Browse Prior Art Database

A method for secure de-centralised resource management

IP.com Disclosure Number: IPCOM000243992D
Publication Date: 2015-Nov-04
Document File: 2 page(s) / 70K

Publishing Venue

The IP.com Prior Art Database

Abstract

This disclosure presents a cryptographically secured mechanism for provable off-line transfer of resources.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 54% of the total text.

Page 01 of 2

A method for secure de-centralised resource management

In a resource management system, the entity that owns the resources typically acts as a central hub for all actions involving the distribution of resources. This can become a bottleneck point, and is an area of topological weakness, i.e. if the hub is down, it may not be possible to transfer resources. Also such systems do not provide assurances to all parties and rely on trust between all parties to operate effectively.

    I propose a system that uses a cryptographic protocol to implement a secure transaction between two parties that allows resources to be transferred between those parties, without prior arrangement from the central hub. The protocol is such that if the central hub receives a token of transfer, it can be certain that the transfer has taken place. This means the resources can be transferred on demand, and the method used is such that if the cental hub is unavailable the transfer can still be made, and the token sent to the central hub at a later point in time.

    The system could be useful for a range of scenarios where a central entity owns assets, which are physically held by users of the system, such as IT asset management, or libraries, or hospital equipment, etc.

All resources have a unique id.

    A central asset management hub has a list of users, and a list of its resources. The hub can store resources against users.

All the users have a public key pair for asset management, where the public key is

stored by the hub for each user.

    The hub wants to be sure that its records are as up-to-date as possible, so that it can mitigate against loss, theft, etc. The system also requires a degree of flexibility, so that resources can be quickly and conveniently re-distributed, without

prior approval from the hub.

    When a user wishes to transfer an asset to another user, they create m0 using the assets unique id (e.g. by scanning a barcode) they concatenate this with a timestamp so we have m0 = id || timestamp.

Next the receiver states they will accept delivery. This provides both parties

with a token before the actual physical transfer of the asset, to say that each other had committed to the transaction, so should either party attempt to defraud the system at this stage their is a cryptographic audit trail.

The amended procedure is as follows:

    
The two parties, the originator and receiv...