive the encrypted cryptographic secret in an encrypted control instruction for the cryptocurrency wallet, the control instruction being encrypted using the second public master key of the trusted execution environment, decrypt the encrypted control instruction using a second private master key of the trusted execution environment.
  • An example (e.g., example 23) relates to a wallet service method, comprising providing a trusted execution environment, hosting a cryptocurrency wallet inside the trusted execution environment, hosting a wallet service application inside the trusted execution environment, and receiving a cryptographic secret from a remote wallet control apparatus associated with an owner of the cryptocurrency wallet for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
  • Examples may further be or relate to a (computer) program including a program code to execute one or more of the above methods when the program is executed on a computer, proces- sor or other programmable hardware component.
  • steps, operations or processes of different ones of the methods described above may also be executed by programmed computers, processors or other programmable hardware components.
  • Examples may also cover program storage devices, such as digital data storage media, which are machine-, processor- or computer-readable and encode and/or contain machine-executable, processor-executable or computer-executable programs and instructions.
  • Program storage devices may include or be digital storage devices, magnetic storage media such as magnetic disks and magnetic tapes, hard disk drives, or optically readable digital data storage media, for example.
  • Other examples may also include computers, processors, control units, (field) programmable logic arrays ((F)PLAs), (field) programmable gate arrays ((F)PGAs), graphics processor units (GPU), application-specific integrated circuits (ASICs), integrated circuits (ICs) or system-on-a-chip (SoCs) systems programmed to execute the steps of the methods described above.
  • FPLAs field programmable logic arrays
  • F field) programmable gate arrays
  • GPU graphics processor units
  • ASICs application-specific integrated circuits
  • ICs integrated circuits
  • SoCs system-on-a-chip
  • aspects described in relation to a device or system should also be understood as a description of the corresponding method.
  • a block, device or functional aspect of the device or system may correspond to a feature, such as a method step, of the corresponding method.
  • aspects described in relation to a method shall also be understood as a description of a corresponding block, a corresponding element, a property or a functional feature of a corresponding device or a corresponding system.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Conventionally, private wallet keys are stored at a remote server hosting a cryptocurrency wallet. However, this may be problematic, even when using trusted execution environments (TEEs) or enclaves, especially since the service should be upgradable. Upgrading TEEs or enclaves may involve manual procedures to hand over a master key to a new release of the enclave code, whenever a new release is necessary or desirable. If the procedures are not respected, an operator of the service could get hold of all wallet keys. Permanently storing all wallet keys in the TEE or enclave may also make the service more vulnerable for attacks. Therefore, the present disclosure proposes to store the wallet key(s) outside the TEE / enclave, for example in storage circuitry of wallet control apparatus (client) or in a cloud storage associated with the owner of a cryptocurrency wallet.

Description

CONCEPT FOR ACCESSING A CRYPTOCURRENCY WALLET
ON A REMOTE SERVER
Field
The present disclosure relates to a concept for accessing a cryptocurrency wallet on a remote server, and in particular to a wallet control apparatus, wallet control method, and wallet control computer program, to a wallet service apparatus, wallet service method and wallet service computer program.
Background
Cryptocurrencies, i.e., currencies that exist digitally and use cryptography to secure transactions, e.g., on a blockchain, are a field of research and development. Cryptocurrency transactions usually involve the use of a so-called wallet, which is a computer program being used to store and manage cryptographic secrets that can be used to sign cryptocurrency transactions. A cryptocurrency transaction on the blockchain is a digital event that records a transfer of cryptocurrency units from one address to another. This process is facilitated by blockchain technology, which acts as a decentralized and distributed ledger. Each transaction is securely encrypted and needs to be verified and confirmed by the network participants, known as nodes or miners, before it is permanently added to the blockchain.
There are different classes of cryptocurrency wallets. A first type of wallet is referred to as “self-custodial wallet”. In self-custodial wallets, the wallet owners do not rely on a third party to store and operate private keys that control the assets in the wallet. There are different types of self-custodial wallets, such as hardware wallets, also called cold storage, web or mobile wallets, and desktop wallets. The recovery of lost, stolen, or broken devices is typically possible by using a recovery phrase (often 24 words) with which the keys can be regenerated. This recovery phrase must be stored in a safe place. Self-custodial wallets may be considered to carry a high risk for permanent loss because of human errors. A study shows that over 20% of all Bitcoin (a cryptocurrency) is lost permanently, e.g., due to loss of device or due to human error. This runs counter to the aim of making it easier for humans to engage in very complicated tasks without having to exert extreme mental effort or live in constant fear of making mistakes.
A second type of wallet is referred to as “custodial wallet”. When using a custodial wallet, the wallet owner delegates the storage and operation of the private keys that control assets in a wallet to a third party. Typically, these third parties, such as big exchange markets, do not store the assets in individual wallets but keep them in large pools. In this respect, the wallet is more like an account on the bank. However, custodial wallets may be vulnerable to large- scale attacks on custodial wallet providers. Moreover, the risk of bankruptcies of custodial wallet providers (sometimes because of large scale attacks) is non-negligible.
A third type of wallet is referred to as “smart contract wallet”. The assets in a smart contractbased wallet are controlled by an (Ethereum) smart contract. Such smart contract wallets provide a number of different features, such as multi-signature authorization, rate limits, social recovery (friends can help recover the wallet), temporary locking of wallet, etc. However, smart contract wallets may be considered to be still rather sensitive to human errors (so that the wallet owners need to be well organized). The adaptation of concepts such as smart contracts is growing.
There may be a demand for an improved concept for a cryptocurrency wallet, which reduces risks for the wallet owners.
Summary
This demand is addressed by the subject-matter of the appended claims.
According to a first aspect, the present disclosure proposes a wallet control apparatus that is external to a cryptocurrency wallet. The wallet control apparatus is associated with an owner of the cryptocurrency wallet hosted in a trusted execution environment (TEE) on a remote server. The wallet control apparatus may be implemented as a portable user device, such as smartphones, tablet PCs, laptop PCs, desktop PCs, etc.). The TEE (also sometimes referred to as “enclave”) refers to a secure area in the remote server designed to ensure that sensitive data is stored, processed, and protected in a secure environment. The TEE offers a level of protection against software attacks and provides a secure execution space for confidential and critical operations. This secure area may be isolated in terms of processing and memory from the rest of the remote server’s operating system and applications, ensuring that code and data loaded into the TEE are protected with respect to confidentiality and integrity.
The wallet control apparatus comprises processing circuitry which is configured to store, in a memory of or associated with the wallet control apparatus, information on at least one cryptographic secret associated with the cryptocurrency wallet and used (by the TEE) for signing transactions on a cryptocurrency blockchain. The cryptographic secret associated with the cryptocurrency wallet and used (by the TEE) for signing transactions on a cryptocurrency blockchain may be a (private) wallet key or an entropy, from which wallet keys can be derived. The transaction may involve a transfer of cryptocurrency units from one wallet address to another. This process may be facilitated by the blockchain, which acts as a decentralized ledger that records all transactions across a network of computers. The memory storing the information on the at least one cryptographic secret (e.g., wallet key, entropy value) may be internal memory of the wallet control apparatus or may be external memory to the wallet control apparatus (such as a cloud storage, for example). The processing circuitry of the wallet control apparatus is further configured to send the cryptographic secret (e.g. wallet key) from the wallet control apparatus to the remote server for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
That is, the wallet key(s) need not be kept in the cryptocurrency wallet or the TEE itself, but may be stored externally at the wallet control apparatus or a cloud storage associated with the user/owner of the cryptocurrency wallet hosted in the TEE. In this way, upgrading the TEE to a new release may be simplified, for example.
In some embodiments, the cryptographic secret is a private key of the cryptocurrency wallet for performing transactions on the cryptocurrency blockchain or an entropy value from which wallet keys may be derived. The private key may be regarded a piece of cryptographic data that enables a user to access and manage their cryptocurrency holdings. The private key may be a long, secure, random alphanumeric code that may be used in cryptographic systems to sign transactions and prove ownership of a blockchain address. In the world of cryptocurrencies, it may act as a password to unlock and spend the funds associated with a public address. In some embodiments, the processing circuitry of the wallet control apparatus is further configured to receive the at least one cryptographic secret (e.g. wallet key, entropy value) for signing the transactions on the cryptocurrency blockchain from the remote server upon generation of the cryptocurrency wallet in the TEE. Thus, upon generation of the cryptocurrency wallet in the TEE, the cryptographic secret (e.g. wallet key, entropy value) may be generated by the cryptocurrency wallet and then sent to the wallet control apparatus.
In some embodiments, the cryptographic secret (e.g. wallet key, entropy value) is encrypted with a first master key of the cryptocurrency wallet. Thus, the cryptographic secret may not be transferred between devices unencrypted. For example, the first master key may be a key of a symmetric encryption scheme.
In some embodiments, the processing circuitry of the wallet control apparatus is configured to store the (received) cryptographic secret (e.g. wallet key, entropy value) encrypted with the first master key of the cryptocurrency wallet in a memory of or a memory associated with the wallet control apparatus. The processing circuitry of the wallet control apparatus may be also configured to send the encrypted cryptographic secret from the wallet control apparatus to the remote server for signing the transactions on the cryptocurrency blockchain. Thus, whenever a cryptocurrency transaction is to be performed, the cryptographic secret (e.g., wallet key) may be sent in encrypted form from the wallet control apparatus to the TEE on the remote server.
In some embodiments, the first master key may be a key of a symmetric encryption scheme of the of the cryptocurrency wallet, which may be generated at the remote server upon generation of the cryptocurrency wallet in the TEE. The first master key may not be available outside the TEE.
In some embodiments, the processing circuitry of the wallet control apparatus is further configured to receive the encrypted cryptographic secret in a message which is encrypted with a second master key of the cryptocurrency wallet. The second master key may be a private master (enclave) key of the TEE.
In some embodiments, the processing circuitry of the wallet control apparatus is further configured to receive a second public master key of the cryptocurrency wallet from the remote server upon generation of the TEE. The second public master key may be the public enclave key of the TEE. The public enclave key, along with its corresponding private key, may be generated as part of the initialization process of the TEE or enclave. The public enclave key may be understood as the public part of a key pair used in the context of a TEE or a similar secure enclave, such as Intel's Software Guard Extensions (SGX) or AWS Nitro enclave, for example. External applications can use the public enclave key to encrypt data before sending it to the enclave, ensuring that the data remains confidential and can only be decrypted by the enclave. Enclaves may use their private keys to sign data as part of an attestation process, proving that a public enclave key is indeed generated by a genuine enclave, running specific code. Thus, the second private and public master keys form a key pair.
In some embodiments, the processing circuitry of the wallet control apparatus is further configured to include the cryptographic secret (e.g., wallet key) in a control instruction for the cryptocurrency wallet. The processing circuitry of the wallet control apparatus is further configured to encrypt or sign the control instruction using the second (public) master key of the TEE (e.g., enclave key) and to send the encrypted/signed control instruction including the cryptographic secret from the wallet control apparatus to the remote server hosting the cryptocurrency wallet. A purpose of the second (public) master key of the TEE may be to protect the message/instruction sent from the wallet control apparatus to the remote server/TEE. Then the wallet control apparatus can be sure that the message cannot be read outside the TEE.
In some embodiments, the processing circuitry of the wallet control apparatus is further configured to apply further layers of authentication to control instructions for the cryptocurrency wallet. For example, control instructions may be signed using a (private) authorization key associated with the wallet control apparatus.
According to a further aspect, the present disclosure proposes a mobile device comprising the wallet control apparatus of any one of the previous examples. The mobile device refers to portable electronic devices that allow users to access, manage, and communicate data and information while on the move. These devices may have wireless connectivity capabilities, such as Wi-Fi and Bluetooth, and may include cellular connectivity to access the internet and mobile networks. Examples of mobile user devices include smartphones, tablets, laptops and notebooks, etc. According to a further aspect, the present disclosure proposes a method for controlling a cryptocurrency wallet hosted in a trusted execution environment on a remote server. The method may be a computer-implemented method. The proposed method includes storing, in a memory of or associated with the wallet control apparatus, information on at least one cryptographic secret (e.g., wallet key, entropy value) associated with the cryptocurrency wallet and for signing transactions on a cryptocurrency blockchain, and sending the cryptographic secret from the wallet control apparatus to the remote server hosting the cryptocurrency wallet for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
According to a further aspect, the present disclosure proposes a computer program having computer-readable instructions that, when executed by a processor, perform the above method.
According to yet a further aspect, the present disclosure proposes a wallet service apparatus comprising processing circuitry configured to provide a trusted execution environment (TEE), host a cryptocurrency wallet inside the TEE, and host a wallet service application inside the TEE. The wallet service application running on the processing circuitry of the wallet service apparatus is configured to receive a cryptographic secret (e.g., wallet key) from a remote wallet control apparatus associated with an owner of the cryptocurrency wallet for signing transactions on a cryptocurrency blockchain using the cryptographic secret.
In some embodiments, the cryptographic secret received from the remote wallet control apparatus is private key (or an entropy value) of the cryptocurrency wallet for performing transactions on the cryptocurrency blockchain. The private key may be regarded a piece of cryptographic data that enables a user to access and manage their cryptocurrency holdings. The private key may be used in cryptographic systems to sign transactions and prove ownership of a blockchain address.
In some embodiments, the processing circuitry of the wallet service apparatus is configured to send information on the at least one cryptographic secret (e.g., wallet key(s), entropy value) for signing the transactions on the cryptocurrency blockchain to the remote wallet control apparatus upon generation of the cryptocurrency wallet in the TEE. In some embodiments, the processing circuitry of the wallet service apparatus is configured to send the cryptographic secret encrypted with a first master key of the cryptocurrency wallet. The first master key may be a symmetric key for encrypting /decrypting the cryptographic secret.
In some embodiments, the processing circuitry of the wallet service apparatus is configured to send the encrypted cryptographic secret in a message, the message being encrypted with a second master key of the cryptocurrency wallet. The second master key may be a second private master key of the TEE. The second private master key may be the private enclave key of the TEE.
In some embodiments, the processing circuitry of the wallet service apparatus is configured to send a second public master key of the TEE to the remote wallet control apparatus upon generation of the TEE. The second master key may be the public enclave key of the TEE. The second public master key, along with its corresponding private key, may be generated as part of the initialization process of the TEE or enclave.
In some embodiments, the processing circuitry of the wallet service apparatus is configured to receive (from the remote wallet control apparatus) the cryptographic secret being encrypted with the first master key of the cryptocurrency wallet, decrypt the encrypted cryptographic secret using the first master key of the cryptocurrency wallet, and sign a transaction on the cryptocurrency blockchain using the decrypted cryptographic secret (e.g., wallet key).
In some embodiments, the processing circuitry of the wallet service apparatus is configured to receive (from the remote wallet control apparatus) the encrypted cryptographic secret (e.g., wallet key) in an encrypted control instruction for the cryptocurrency wallet. The control instruction is encrypted using the second public master key of the TEE. The processing circuitry of the wallet service apparatus is further configured to decrypt the encrypted control instruction using a second private master key of the TEE.
In some embodiments, the processing circuitry of the wallet service apparatus is further configured to apply further layers of authentication to control instructions for the cryptocurrency wallet. For example, control instructions may be decrypted using a (public) authorization key associated with the wallet control apparatus.
According to yet another aspect, the present disclosure proposes a wallet service method. The method may be a computer-implemented method. The proposed method includes providing a TEE, hosting a cryptocurrency wallet inside the TEE, and receiving a cryptographic secret from a remote wallet control apparatus associated with an owner of the cryptocurrency wallet for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
Instead of giving the wallet service apparatus full responsibility of storing and manipulating wallet keys, it is proposed to store the wallet keys or an entropy value for generating wallet keys at the wallet control apparatus of the wallet owner (end user) or a cloud storage. The wallet keys may be still encrypted by a master secret only known by the wallet support service and the wallet keys may be decrypted inside the TEE/enclave of the wallet service apparatus. However, the wallet service apparatus may only temporarily need to decrypt and manipulate the key when performing a transaction. For this it may receive the encrypted wallet key from the wallet owner’s device every time again when a transaction needs to be performed. An upgrade of the TEE/enclave code is not problematic anymore since the wallet service apparatus at no time has access to any (encrypted) wallet key outside of the TEE/enclave. Operators cannot get hold of any wallet key, even if procedures are not respected.
Brief description of the Figures
Some examples of apparatuses and/or methods will be described in the following by way of example only, and with reference to the accompanying figures, in which
Fig. 1A shows a block diagram of an example of a wallet control apparatus;
Fig. IB shows a flow chart of an example of a wallet control method; Fig. 2A shows a block diagram of an example of a wallet service apparatus and of a system comprising the wallet service apparatus and a wallet control apparatus;
Fig. 2B shows a flow chart of an example of a wallet service method;
Fig. 3 shows a first schematic diagram of a system comprising a wallet control apparatus and a remote server hosting a cryptocurrency wallet;
Fig. 4 shows a second schematic diagram of a system comprising a wallet control apparatus and a remote server hosting a cryptocurrency wallet; and
Fig. 5 shows a third schematic diagram of a system comprising a wallet control apparatus and a remote server hosting a cryptocurrency wallet.
Detailed Description
Some examples are now described in more detail with reference to the enclosed figures. However, other possible examples are not limited to the features of these embodiments described in detail. Other examples may include modifications of the features as well as equivalents and alternatives to the features. Furthermore, the terminology used herein to describe certain examples should not be restrictive of further possible examples.
Throughout the description of the figures same or similar reference numerals refer to same or similar elements and/or features, which may be identical or implemented in a modified form while providing the same or a similar function. The thickness of lines, layers and/or areas in the figures may also be exaggerated for clarification.
When two elements A and B are combined using an “or”, this is to be understood as disclosing all possible combinations, i.e. only A, only B as well as A and B, unless expressly defined otherwise in the individual case. As an alternative wording for the same combinations, "at least one of A and B" or "A and/or B" may be used. This applies equivalently to combinations of more than two elements. If a singular form, such as “a”, “an” and “the” is used and the use of only a single element is not defined as mandatory either explicitly or implicitly, further examples may also use several elements to implement the same function. If a function is described below as implemented using multiple elements, further examples may implement the same function using a single element or a single processing entity. It is further understood that the terms "include", "including", "comprise" and/or "comprising", when used, describe the presence of the specified features, integers, steps, operations, processes, elements, components and/or a group thereof, but do not exclude the presence or addition of one or more other features, integers, steps, operations, processes, elements, components and/or a group thereof.
In Figs. 1A to 2B, two components of the present disclosure are shown - a wallet control apparatus 110 (and corresponding wallet control method, wallet control computer program, and mobile device 100 comprising the wallet control apparatus 110) and a wallet service apparatus 210 (and corresponding wallet service method, wallet service computer program, and remote server 200 comprising the wallet service apparatus 210). As will become evident, these two components interact with each other. Accordingly, a major portion of the following introduction will focus on the interaction between the two components.
Fig. 1A shows a block diagram of an example of a wallet control apparatus 110 associated with an owner of a cryptocurrency wallet hosted in a trusted execution environment (TEE) on the remote server 200. The wallet control apparatus 110 comprises processing circuitry 114, which is configured to provide the functionality of the wallet control apparatus 110. Optionally, the wallet control apparatus 110 further comprises an interface 112 (e.g., interface circuitry) for communicating with other entities, such as remote server 200 (shown in Fig. 2A), and/or storage circuitry 116 for storing information. The processing circuitry 114 shown in Figs, 1 A is coupled with the optional interface 112 and the optional storage circuitry 116. For example, processing circuitry 114 may be configured to provide the functionality of the wallet control apparatus 110 in conjunction with the interface 112 (for communicating) and/or with storage circuitry 116 (for storing and retrieving information). For example, wallet control apparatus 110 may be part of a computer system, such as a personal computer, a tablet computer, or a smartphone. In particular, the wallet control apparatus may be part of a mobile device 100, such as a tablet computer or smartphone. The functionality of the wallet control apparatus may be provided as software, e.g., as a wallet control application being executed by the respective computer system.
The processing circuitry 114 of wallet control apparatus 110 is configured to store, in a memory associated with the wallet control apparatus 110 (or with the owner of a cryptocurrency wallet), information on at least one cryptographic secret associated with the cryptocurrency wallet and used for signing transactions on a cryptocurrency blockchain. The memory storing the cryptographic secret for signing cryptocurrency transactions may be the storage circuitry 116 of wallet control apparatus 110. In other embodiments, it may also be a memory of another remote server (e.g., a cloud storage) associated with the owner of wallet control apparatus 110. According to embodiments of the present disclosure, the memory storing the cryptographic secret for signing cryptocurrency transactions is located outside the TEE of the remote server 200.
The cryptographic secret for signing transactions on the cryptocurrency blockchain may be a wallet key or the entropy, from which keys can be derived. A wallet key in the context of cryptocurrency refers to a cryptographic key that enables a user to access and manage their cryptocurrency holdings within the digital cryptocurrency wallet. The wallet key is fundamental to the operation of cryptocurrency wallets, as it provides the security mechanism for authenticating transactions and controlling access to cryptocurrency assets. A private wallet key may be a secret alphanumeric code that is used to sign transactions, proving ownership of the cryptocurrency in a specific wallet. The private key may be used to generate digital signatures for transactions. These signatures may verify that the transaction has been authorized by the owner of the wallet. Derived from the private wallet key using cryptographic algorithms, a public wallet key can be shared with others. It may be used to create a wallet address (a hashed version of the public key), to which others can send cryptocurrency. The relationship between the public wallet key and the private wallet key may ensure that only the holder of the private wallet key can access funds sent to the wallet address. The public wallet key may be used in the verification process of transactions. When a digital signature is created using a private wallet key, the corresponding public wallet key can be used by the network to verify that the transaction was indeed authorized by the owner of the private wallet key. Conventionally, private wallet keys are stored at the remote server 200 hosting the cryptocurrency wallet. However, this may be problematic, even when using TEEs or enclaves, especially since the service must be upgradable. Upgrading TEEs or enclaves may involve manual procedures to hand over a master key to a new release of the enclave code, whenever a new release is necessary or desirable. If the procedures are not respected, an operator of the service could get hold of all wallet keys. Permanently storing all wallet keys in the TEE or enclave may also make the service more vulnerable for attacks. Therefore, the present disclosure proposes to store the wallet key(s) outside the TEE / enclave, for example in storage circuitry 116 of wallet control apparatus 110 or in a cloud storage associated with the owner of a cryptocurrency wallet.
The processing circuitry 114 of wallet control apparatus 110 is configured to send or transmit (e.g., via the interface 112) the cryptographic secret for signing transactions on the cryptocurrency blockchain (e.g., wallet key) for signing the transactions from the wallet control apparatus 110 to the remote server 200. That is, one or more wallet keys may be provided from the wallet control apparatus 110 to the TEE on the remote server 200 hosting the cryptocurrency wallet on demand, whenever a cryptocurrency transaction is to be carried out.
Fig. IB shows a flow chart of an example of a corresponding wallet control method 10 for controlling the cryptocurrency wallet hosted in the TEE on remote server 200. Method 10 comprises storing 11, in the memory 116 associated with the wallet control apparatus 110 (or the owner), the cryptographic secret associated with the cryptocurrency wallet and for signing transactions on the cryptocurrency blockchain. Method 10 further includes sending 12 (e.g., via the interface 112) the cryptographic secret from the wallet control apparatus 110 to the remote server 200 hosting the cryptocurrency wallet for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
Fig. 2A shows a block diagram of an example of a wallet service apparatus 210. The wallet service apparatus 210 comprises processing circuitry 214, which is configured to provide the functionality of the wallet service apparatus 210. Optionally, the wallet service apparatus 210 further comprises an interface 212 (e.g., interface circuitry) for communicating with other entities, such as the wallet control apparatus 110 or mobile device 100, and/or storage circuitry 216 for storing information. The processing circuitry 214 shown in Figs, 2A is coupled with the optional interface 212 and the optional storage circuitry 216. For example, the processing circuitry 214 may be configured to provide the functionality of the wallet service apparatus 210 in conjunction with the interface 212 (for communicating) and/or with the storage circuitry 216 (for storing and retrieving information). For example, the wallet service apparatus 210 may be part of a computer system, such as server 200. The functionality of the wallet service apparatus 210 may be provided or controlled via software, e.g., by a wallet service application and/or an application for controlling the TEE.
The processing circuitry 214 of wallet service apparatus 210 is configured to provide the TEE 220. The processing circuitry 214 is configured to host a cryptocurrency wallet inside the TEE 220. The processing circuitry 214 is configured to host a wallet service application 230 inside the TEE 220. The wallet service application 230 is configured to receive at least one cryptographic secret (e.g., private wallet key) for signing transactions on a cryptocurrency blockchain from the remote wallet control apparatus 110 associated with the owner of the cryptocurrency wallet. The wallet service application 230 may further be configured to sign the transaction(s) on the cryptocurrency blockchain using the received cryptographic secret.
Fig. 2A further shows a server 200 comprising the wallet service apparatus 210. Fig. 2A further shows a system comprising the wallet service apparatus 210 and the wallet control apparatus 110, e.g., the server 200 comprising the wallet service apparatus 210 and the mobile device 100 comprising the wallet control apparatus 110.
Fig. 2B shows a flow chart of an example of a corresponding wallet service method 20. The wallet service method 20 includes comprises providing 21 the TEE. The wallet service method 20 includes hosting 22 the cryptocurrency wallet inside the TEE. The wallet service method 20 includes hosting 23 the wallet service application inside the TEE. The wallet service application performs the act 24 of receiving the cryptographic secret (e.g., private wallet key) for signing transactions on a cryptocurrency blockchain from a remote wallet control apparatus 110 associated with the owner of the cryptocurrency wallet. The wallet service application may further perform the act of signing the transaction(s) on the cryptocurrency blockchain using the received cryptographic secret.
The features of the wallet control apparatus 110, wallet control method 10, wallet control computer program and mobile device 100 on the one hand, and of the wallet service apparatus 210, wallet service method 20, wallet service computer program and server 200 will now be introduced in more detail with respect to the wallet control apparatus 110 and wallet service apparatus 210. Features introduced in connection with the wallet control apparatus 110 and wallet service apparatus 210 may likewise be included in the wallet control method 10, wallet control computer program and mobile device 100, and wallet service method 20, wallet service computer program and server 200, respectively.
The proposed concept is directed at storing a cryptographic secret (e.g., private wallet key) for signing transactions on a cryptocurrency blockchain outside the cryptocurrency wallet hosted by TEE 220. For example, during initialization of the cryptocurrency wallet, the respective cryptographic secrets (e.g., private wallet keys) may be generated at the wallet service apparatus 210 and may then be communicated to the remote wallet control apparatus 110 to be stored in the storage circuitry 116 or another storage associated with the wallet control apparatus 110.
In the proposed concept, the cryptocurrency wallet is stored in TEE 220 of server 200. Accordingly, the wallet service apparatus 210 is configured to provide, e.g., make available, control, or make accessible such a TEE. There are various implementations of TEEs. A TEE may also be called a secure enclave, for example. In general, a TEE is an execution environment that is encapsulated from (i.e., shielded from) other processes being executed on the processing circuitry providing the TEE. In particular, processes being executed outside the particular TEE may be unable to read out, or write into, data or code being contained in the TEE. In the proposed concept, in particular, the contents of the wallet, and the wallet service application, might not be accessible from outside the TEE, e.g., except for an interface being used to update the wallet service application. For example, the software code of the wallet service application 230 being executed in the TEE 220 may be audited by a third party. It may be updated using the above-referenced interface, which may be cryptographically protected. The contents of the wallet may remain shielded inside the TEE 220 at any point.
In various examples of the present disclosure, public-private-key cryptography is used. In other words, a private key of a cryptographic key pair is used to sign something, e.g., an instruction, or a certificate of identity, and the corresponding public key can be used to verify the signature. On the other hand, the public key of the cryptographic key pair can be used to encrypt a piece of information, while the private key can be used to decrypt the piece of for- mation. For example, the cryptographic secret for signing transactions on a cryptocurrency blockchain may be a private wallet key of a cryptographic key pair.
The interface 112; 212 of the wallet control apparatus 110 and/or the wallet service apparatus 210 may correspond to one or more inputs and/or outputs for receiving and/or transmitting information, which may be in digital (bit) values according to a specified code, within a module, between modules or between modules of different entities. For example, the interface 112; 212 of the wallet control apparatus 110 and/or the wallet service apparatus 210 may comprise interface circuitry configured to receive and/or transmit information.
For example, the processing circuitry 114; 214 of the wallet control apparatus 110 and/or the wallet service apparatus 210 may be implemented using one or more processing units, one or more processing devices, any means for processing, such as a processor, a computer or a programmable hardware component being operable with accordingly adapted software. In other words, the described function of the 114; 214 of the wallet control apparatus 110 and/or the wallet service apparatus 210 may as well be implemented in software, which is then executed on one or more programmable hardware components. Such hardware components may comprise a general-purpose processor, a Digital Signal Processor (DSP), a microcontroller, etc. For example, at least the processing circuitry 214 of the wallet service apparatus 210 may be suitable for, e.g., configured to, providing/provide a trusted execution environment, such as Intel Software Guard Extensions, AMD Platform Security Processor or Secure Encrypted Virtualization, ARM TrustZone or RISC-V MultiZone, or AWS Nitro enclave.
For example, the storage circuitry 116; 216 of the wallet control apparatus 110 and/or the wallet service apparatus 210 may comprise at least one element of the group of a computer readable storage medium, such as an magnetic or optical storage medium, e.g. a hard disk drive, a flash memory, Floppy-Disk, Random Access Memory (RAM), Programmable Read Only Memory (PROM), Erasable Programmable Read Only Memory (EPROM), an Electronically Erasable Programmable Read Only Memory (EEPROM), or a network storage.
More details and aspects of the wallet control apparatus 110, wallet service apparatus 210, remote server 200, wallet control method 10, wallet service method 20, system and computer program are mentioned in connection with the proposed concept, or one or more examples described above or below (e.g., Fig. 3 to 5). The wallet control apparatus, wallet service apparatus, remote server, wallet control method, wallet service method, system and computer program may comprise one or more additional optional features corresponding to one or more aspects of the proposed concept, or one or more examples described above or below.
In Figs, 1A to 2B, a core functionality of a concept denoted “guarded (crypto) wallet” has been introduced. This wallet is a new wallet type, which may be suitable for the average, non-tech savvy user who is not well organized. For example, it may be setup as a (paid) service that releases the user from worries about loss of keys. It may provide an easy, unsophisticated user experience, e.g., with a minimal user configuration for recovery. If possible, it may be implemented as a self-custodial wallet, while carrying a reduced security risk for (large scale) attacks.
The proposed concept comprises three components - the remote server 200, which may be a cloud service that receives the wallet assets (private keys) using secure enclave technology (like Intel SGX or AWS Nitro enclave) in such a way that the cloud provider cannot access the wallet assets. This makes the proposed concept self-custodial. The wallet may be operated by the users from a wallet control apparatus 110 (the second component) which may be hosted by a mobile phone 100, from which signed wallet instructions including wallet keys are sent to the wallets in the cloud where the wallet instructions are executed.
Optionally, an external authentication infrastructure outside the control of the cloud service may be used for wallet access and/or recovery. For example, an SSI (Self-Sovereign Identity) infrastructure may be used. For example, SSI keys may be used that the user has registered with a government authority and for which the user received verifiable credentials. Alternatively, other forms of authentication infrastructure may be used for access to government websites, banking services, etc. To verify the verifiable certificates used for authentication, the cloud service may configure trust anchors, ideally inside the enclave. These may be updated through software updates.
Fig- 3 shows a schematic diagram of a system 300 comprising a wallet control apparatus 110 hosting a wallet control app 310 and a remote wallet service apparatus 210 hosting a cryptocurrency wallet 320. Fig. 3 shows the wallet support service with the secure enclave(s) 330 (the TEE). The secure enclave 330 shields a cloud owner 340 from the operations in the enclave (so that a self-custodial cryptocurrency wallet can be implemented). The enclave 330 (or enclaves) may isolate small kernels of security sensitive code (such as the wallet service application) from the operating system and main software stacks. It may provide strong protection against attacks.
The wallet control apparatus 110 stores information on one or more private keys (or entropy values) 350 of the cryptocurrency wallet 320 for performing transactions on the cryptocurrency blockchain 360. Alternatively, the information on the one or more private keys (or entropy values) 350 of the cryptocurrency wallet 320 may also be stored in a personal cloud storage (not shown) of the wallet owner 340. The information on the one or more private wallet keys 350 may be one or more private keys themselves. Alternatively, the information on the one or more private wallet keys 350 may be one or more entropy values from which several wallet keys may be derived, each of which can be used to sign blockchain transaction according to the concept of HD (Hierarchical Deterministic) wallet.
Entropy is a measure of randomness. In HD wallets, a high-entropy value, typically 128 bits, 256 bits, or longer, may serve as a seed from which all subsequent keys are derived. The entropy value may be generated from random physical movements (like mouse movements or keystroke timings) or secure random number generators provided by an operating system. It should be truly random to ensure the security of the derived keys. The entropy may then be converted into a mnemonic phrase (a series of easy-to-remember words), allowing users to back up and restore their wallets. This mnemonic, through a deterministic process, can generate a master private key and chain code for the HD wallet. From the master private key and chain code, a virtually unlimited number of child wallet keys can be generated. These wallet keys are organized in a tree-like structure with various branches, allowing for organized management of multiple cryptocurrency addresses and accounts within a single wallet.
The entropy value or the private wallet keys 350 may be created/generated at several moments in the lifecycle of cryptocurrency wallet 320, depending on the type of wallet and the method used for generating keys. For example, a common moment for generating the entropy value or a private wallet key 350 is during an initial setup of the cryptocurrency wallet 320. Thus, the entropy value or the private wallet key(s) 350 may be generated as part of the wallet creation process. Thus, upon generation of the cryptocurrency wallet 320 at remote server 200, the entropy value or the private wallet key(s) 350 may be generated by the cryptocurrency wallet and may then be sent or transmitted from server 200 to the wallet control apparatus 110. Compared to conventional cryptocurrency wallet concepts, the proposed concept does not store the entropy value or the wallet keys 350 at the server 200 hosting the cryptocurrency wallet 320 but external to that in the wallet control apparatus 110 or in personal cloud storage (not shown) of the wallet owner 340.
The wallet control apparatus 110 may be configured to receive the entropy value and/or the private wallet key(s) 350 from the remote server 200 upon generation of the cryptocurrency wallet 320. The received the entropy value and/or the private wallet key(s) 350 may then be stored either in the wallet control apparatus 110 or in personal cloud storage (not shown) of the wallet owner 340.
For communicating the entropy value and/or the private wallet key(s) 350 from the server 200 to the wallet control apparatus 110, the entropy value and/or the private wallet key(s) 350 may be encrypted with a first master key 370 of the cryptocurrency wallet 320. The first master key 370 may be used to encrypt the entropy value and/or private wallet key(s) 350 of the cryptocurrency wallet 320. Thus, the entropy value and/or the private wallet key(s) 350 may not be transferred between the devices 110, 200 unencrypted. For example, the first master key 370 associated with the cryptocurrency wallet 320 may be a (symmetric) key of a symmetric encryption scheme. A symmetric encryption scheme is a type of cryptographic system where the same key is used for both encryption of plaintext and decryption of ciphertext. This means that the sender and the recipient may share the same secret key (first master key 370), which must be kept confidential. For example, the symmetrical key (first master key 370) is not shared but left at the remote server side.
In particular, wallet control apparatus 110 may be configured to store the encrypted entropy value and/or the encrypted private wallet key(s) 350 which are encrypted with the first master key 370 of the cryptocurrency wallet in the storage circuitry 116 of the wallet control apparatus 110 or in personal cloud storage (not shown) of the wallet owner 340.
The wallet service apparatus 210 may send the encrypted cryptographic secret(s) 350 encrypted with the first master key 370 to wallet control apparatus 110 in a secure message which is encrypted or signed with a second master key of the cryptocurrency wallet 320. The second master key may be a private enclave key of the enclave 330. At the wallet control apparatus 110, the secure message carrying the encrypted cryptographic secret(s) may be decrypted using the second public master key of the cryptocurrency wallet 320. The second public master key may be a public enclave key of the enclave 330.
The public enclave key may be understood as the public part of a key pair used in the context of the TEE enclave, such as Intel's Software Guard Extensions (SGX) or AWS Nitro enclave, for example. External applications, such as wallet app 310, can use the public enclave key to encrypt data before sending it to the enclave, ensuring that the data remains confidential and can only be decrypted by the enclave. Enclaves may use their private keys to sign data as part of an attestation process, proving to external entities that the data was processed securely within the enclave. The external entities can use the public enclave key to verify these signatures.
The wallet service apparatus 210 may send the public enclave key to the wallet control apparatus 110 upon generation of the enclave 330. As such, the wallet control apparatus 110 may receive the public enclave key of the enclave 330 from the wallet service apparatus 210 upon generation of the enclave 330. The public enclave key, along with its corresponding private key, may be generated as part of the initialization process of the enclave 330.
Although not being a preferred option, the wallet service apparatus 210 might send the first master key 370 of the cryptocurrency wallet 320 to the remote wallet control apparatus 110 upon generation of the cryptocurrency wallet 320. This may be done using a secure message which may be signed with a private enclave key of the enclave 330, for example. Correspondingly, wallet control apparatus 110 may be configured to receive the first master key 370 from the wallet service apparatus 210 upon generation of the cryptocurrency wallet 320. Wallet control apparatus 110 may read the secure message carrying the first master key 370 using a public enclave key of the enclave 330, for example. The public enclave key may have been communicated from the wallet service apparatus 210 to the wallet control apparatus 110 beforehand. Thus, although not preferred, the first master key 370 may also be available outside the enclave, for example in the storage circuitry 116 or the personal cloud storage of the wallet owner 340, so that the first master key 370 can be backed up. In preferred embodiments, the first master key 370 is not shared outside the wallet service apparatus 210. Whenever a cryptocurrency transaction is to be performed, wallet control apparatus 110 may send one or more encrypted private wallet key(s) 350 from the wallet control apparatus 110 to the wallet service apparatus 210 for signing transactions on the cryptocurrency blockchain 360. At the wallet service apparatus 210, the wallet support service may use the first master key 370 to decrypt the encrypted private wallet key(s) 350 received from the wallet control apparatus 110. Wallet service apparatus 210 may then use the decrypted private wallet key(s) 350 to sign one or more transactions on the cryptocurrency blockchain 360.
For example, the wallet control apparatus 110 may be configured to include the encrypted private wallet key(s) 350 in a control instruction (message) for the cryptocurrency wallet 320. For example, the wallet control apparatus 110 may encrypt or sign the control instruction using the public enclave key of the enclave 330 and send the encrypted/signed control instruction including the encrypted private wallet key(s) 350 from the wallet control apparatus 110 to the wallet service apparatus 210. A purpose of the enclave key is to protect mes- sages/instructions sent from the wallet control apparatus 110 to the wallet service apparatus 210.
The wallet service apparatus 210 may receive the encrypted/signed control instruction including the encrypted private wallet key(s) 350 from the wallet control apparatus 110. The wallet service apparatus 210 may decrypt the encrypted/signed control instruction using its private enclave key. The result of this is that the wallet service apparatus 210 may read the instructions related to the transaction as well as the encrypted private wallet key(s) 350. The wallet service apparatus 210 may then decrypt the encrypted private wallet key(s) 350 using the first master key 370 of the cryptocurrency wallet and sign the transaction(s) on the cryptocurrency blockchain 360 using the decrypted private wallet key(s) 350.
Fig- 4 shows an embodiment of system 300 where control instruct! on s/messages from the wallet control apparatus 110 to the wallet service apparatus 210 are encrypted/signed using the public enclave key 410.
A REST controller 420 in the wallet service apparatus 210 may handle the control instruc- tions/messages and responses thereto according to the principles of REST (Representational State Transfer). REST is an architectural style that defines a set of constraints and principles for creating web services. REST controller 420 may be responsible for processing incoming HTTP request message, executing the appropriate logic, and returning the corresponding HTTP response messages. REST controller 420 may request enclave 330 to sign the transaction^) based on the encrypted private wallet key(s) 350. Enclave 330 may decrypt the private wallet key(s) 350 using the first master key 370 and sign the transaction(s). The signed transact on(s) may then be forwarded enclave 330 to REST controller 420, and from REST controller 420 to a blockchain client 430 executing the transaction(s) on the blockchain 360.
As shown in Fig. 5, REST controller 420 may implement further optional features of layered security, such as an authentication layer to allow a plurality of wallet control apparatuses 110 associated with the wallet owner 340 to access the cryptocurrency wallet 320. For this purpose, the wallet service apparatus 210 may be further configured to authenticate the owner 340 of the cryptocurrency wallet vis-a-vis the wallet service application 230 based on an authorization key which may be different per device 110 from which the cloud wallet can be accessed. The cloud wallet 320 may only sign a transaction if it receives an instruction from the wallet app that is signed by this device key (or authorization key).
For example, the wallet service application 230 may be configured to obtain a control instruction for registering a (new) authorization key at the cryptocurrency wallet 320 from a wallet control apparatus 110. The wallet service apparatus 210 may be configured to register the (new) authorization key at the cryptocurrency wallet 320. The wallet service apparatus 210 may be configured to execute instructions for controlling the cryptocurrency wallet 320 that are cryptographically protected based on the (new) authorization key. Thus, upon authentication of the wallet control apparatus 110, for the owner 340 of the cryptocurrency wallet, at the wallet service apparatus 210, a (new) authorization key is installed. The (new) authorization key registered at the at the wallet 320 may be a (new) public key of a (new) device authorization key pair. Control instructions from the one of the plurality of wallet control apparatuses 110 may be additionally signed with the private authorization key associated with the owner 340 and/or the respective wallet control apparatus 110, for example. The control instructions may be decrypted using the public authorization key associated with the wallet control apparatus 110.
The proposed guarded wallet 320 may also provide more advanced features, such as rate limits and other usage controls. Rate limits (e.g., daily maximum amount for transactions) and other usage controls may be imposed (by the wallet), configurable by the user. Surpassing the configured restrictions may be allowed after authentication. For example, this authentication may be done outside the secure enclave.
For example, a subset of instructions for controlling the cryptocurrency wallet 320 require inclusion of a signed identification certificate of the owner 340 of the cryptocurrency wallet (e.g., the instructions may be signed using the private key that signs the authentication requests). Accordingly, the processing circuitry 214 may be configured to authenticate the owner 340 of the cryptocurrency wallet vis-a-vis the wallet service application being executed in the TEE 330 of the server 200 as secondary security measure for a subset of instructions for controlling the cryptocurrency wallet. For example, the subset of instructions may comprise an instruction for setting a rate limit, an instruction for removing or changing a rate limit, an instruction for setting a usage control, an instruction for removing or changing a usage control, and the control instruction for registering the (new) authorization key. The processing circuitry 214 of the wallet control apparatus 210 may be configured to include the signed identification certificate (e.g., sign the respective instructions with the private key that signs the authentication requests) with the subset of instructions for controlling the cryptocurrency wallet. For example, the wallet service application being configured to execute the subset of instructions upon authentication of the owner of the cryptocurrency wallet. For example, the wallet service application may be configured to verify the subset of instructions based on the information on the signed identification certificate, based on the information on the identity of the owner of the cryptocurrency wallet (and based on the public key of the trust anchor).
Alternatively, multi-signature schemes could be used to protect large operations. In this case the wallet in the enclave 330 would only proceed with a transaction if the request to perform the transaction is signed by multiple parties. A party can be another person, or another device of the wallet owner.
With the architecture proposed herein the user could still involve a vault service to keep a second copy of the wallet key (or entropy value as above), which could then be used to recover the wallet key in case something goes wrong with the device (loss of device or encrypted wallet key). In the following, some examples of the proposed concept are presented:
An example (e.g., example 1) relates to a wallet control apparatus associated with an owner of a cryptocurrency wallet hosted in a trusted execution environment on a remote server, wherein the wallet control apparatus comprises processing circuitry configured to store, in a memory associated with the wallet control apparatus, information on at least one cryptographic secret associated with the cryptocurrency wallet and for signing transactions on a cryptocurrency blockchain, and send the cryptographic secret from the wallet control apparatus to the remote server for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
Another example (e.g., example 2) relates to a previous example (e.g., example 1) or to any other example, further comprising that the cryptographic secret is a private key or entropy of the cryptocurrency wallet for performing transactions on the cryptocurrency blockchain.
Another example (e.g., example 3) relates to a previous example (e.g., one of the examples 1 or 2) or to any other example, further comprising that the processing circuitry is further configured to receive the cryptographic secret for signing the transactions on the cryptocurrency blockchain from the remote server upon generation of the cryptocurrency wallet in the trusted execution environment.
Another example (e.g., example 4) relates to a previous example (e.g., one of the examples 1 to 3) or to any other example, further comprising that the cryptographic secret is encrypted with a first master key of the cryptocurrency wallet.
Another example (e.g., example 5) relates to a previous example (e.g., example 4) or to any other example, further comprising that the processing circuitry is configured to store the cryptographic secret encrypted with the first master key of the cryptocurrency wallet, and send the encrypted cryptographic secret from the wallet control apparatus to the remote server.
Another example (e.g., example 6) relates to a previous example (e.g., one of the examples 4 or 5) or to any other example, further comprising that the first master key is a symmetric key for encrypting /decrypting the cryptographic secret. Another example (e.g., example 7) relates to a previous example (e.g., one of the examples 4 to 6) or to any other example, further comprising that the processing circuitry is further configured to receive the encrypted cryptographic secret in a message which is encrypted with a second master key of the cryptocurrency wallet.
Another example (e.g., example 8) relates to a previous example (e.g., example 7) or to any other example, further comprising that the second master key is a private enclave key of the trusted execution environment.
Another example (e.g., example 9) relates to a previous example (e.g., example 8) or to any other example, further comprising that the processing circuitry is further configured to receive a second public master key of the trusted execution environment from the remote server upon generation of the trusted execution environment.
Another example (e.g., example 10) relates to a previous example (e.g., one of the examples 1 to 9) or to any other example, further comprising that the processing circuitry is further configured to include the cryptographic secret in a control instruction for the cryptocurrency wallet, sign the control instruction using a key generated by the wallet control apparatus, and send the signed control instruction including the cryptographic secret from the wallet control apparatus to the remote server hosting the cryptocurrency wallet.
Another example (e.g., example 11) relates to a mobile device comprising the wallet control apparatus of any one of examples 1 to 10.
An example (e.g., example 12) relates to a method for controlling a cryptocurrency wallet hosted in a trusted execution environment on a remote server, the method comprising storing, in a memory associated with the wallet control apparatus, information on at least one cryptographic secret associated with the cryptocurrency wallet and for signing transactions on a cryptocurrency blockchain, and sending the cryptographic secret from the wallet control apparatus to the remote server hosting the cryptocurrency wallet for signing the transactions on the cryptocurrency blockchain using the cryptographic secret. An example (e.g., example 13) relates to a wallet service apparatus comprising processing circuitry configured to provide a trusted execution environment, host a cryptocurrency wallet inside the trusted execution environment, host a wallet service application inside the trusted execution environment, configured to receive a cryptographic secret from a remote wallet control apparatus associated with an owner of the cryptocurrency wallet for signing transactions on a cryptocurrency blockchain using the cryptographic secret.
Another example (e.g., example 14) relates to a previous example (e.g., example 13) or to any other example, further comprising that the cryptographic secret is a private key or entropy of the cryptocurrency wallet for performing transactions on the cryptocurrency blockchain.
Another example (e.g., example 15) relates to a previous example (e.g., one of the examples 13 or 14) or to any other example, further comprising that the processing circuitry is configured to send the cryptographic secret for signing the transactions on the cryptocurrency blockchain to the remote wallet control apparatus upon generation of the cryptocurrency wallet in the trusted execution environment.
Another example (e.g., example 16) relates to a previous example (e.g., example 15) or to any other example, further comprising that the processing circuitry is configured to send the cryptographic secret encrypted with a first master key of the cryptocurrency wallet.
Another example (e.g., example 17) relates to a previous example (e.g., example 16) or to any other example, further comprising that the first master key is a symmetric key for encrypting /decrypting the cryptographic secret.
Another example (e.g., example 18) relates to a previous example (e.g., one of the examples 16 to 17) or to any other example, further comprising that the processing circuitry is further configured to send the encrypted cryptographic secret in a message, the message being encrypted with a second master key of the cryptocurrency wallet.
Another example (e.g., example 19) relates to a previous example (e.g., example 18) or to any other example, further comprising that the second master key is a second private master key of the trusted execution environment. Another example (e.g., example 20) relates to a previous example (e.g., example 19) or to any other example, further comprising that the processing circuitry is further configured to send a second public master key of the trusted execution environment to the remote wallet control apparatus upon generation of the trusted execution environment.
Another example (e.g., example 21) relates to a previous example (e.g., one of the examples 16 to 20) or to any other example, further comprising that the processing circuitry is configured to receive the cryptographic secret being encrypted with the first master key of the cryptocurrency wallet, decrypt the encrypted cryptographic secret using the first master key of the cryptocurrency wallet, and sign a transaction on the cryptocurrency blockchain using the decrypted cryptographic secret.
Another example (e.g., example 22) relates to a previous example (e.g., example 21) or to any other example, further comprising that the processing circuitry is configured to receive the encrypted cryptographic secret in an encrypted control instruction for the cryptocurrency wallet, the control instruction being encrypted using the second public master key of the trusted execution environment, decrypt the encrypted control instruction using a second private master key of the trusted execution environment.
An example (e.g., example 23) relates to a wallet service method, comprising providing a trusted execution environment, hosting a cryptocurrency wallet inside the trusted execution environment, hosting a wallet service application inside the trusted execution environment, and receiving a cryptographic secret from a remote wallet control apparatus associated with an owner of the cryptocurrency wallet for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
The aspects and features described in relation to a particular one of the previous examples may also be combined with one or more of the further examples to replace an identical or similar feature of that further example or to additionally introduce the features into the further example.
Examples may further be or relate to a (computer) program including a program code to execute one or more of the above methods when the program is executed on a computer, proces- sor or other programmable hardware component. Thus, steps, operations or processes of different ones of the methods described above may also be executed by programmed computers, processors or other programmable hardware components. Examples may also cover program storage devices, such as digital data storage media, which are machine-, processor- or computer-readable and encode and/or contain machine-executable, processor-executable or computer-executable programs and instructions. Program storage devices may include or be digital storage devices, magnetic storage media such as magnetic disks and magnetic tapes, hard disk drives, or optically readable digital data storage media, for example. Other examples may also include computers, processors, control units, (field) programmable logic arrays ((F)PLAs), (field) programmable gate arrays ((F)PGAs), graphics processor units (GPU), application-specific integrated circuits (ASICs), integrated circuits (ICs) or system-on-a-chip (SoCs) systems programmed to execute the steps of the methods described above.
It is further understood that the disclosure of several steps, processes, operations or functions disclosed in the description or claims shall not be construed to imply that these operations are necessarily dependent on the order described, unless explicitly stated in the individual case or necessary for technical reasons. Therefore, the previous description does not limit the execution of several steps or functions to a certain order. Furthermore, in further examples, a single step, function, process or operation may include and/or be broken up into several substeps, -functions, -processes or -operations.
If some aspects have been described in relation to a device or system, these aspects should also be understood as a description of the corresponding method. For example, a block, device or functional aspect of the device or system may correspond to a feature, such as a method step, of the corresponding method. Accordingly, aspects described in relation to a method shall also be understood as a description of a corresponding block, a corresponding element, a property or a functional feature of a corresponding device or a corresponding system.
The following claims are hereby incorporated in the detailed description, wherein each claim may stand on its own as a separate example. It should also be noted that although in the claims a dependent claim refers to a particular combination with one or more other claims, other examples may also include a combination of the dependent claim with the subject matter of any other dependent or independent claim. Such combinations are hereby explicitly proposed, unless it is stated in the individual case that a particular combination is not intended. Furthermore, features of a claim should also be included for any other independent claim, even if that claim is not directly defined as dependent on that other independent claim.

Claims

Claims
1. A wallet control apparatus associated with an owner of a cryptocurrency wallet hosted in a trusted execution environment on a remote server, wherein the wallet control apparatus comprises processing circuitry configured to store, in a memory associated with the wallet control apparatus, information on at least one cryptographic secret associated with the cryptocurrency wallet and for signing transactions on a cryptocurrency blockchain; and send the cryptographic secret from the wallet control apparatus to the remote server for signing the transactions on the cryptocurrency blockchain using the cryptographic secret.
2. The wallet control apparatus of claim 1, wherein the cryptographic secret is a private key or entropy of the cryptocurrency wallet for performing transactions on the cryptocurrency blockchain.
3. The wallet control apparatus of claim 1, wherein the processing circuitry is further configured to receive the cryptographic secret for signing the transactions on the cryptocurrency blockchain from the remote server upon generation of the cryptocurrency wallet in the trusted execution environment.
4. The wallet control apparatus of claim 1, wherein the cryptographic secret is encrypted with a first master key of the cryptocurrency wallet.
5. The wallet control apparatus of claim 4, wherein the processing circuitry is configured to store the cryptographic secret encrypted with the first master key of the cryptocurrency wallet; and send the encrypted cryptographic secret from the wallet control apparatus to the remote server.
6. The wallet control apparatus of claim 4, wherein the first master key is a symmetric key for encrypting /decrypting the cryptographic secret.
7. The wallet control apparatus of claim 4, wherein the processing circuitry is further configured to receive the encrypted cryptographic secret in a message which is encrypted with a second master key of the cryptocurrency wallet.
8. The wallet control apparatus of claim 7, wherein the second master key is a private enclave key of the trusted execution environment.
9. The wallet control apparatus of claim 8, wherein the processing circuitry is further configured to receive a second public master key of the trusted execution environment from the remote server upon generation of the trusted execution environment.
10. The wallet control apparatus of claim 1, wherein the processing circuitry is further configured to include the cryptographic secret in a control instruction for the cryptocurrency wallet; sign the control instruction using a key generated by the wallet control apparatus; and send the signed control instruction including the cryptographic secret from the wallet control apparatus to the remote server hosting the cryptocurrency wallet.
11. A mobile device comprising the wallet control apparatus of claim 1.
12. A wallet service apparatus comprising processing circuitry configured to provide a trusted execution environment; host a cryptocurrency wallet inside the trusted execution environment; host a wallet service application inside the trusted execution environment, configured to receive a cryptographic secret from a remote wallet control apparatus associated with an owner of the cryptocurrency wallet for signing transactions on a cryptocurrency blockchain using the cryptographic secret.
13. The wallet service apparatus of claim 12, wherein the cryptographic secret is a private key or entropy of the cryptocurrency wallet for performing transactions on the cryptocurrency blockchain.
14. The wallet service apparatus of claim 12, wherein the processing circuitry is configured to send the cryptographic secret for signing the transactions on the cryptocurrency blockchain to the remote wallet control apparatus upon generation of the cryptocurrency wallet in the trusted execution environment.
15. The wallet service apparatus of claim 14, wherein the processing circuitry is configured to send the cryptographic secret encrypted with a first master key of the cryptocurrency wallet.
16. The wallet service apparatus of claim 15, wherein the first master key is a symmetric key for encrypting /decrypting the cryptographic secret.
17. The wallet service apparatus of claim 15, wherein the processing circuitry is further configured to send the encrypted cryptographic secret in a message, the message being encrypted with a second master key of the cryptocurrency wallet.
18. The wallet service apparatus of claim 17, wherein the second master key is a second private master key of the trusted execution environment.
19. The wallet service apparatus of claim 18, wherein the processing circuitry is further configured to send a second public master key of the trusted execution environment to the remote wallet control apparatus upon generation of the trusted execution environment.
20. The wallet service apparatus of claim 15, wherein the processing circuitry is configured to receive the cryptographic secret being encrypted with the first master key of the cryptocurrency wallet; decrypt the encrypted cryptographic secret using the first master key of the cryptocurrency wallet; and sign a transaction on the cryptocurrency blockchain using the decrypted cryptographic secret.
PCT/EP2025/055836 2024-03-07 2025-03-04 Concept for accessing a cryptocurrency wallet on a remote server Pending WO2025186249A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP24162193.7 2024-03-07
EP24162193 2024-03-07

Publications (2)

Publication Number Publication Date
WO2025186249A1 true WO2025186249A1 (en) 2025-09-12
WO2025186249A8 WO2025186249A8 (en) 2025-10-02

Family

ID=90362780

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2025/055836 Pending WO2025186249A1 (en) 2024-03-07 2025-03-04 Concept for accessing a cryptocurrency wallet on a remote server

Country Status (1)

Country Link
WO (1) WO2025186249A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220327527A1 (en) * 2013-08-08 2022-10-13 Visa International Service Association Methods and systems for provisioning mobile devices with payment credentials

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220327527A1 (en) * 2013-08-08 2022-10-13 Visa International Service Association Methods and systems for provisioning mobile devices with payment credentials

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WANG YAZHOU ET AL: "A novel blockchain's private key generation mechanism based on facial biometrics and physical unclonable function", JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, ELSEVIER, AMSTERDAM, NL, vol. 78, 27 September 2023 (2023-09-27), XP087427660, ISSN: 2214-2126, [retrieved on 20230927], DOI: 10.1016/J.JISA.2023.103610 *

Also Published As

Publication number Publication date
WO2025186249A8 (en) 2025-10-02

Similar Documents

Publication Publication Date Title
US12088568B2 (en) Systems and methods for secure key service
US9609024B2 (en) Method and system for policy based authentication
KR101712784B1 (en) System and method for key management for issuer security domain using global platform specifications
US11711213B2 (en) Master key escrow process
US20200252382A1 (en) User authentication using multi-party computation and public key cryptography
US20140112470A1 (en) Method and system for key generation, backup, and migration based on trusted computing
CN111199045A (en) Method and system for encrypted private key management for secure multiparty storage and delivery of information
JP2021523650A (en) Systems, methods, devices and terminals for secure blockchain transactions and subnetworks
CN114270386B (en) Authenticator application for consent architecture
US20240193255A1 (en) Systems and methods of protecting secrets in use with containerized applications
US20250071101A1 (en) Systems and methods for implementing privacy layer in cbdc networks
EP3292654B1 (en) A security approach for storing credentials for offline use and copy-protected vault content in devices
WO2023186786A1 (en) A concept for recovering access to a cryptocurrency wallet on a remote server
US11683159B2 (en) Hybrid content protection architecture
CN115801232A (en) Private key protection method, device, equipment and storage medium
US11861597B1 (en) Database encryption wallet
US20210194694A1 (en) Data processing system
US20250209445A1 (en) A concept for recovering access to a cryptocurrency wallet on a remote server
JP2024045374A (en) Exclusive self-escrow methods and equipment
EP3886355B1 (en) Decentralized management of data access and verification using data management hub
WO2025186249A1 (en) Concept for accessing a cryptocurrency wallet on a remote server
Shah et al. Third party public auditing scheme for security in cloud storage
Reddy et al. Data Storage on Cloud using Split-Merge and Hybrid Cryptographic Techniques
WO2023030998A1 (en) Systems and methods for implementing privacy layer in cbdc networks
CN118468307A (en) Data encryption and decryption method, device, equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 25709378

Country of ref document: EP

Kind code of ref document: A1