Recent times have seen banks hedging their bets or even fully integrating cryptocurrencies. The acquisition and filing of patents is how large organizations truly express their interest in a given field, and Bank of America continues to lead the way, now having secured its latest…
Recent times have seen banks hedging their bets or even fully integrating cryptocurrencies. The acquisition and filing of patents is how large organizations truly express their interest in a given field, and Bank of America continues to lead the way, now having secured its latest patent in the blockchain and crypto space, one for “tamper-responsive” remote storage of private keys.
According to the patent filing, which was finalized and entered into the record this week but initially filed two years ago, the problem with existing storage methods for private crypto keys is “such devices do not provide for real-time response to such breaches, such that misappropriation of private cryptography keys is prevented.” The patent notes that the vast majority of private keys are stored in regular consumer-grade devices and “susceptible to being misappropriated by an entity that desires to usurp a user’s identity.”
In essence, Bank of America wants to serve as a bank for private keys — a digital safe deposit box, of sorts, with the requisite insurance and backing of a major banking corporation. Such a product is certain to find a gracious market in quick order, and that they have a patent on the idea means they might for an extended period be the only game in town — if they commercialize it.
The last bit is the novelty of the device or system, whatever form it takes. Bank of America wants to offer clients the ability to know in real-time when their private keys are being tampered with and to have some method to deal with such events. This invention can serve all types of clients, but one imagines exchanges and other larger clientele who are most frequently the target of hack attempts being the biggest beneficiaries.
The patent describes a system of redundant keys in which the system automatically responds to tamper attempts by deleting the key from the potentially compromised device.
“In specific embodiments of the system, the storage device further includes one or more sensors in communication with the first processor. In such embodiments of the system, the first processor is further configured to, in response to receiving the tamper-related signals from the one or more sensors, delete the one or more private cryptography keys from the first memory.”
It can also perform this function if physical tampering is detected, say a device is stolen:
“In other specific related embodiments of the system, the one or more sensors further comprise at least one of a shock sensor, an acceleration sensor and a temperature sensor, In such embodiments of the system, the first processor is further configured to, in response to receiving the tamper-related signals from at least one of the shock sensor, the acceleration sensor and the temperature sensor, delete the one or more private cryptography keys from the first memory.”
A third such instance where it might ghost a protected key off the client device is when a virus or malevolent code is detected:
“In other specific embodiments of the system, the first processor is further configured to receive the tamper-related signal, from the computing node. In such embodiments of the system, the tamper-related signal indicates that a user has exceeded a predetermined number of attempts of inputting user authentication credentials to the authentication routine.”
According to the patent, users will be required to configure what tamper signals are and how they are processed.
Time will tell what, if any, form this patent will take as a product. Secure storage of private keys remains an important topic in cryptocurrency, especially as the community grows and the number of bad actors increases.
Images from Shutterstock
Last modified: January 24, 2020 10:55 PM UTC