CROSS-REFERENCE TO RELATED APPLICATIONS

[0001] This application claims priority to U.S. Patent Application No. 17/555,148 filed December 17, 2021, which is a continuation-in-part of U.S. Serial Number 16/458,951, filed July 1, 2019, which claims priority to U.S. Provisional Patent Application Serial Number 62/758,121, filed November 9, 2018 and U.S. Provisional Patent Application Serial Number 62/692,199, filed June 29, 2018, the contents of each application are incorporated herein by reference.

FIELD OF THE INVENTION

[0002] This invention relates generally to data access control in computer networks. More particularly, this invention is directed toward techniques for providing authentication, non-repudiation, governed access and twin resolution for data utilizing a data control signature.

BACKGROUND OF THE INVENTION

[0003] A distributed ledger is a consensus of replicated, shared and synchronized digital data distributed across multiple networked machines. There is no central administrator or centralized data storage. A peer-to-peer network and consensus algorithms are used to ensure replication across the multiple networked machines. One form of distributed ledger is the blockchain system.

[0004] A traditional blockchain can accept a hash of an off-chain data resource. However, the off-chain data resource is not governed from the blockchain. While the blockchain entry can verify the content of some data at a later stage, the resource can be accessed, copied, read without needing the permission or interaction with the blockchain entry. Thus, no governance of the off-chain resource can be programmatically enforced or automated. Instead, human intervention and labor are required for governance. Current blockchain technologies cannot accept data beyond a maximum capacity limit of a few hundred bytes. [0005] Thus, there is a need to control off-chain data. More particularly, there is a need for arbitrary sized data files to be placed under blockchain governance.

SUMMARY OF THE INVENTION

[0006] A non-transitory computer readable storage medium has instructions executed by processors to receive an original collection of symbols at a first machine operative as a coding machine in a network. The original collection of symbols is conveyed via the network from a second machine operative as a client machine in the network. A single use coding function is applied at the first machine to the original collection of symbols to form a new collection of symbols. The first machine subsequently applies a different single use coding function to the original collection of symbols to form a different new collection of symbols recoverable as the original collection of symbols. Encryption keys associated with a user of the client machine are formed and conveyed via the network to a client wallet on the second machine. The new collection of symbols is encrypted to form a recoded encrypted symbol file. A lossless compression function is applied to the encrypted symbol file to form a compressed file with a bit size less than or equal to a bit size of the encrypted symbol file. The compressed file is conveyed via the network to a third machine for storage. A distributed ledger entry is formed with a hash of the compressed file. The distributed ledger entry is written to a fourth machine in the network, where the fourth machine is a node in a distributed ledger. The distributed ledger entry at the fourth machine is accessed. The compressed file is read from the third machine. The data control signature formed using the single use coding function encrypted with the private key and a symmetric key is utilized to convert the compressed file to the original collection of symbols.

BRIEF DESCRIPTION OF THE FIGURES

[0007] The invention is more fully appreciated in connection with the following detailed description taken in conjunction with the accompanying drawings, in which:

[0008] FIGURE 1 illustrates a system configured in accordance with an embodiment of the invention.

[0009] FIGURE 2 illustrates processing operations associated with an embodiment of the invention.

[0010] FIGURE 3 illustrates data processing performed in accordance with an embodiment of the invention. [0011] FIGURE 4 illustrates encoding operations performed in accordance with an embodiment of the invention.

[0012] FIGURE 5 illustrates data write processing operations performed in accordance with an embodiment of the invention.

[0013] FIGURE 6 illustrates data encoding performed in accordance with an embodiment of the invention.

[0014] FIGURE 7 illustrates interactions between users, data and processes associated with an embodiment of the invention.

[0015] FIGURE 8 illustrates data read processing operations performed in accordance with an embodiment of the invention.

[0016] FIGURE 9 illustrates the creation of smart data in accordance with an embodiment of the invention.

[0017] FIGURE 10 illustrates the transfer of smart data in accordance with an embodiment of the invention.

[0018] FIGURE 11 illustrates access to smart data in accordance with an embodiment of the invention.

[0019] Like reference numerals refer to corresponding parts throughout the several views of the drawings.

DETAILED DESCRIPTION OF THE INVENTION

[0020] Figure 1 illustrates a system 100 configured in accordance with an embodiment of the invention. The system 100 includes a set of client machines 102_l through 102_N operative as a peer-to-peer network utilizing network 106, which may be any combination of wired and wireless networks. As detailed below, the client machines access arbitrarily sized data files that are under blockchain governance.

[0021] Each client machine includes a processor (e.g., central processing unit) 110 and input/output devices 112 connected via a bus 114. The input/output devices 112 may include a keyboard, mouse, touch display and the like. A network interface circuit 116 is also connected to the bus 114 to provide connectivity to network 106. A memory 120 is also connected to the bus 114. The memory stores a client wallet 122 with instructions executed by processor 110 to implement operations disclosed herein.

[0022] Also connected to network 106 is a server 104. The server includes a processor 130, input/output devices 132, a bus 134 and a network interface circuit 136. A memory 140 is connected to bus 134. In one embodiment, the memory stores a coding module 142, an access module 144 and decoding module 146. Modules 142, 144 and 146 may be downloaded to client devices 102 1 through 102 N and form a portion of a client wallet 122. [0023] Figure 1 also illustrates a set of machines 150 1 through 150 N operative as data storage machines or cloud storage. Each machine 150 includes a processor 151, input/output devices 152, a bus 154 and a network interface circuit 156. A memory 160 is connected to bus 154. The memory 160 stores a storage module 162 with instructions executed by processor 151 to manage the reading and writing of data blocks.

[0024] Figure 1 also illustrates a set of machines 170 1 through 170 N operative as a distributed ledger. Each machine 170 includes a processor 171, input/output devices 172, a bus 174 and a network interface circuit 176. A memory 180 is connected to bus 174. The memory 180 stores a distributed ledger module 182 with instructions executed by processor 171 to administer a distributed ledger.

[0025] The system 100 is exemplary. It should be appreciated that operations disclosed herein may be performed on different machines in the system 100. For example, a client machine 102 may include a storage module 162 to store blocks of data. Similarly, one or more of machines 170 1 through 170 N may include a storage module 162 to store blocks of data.

[0026] Figure 2 illustrates processing operations associated with an embodiment of the invention. Initially, a collection of symbols is received 200. The collection of symbols form a data file. By way of example, client machine 102 1 receives a collection of symbols.

[0027] A coding function is applied to the collection of symbols 202. Figure 3 illustrates a single symbol 300 that is subject to a coding function in the form of a unique coding table 302, which produces a new symbol 304. The operation of block 202 forms a new collection of symbols. The client wallet 122 may utilize the coding module 142 received from machine 104 to implement this operation.

[0028] The next operation is to form encryption keys 204. Three encryption keys are formed: an asymmetric encryption private key, an asymmetric encryption public key and a symmetric encryption key. Figure 3 illustrates a client wallet 122 of a client machine 102 holding an encryption key pair 306.

[0029] The next operation of Figure 2 is to encrypt and store results 206. More particularly, this operation entails encrypting the new collection of symbols to form a recoded encrypted symbol file, which may be stored utilizing a storage module 162 on one or more of machines 150 1 through 150 N. Figure 3 illustrates a symmetric encryption block 308 forming a recoded encrypted symbol file 310. The client wallet 122 may utilize the coding module 142 received from machine 104 to implement this operation.

[0030] Returning to Figure 2, the next operation is to form a distributed ledger entry 208. A private key may be used by an asymmetric encryption block 312 to form a distributed ledger entry 314, which will be referred to herein as a Distributed Ledger Technology (DLT) entry. The client wallet 122 may utilize the coding module 142 received from machine 104 to implement this operation. The distributed ledger entry is then written to memory 210. More particularly, the distributed ledger entry is written to a distributed ledger, such as on machines 170 1 through 170_N.

[0031] The foregoing operations constitute data encode, encrypt and write operations. The following operations constitute data read, decrypt and decode operations. The next operation of Figure 2 is to access the distributed ledger entry 212. For example, the client wallet 122 may use the access module 144 received from machine 104 to implement this operation. Next, the encrypted file is accessed 214. More particularly, the recoded encrypted symbol file is accessed from a network accessible memory location. For example, a data vendor may specify to a data purchaser the location of the network accessible memory location.

[0032] The final operation of Figure 2 is to decrypt the results 212. More particularly, the recoded encrypted symbol file is decrypted to derive the original collection of symbols. As discussed below, the decrypt operation includes a decoding operation, which is the inverse of the coding function of block 202. The decoding module 146 received from machine 104 may form a portion of the client wallet 122 that is used to implement this operation.

[0033] The disclosed technology constitutes a technique to control off-chain data. More particularly, arbitrarily sized data files are placed under blockchain governance. Additional details regarding the disclosed technology follow.

[0034] In economics, a good is said to be rival if its consumption by one consumer prevents simultaneous consumption by other consumers, or if consumption by one party reduces the ability of another party to consume it. When creating lists, databases, ledgers and other such data structures a field is a variable such as “height”, “age”, “name” etc. and a field value is the corresponding entry such as “1.2 meters”, “37 years”, “John Smith” etc. A similar concept is a key: value pair, but because key has a variety of meanings in a cryptographic sense as well, reference to field: value pairs is more helpful. Primary field values are guaranteed to be unique to enable looking up entries that could be duplicated. For example, John and Mike may both have $100 in a bank and so to be sure that Mike is spending his $100 and not John’s, a Primary field value such as an ID number or password can be used to ensure good working of a ledger, database or the like.

[0035] Current blockchain ledgers provide a network defined space were users Alice and Bob can record short messages between each other (peer-to-peer) that are attested by the network (attestation is specifically performed by those individuals that hold a copy of the ledger for the purpose of providing a neutral distributed third-party copy of the message Alice sent to Bob). Because of the cryptographic protocols employed combined with the proof of work/consensus protocol of the crypto network, Alice and Bob’s record is both socially, economically and technically hard to edit or manipulate.

[0036] A benefit of current block chain technology is that message entries “on” the ledger are owned. These short messages have properties (such as rival character) that technically enforce ownership and provide a partial move towards legal ownership. As such, if these messages are set to represent tokens, then tokens can be owned and traded over a blockchain network using the appropriate protocol. Token transactions are efficient because they are peer-to-peer and do not need authorization or auditing by a human to be valid.

[0037] The data associated with a field value is very different than the data associated with a file. Technologies that ensure the correct usage and movement of data as field - field value pairs (such as in a Structured Query Language (SQL)) do not ensure the correct usage and movement of files. Data held in a database is under database management, the same data held out of a database is not under database management. The same is true for blockchain and Distributed Ledger Technology (DLT) structures. Field values in a DLT are under DLT management, data associated with files are not under DLT management.

[0038] The disclosed technology provides DLT managed field values. That is, with the disclosed technology field values in a DLT are owned. DLT field values have properties (such as rival character) that technically enforce ownership and provide a partial move towards legal ownership. As such, if these DLT field values are set to represent tokens, then tokens can be owned and traded over a blockchain network using the appropriate protocol. [0039] Field value transactions are efficient because they are peer-to-peer and do not need authorization or auditing by a human or organisation in order to be valid. The disclosed technology includes a file management system that extends and preserves the utility of DLT field value management. A valid ownership model for files is disclosed. DLT field values have no utility out of a DLT environment and ledger. Access to a DLT field value requires access to the DLT network and possession of a cryptographic key. Access to a file does not require access to the DLT network and therefore is not under DLT management with respect to ownership, which in turn necessitates labor based auditing etc. At best, through the use of hash values, the integrity of data can be established from a DLT, but that is a utility not at the heart of DLT field value utility. With current DLTs, files associated with hash integrity checkers certainly do not possess rival character required for ownership at a “property” level, nor do they enable access for the asset at a DLT level and therefore fail to provide intellectual property protection for assets registered in current DLTs.

[0040] Furthermore, DLT field values are guaranteed to be primary field values during transactions. This is not the case for files during DLT file transactions as the hash of a duplicate file will be identical and not unique. Therefore, uniqueness will have to be introduced at the cryptographic key level requiring a Public Key Infrastructure and still not be able to identify file copy A from file copy B when presented to a judge thus failing to offer a peer-to-peer transaction platform for files.

[0041] These challenges are met in a single, integrated protocol referred to as The Magna Carta Protocol (MCP), which does not require an amendment to DLTs, but rather a reformatting of a file data utilizing MCP. The MCP produces a decentralised file format.

[0042] The coding function 202 of Figure 2 may utilize the unique coding table 302 of Figure 3. The coding function can alternately be a tree. The only requirement is that one coding scheme be used per file encoding, such that the coding scheme is single use only. That is, single use means use for a single instance of a file, not only good for one use in time. If duplicate files are coded multiple times, a new one-time coding scheme must be generated with each encoding request. Three relevant examples of suitable single use coding schemes are Huffman trees, auto-encoders and symmetric encryption (Ceasar ciphers, AES, etc.).

[0043] Huffman trees are discussed because certain aspects of the MCP operation are easily modelled and understood. Reasons for using symmetric encryption instead of Huffman trees are speed of encoding. Reasons for using Huffman trees may be faster streaming. Auto-encoders may be used on images and generally incompressible strings. The main feature of all three encoder models is that the input can be salted to produce unique coding schemes without having to artificially generate unique coding schemes.

[0044] MCP produces a recoded encrypted file on disc, beyond the DLT network, which cannot be accessed without rebuilding the unique coding scheme which requires accessing the DLT entry. In other words, the DLT entry under MCP is acting as a pointer in DLT memory to the offchain file. The pointer both identifies the recoded encrypted file and provides a way to access the cold stored content. This controlled access gives recoded encrypted files rival character. [0045] Figure 4 is used to demonstrate the notion of guaranteed uniqueness. If the MCP chooses to employ a unique Morse Code coding schemes shown in Figure 4, it is clear that the same input or message when encoded, repeatedly generates a different “twin”. The Unique coding table and the unique output work together. While all twins build to the message “SOS” when read (looks the same on build) each twin is different in its record. [0046] The encrypted unique encoding scheme can be paired with an integrity checker value if the content under DLT management is static. The integrity checker value can be set to zero if the data under management is dynamic, such as messaging applications or streaming services.

[0047] Field value transactions under MCP can record the transfer of ownership of one file between two peers in a peer-to-peer manner. Thus, the disclosed technology facilitates an entirely autonomous peer-to-peer transfer of owned files.

[0048] The invention is more fully appreciated in the context of the following detailed disclosure. In cryptography, plaintext is unencrypted information, as opposed to information encrypted for storage or transmission. Plaintext usually means unencrypted information pending input into cryptographic algorithms, usually encryption algorithms.

[0049] Cipher text or cypher text is the result of encryption performed on plaintext using an algorithm called a cipher. Cipher text is also known as encrypted or encoded information because it contains a form of the original plaintext that is unreadable by a human or computer without the proper cipher to decrypt it.

[0050] A coding scheme is any table, tree, function, or representation that maps binary to some character or value. ASCII is a table that maps the binary “1000001” to the capital letter “A” and is thus a coding scheme. Encoding is the process of converting a character or value into binary while decoding is the process of converting binary into some character or value. Although coding schemes are certainly not encryption ciphers, the definition of a coding scheme in this disclosure depends on how an algorithm is applied, not necessarily what algorithm is chosen. For example, most substitution ciphers such as Caesar cipher encryption produce outputs with similar characteristics to encoding outputs such as the base64 encoding of UTF8 HTML. Similarly, the Huffman process detailed in this document has the properties of a compression algorithm and a coding scheme. Within this document the Huffman process is often referred to as a coding scheme as it is the properties of Huffman coding that are critical to the disclosed Digital Control Signature (DCS) process described below, while the Huffman compression, a beneficial side effect, is merely managed. [0051] Public key cryptography uses pairs of keys. The keys include public keys, which are disseminated widely and private keys, which are known only to the owner.

[0052] In cryptography, salt is random data that is used as an additional input to a oneway function that "hashes" a password or pass phrase. Salt is closely related to the concept of a nonce. The primary function of salt is to defend against dictionary attacks or against its hashed equivalent, a pre-computed rainbow table attack.

[0053] A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender (authentication), that the sender cannot deny having sent the message (non-repudiation), and that the message was not altered in transit (integrity).

[0054] In this disclosure, a message is denoted by a capital “M”. A message is any string of data. “M” means a serial number, data base entry, numerical value, file content, in memory value of any type or size or anything that can be represented using binary.

[0055] As discussed in connection with Figure 4, twin resolution is the ability to distinguish two or more identical copies of a message from one another.

[0056] MCP facilitates the creation of data embedded with authentication, nonrepudiation, tunable integrity, governed access, and twin resolution by default, referred to as smartdata. MCP also facilitates the transmission of smart data between two or moreparties in a peer-to-peer network.

[0057] Plaintext data (referred to as a message, M) is converted by the MCP into a decentralized file format consisting of three components detailed in Figure 5:

• a Data Control Signature (DCS) - comprising the number pair (I, CMUHT)

• a recoded encrypted data object - the ciphertext CMR

• cryptographic keys - KI, K2.

[0058] Taken collectively, these three components of the decentralized file format are referred to as Smart Data. The location of each component varies by application, but typically the DCS is stored on a blockchain (e.g., machines 170 1 through 170 N), the recoded encrypted data object (CMR) is suitable for cloud storage (e.g., machines 150 1 through 150_N) and the cryptographic key pair KI, K2 is stored in a Virtual Machine (VM) or container-based wallet (e.g., on a client machine 102 1).

[0059] The primary purpose behind smart data’s design is to overcome the limits of conventional data to be both controllable and collaborative at the same time, a problem that stems from the fact that currently data is accessible by default and copies of data are indistinguishable from one another.

[0060] Figure 5 characterizes the processing and decentralization of a data message M. The first half of the MCP is designed to ensure that all data is unique at a binary level even between two exact copies of any given data, as shown in connection with Figure 4. The ability to uniquely identify smart data is called twin resolution and is critical in establishing digital rights, audits and ownership of data in a world where multiple copies of exact content are distributed globally on a daily basis.

[0061] The second half of the MCP is designed to make data objects unreadable and then encrypted placing them into a state referred to as cold storage. This measure ends root level file access ensuring data is inaccessible by default.

[0062] The ability of a user/agent or application to retrieve smart data requires both the wallet held keys (e.g., encryption key pair 306) and the blockchain entry (e.g., DLT entry 314). This is in stark contrast to a smart contract where the blockchain does not determine the usability of a smart contract, only its validity. Smart contracts govern tokens of value, whereas Smart data is a store of value itself.

[0063] Access to information within a smart contract is not restricted to a blockchain base, meaning that a legal position of ownership of the data within a smart contract is not complete. The ownership of Ether is set, but not the data within the smart contract itself.

[0064] In contrast, with the disclosed technology, the ability of a user/agent or application to retrieve smart data requires both the keys held by the wallet and the blockchain entry value CMUHT. The DCS CMUHT confirms from a blockchain base that the content held within the CMR file is accessible. Without the CMUHT value, the content of the CMR file is inaccessible. This is in stark contrast to a smart contract, where the smart contract blockchain does not determine the usability/accessibility of a smart contract, only its validity.

[0065] Figure 5 illustrates processing of plaintext data M. For example, M is taken out of static ASCII, UTF-8, Unicode coding or whatever coding standard is used which universally represents any character (such as the letter A as 100001) the same way regardless of larger context of M, and puts M into a custom coding scheme, which will be referred to as a Unique Huffman Tree (UHT). Theoretically, a Huffman encoder can be configured to handle all M identically and produce constant tree structures for a fixed M. The MCP goes against this traditional implementation to maximize the number of distinct trees that can represent symbols within a message. This aspect of the MCP seeks to maximize the distance between any two consecutive requests to generate a tree for a fixed message M in a random fashion, to maximize the efficacy of twin resolution.

[0066] In one embodiment, Unique Huffman Trees are generated using two mechanisms, random stack returns and salt. In UTF-8, all bytes have an 8-bit word size. Within Huffman coding, byte word size is variable resulting in message length compression. By allowing the stack to randomly return binary word addresses to match to symbols of similar frequency up to 2000 unique Huffman trees can be generated on a 10 kb message (or larger) before statistical collision.

[0067] Salting a message decreases compression efficiency, but increases twin resolution. For a standard 100 kb file or larger, 5% L salt can easily uniquely resolve millions of message copies. Increasing the salt length will increase twin resolution power, but ineffectively recode messages in terms of storage size, which is why a balance of salt amount must be set. 5% salt typically maintains a compression efficiency of 99% efficiency against the ability to resolve 4 - 8 million message twins without collision. For two messages Ml, M2 made up of uniform symbols frequencies, the odds of collision are 256 !/2 or on the order of 4 E+506. However, a lower bound for highly structured messages could be significantly smaller. Collision detection through empirical means requires somewhat exhaustive computation. The bound then for salted messages at 5% message length allows random stack returns greater than 100,000 and less than 4 E+506, which is sufficient to make the claim of effective twin resolution.

[0068] Figure 5 illustrates that M is supplemented with salt to produce “M + salt”, which is applied to a Huffman Coder. This corresponds to the coding function block 202 of Figure 2 and the coding table 302 of Figure 3. As shown in Figure 5, the coding function produces MUHT and MR. The “R” in MR stands for recoded, as in the recoded message M. UHT stands for Unique Huffman Tree derived from the message M. The message M provides a symbol set to generate UHT. The message derived MUHT is the unique coding function. It recodes message M to MR.

[0069] MUHT is asymmetrically encrypted with a private key KI to produce CMUHT. This corresponds to the encrypt operation 206 of Figure 2 and the asymmetric encryption block 312 of Figure 3. As shown in Figure 5, CMUHT forms a number pair that is stored to the blockchain (e.g., machines 170_l through 170_N).

[0070] Figure 5 also depicts that message MR is symmetrically encrypted with a public key K2. This corresponds to the encrypt operation 206 of Figure 2 and the symmetric encryption block 308 of Figure 3. This results in a recoded encrypted file 310 or CMR, which may be stored via a network (e.g., a network accessible memory location on one or more of machines 150_l through 150_N).

[0071] In the last half of the Magna Carta Protocol we set the keys, the data control signature and the recoded encrypted data object. A prerequisite for these steps is the generation of the key pair KI, K2. The need for non-repudiation of the CMUHT requires the implementer's to choose KI, which is an asymmetric cipher used with "signature" schemes. K2 is a public key that supports symmetric encryption. Though the choice of asymmetric or symmetric ciphers for the encryption of the UHT recoded message from M to MR is arbitrary, for speed performance we assume a symmetric operation such as AES-256 running.

[0072] The plaintexts MUHT and MR are encrypted accordingly to the resultant ciphertexts CMHUT and CM . At this stage in the MCP the recoded encrypted data obj ect (CMR) is set. The number pair (I, CMHUT) is set as part of a two-step process.

[0073] A data control signature (DCS) is similar in concept to a digital signature, but with significant differences and additions. A data control signature (DCS) is a mathematical scheme for demonstrating authentication, non-repudiation and also providing message accessibility and twin resolution as novel components.

[0074] Integrity is processed as a final optional step to generate the number "I". Integrity is a property of data that confirms no alterations have occurred to data during transmission or after storage by some third-party. In other words, data has integrity if when examined at some distant location or time it can be shown to be unaltered. Data of this type is immutable. Integrity is not set through accessibility in any form; data can have integrity and still uncontrolled access.

[0075] This is the case with a smart contract. The smart contract hash value stored on Ethereum's ledger convinces some distant judge that the smart contract in question is valid and has integrity, but anyone can access it, and therefore ownership of information within a smart contract is not owned.

[0076] Traditional hash-based integrity is straightforward enough to implement, but has a drawback in terms of risking future exposure of information. Future generations capable of incredible hash brute forcing will be able to deduce the information stored on such a hash based blockchain.

[0077] The lack of access control and the potential future weakness in blinding or protecting sensitive data is the reason why the disclosed technology presents integrity setting options that do not employ raw hashing. [0078] Accessibility of smart data is set through removing the readability of data (through the Huffman coder) as well as encryption. Data streaming over UDP does not require an "I" value to be set, while a fixed data product such as pre-recorded entertainment does. As such, a DCS allows dynamic content to be authenticated, non-repudiated, twin resolved, and accessed without limiting the ability to reuse a DCS in a messaging or streaming application. [0079] When the setting of integrity is appropriate (such as for static smart data products) the below integrity methods are useful and future-proof. "I" is a value to determine data integrity. Broadly, there exists some function "I" depending on MR that sets integrity.

Traditionally, a straight hash function would be sufficient. To understand why a straight hash is not used it is important to stress a significant feature of the number pair (I, CMHUT).

[0080] (I, CMHUT) constitutes the blockchain resident component of smart data. Blockchain records persist globally and as such need to be future-proof. Although crypto analysis gives us reasonable assurances regarding suite B cryptographic ciphers, quantum computing and massive parallel processing does not guarantee the HASH or encrypted values stored on the blockchain will remain private over the course of time.

[0081] The requirement of data to remain private over time is solved in smart data because there is no information of MR encoded onto the blockchain, just proof of MR integrity and control over MR access. It is not enough that hash functions are lossy; therefore three integrity alternatives are mentioned briefly.

[0082] Authenticated encryption (AE) and authenticated encryption with associated data (AEAD, variant of AE) is a form of encryption which simultaneously provides confidentiality, integrity, and authenticity assurances on the data. These attributes are provided under a single, easy to use programming interface.

[0083] An encrypt-then-MAC (EtM) approach may also be used. That is, the plaintext message is first encrypted, then a MAC (Machine Authentication Code) is produced based on the resulting ciphertext. The ciphertext and its MAC are sent together in traditional AE protocols used in e.g., IPsec. This is the only method which can reach the highest definition of security in AE, but this can only be achieved when the MAC used is "strongly unforgeable". The foregoing process is shown in Figure 6.

[0084] When DCS employs AE to set integrity, the machine authentication code (MAC) is separated from the encrypted recoded message CMR and is stored on the blockchain as part of the DCS. Importantly, without the KI key stored in the VM, integrity checks cannot be performed as the KI and the message are needed to generate the MAC. [0085] Therefore all 5 DCS atributes - authentication, non-repudiation, integrity, twin resolution, and message access - are controlled strictly by the message owner.

[0086] An alternative integrity algorithm is disclosed for completeness. For small messages (e.g., less than 50 megabytes) that need the highest levels of extreme integrity (such as a national edict or legal document) miners can be brought in as "co-signers".

[0087] AE, described above, provides integrity that is practically impossible to break.

The disclosed solution of miner encryption with a throw away private key has the benefit of being physically impossible to break integrity.

[0088] The owner submits a re-coded message MR to an agent controlled by miner. The miner encrypts the recoded message through the agent with a private key K2, and private K2 is then permanently forgotten while the agent returns the K2 public key as the "I" value for the DCS.

[0089] Breaking integrity setting option 1 is practically impossible, as cheating the MAC requires both the hacking of the message author's VM to lift the MAC key, and also somehow editing the blockchain record of the MAC or forcing a useful hash collision during the MAC authentication process. This requires the failing of all known blockchain strength and security mechanisms on top of a specific VM wallet hack. While theoretically possible, it is not practically possible.

[0090] Integrity setting option 2 is both practically and theoretically impossible as the Private Key K2 has been forgotten; there is no record of it anywhere and nothing for an adversary to lift. An adversary would have no option but to attempt a brute force hack of the asymmetric cipher employed, which presents a trans-computational problem that ideally even a quantum computer would fail to execute in a reasonable time.

[0091] The creation of a file header recording metadata such as symbol frequencies, or interlaced stenographic markers based on MR content all provide increasing degrees of confidence in integrity without revealing or exposing MR content on the blockchain in a future-proof fashion. These three "I" type techniques all prevent the storing of MR content on the blockchain in any form towards a secure and privacy-centric future-proof smart data entry.

[0092] DCS Number pairs (I, CMUHT) set the CMR file extension to *.ta while DCS Number pairs (null, CMUHT) set the CMR file extension to *.dl. Set integrity denotes static "da.ta" *.ta, while null integrity denotes a data line (*.dl). *.dl files contain nothing more than metadata the CMR content is generated on demand (such as a stream) using the blockchain’s CMUHT. The choice of CMR source therefore is arbitrary. [0093] From a utility perspective *.ta files provide the world with smart data products, while *.dl files provide the world with smart data services. From an application perspective, *.ta files will typically reside under the control of one wallet and one user until a sale or transfer is made while *.dl files must be held by two parties and two wallets to have any utility.

[0094] Two users will undergo a key agreement protocol to establish a shared secret. Then they will agree on some arbitrary text so set a CMUHT, which would constitute a tree agreement protocol. At this stage both parties, Alice and Bob, will have a set of keys and a CMUHT value stored on their respective local devices. Alice will now generate some content M, recode M with CMUHT and encrypt it to produce CMR. CMR will be transferred to Bob, who will decrypt and decode to retrieve the message. To recap, the difference between *.ta and *.dl is the order in which the components are deployed between two parties. *.ta plaintext messages exist before CMUHT transport, while *.dl plaintext messages exist after. [0095] * .ta integrity prevents the reuse of CMUHT on future content, *.dl has no integrity and is reused until the user feels security measures justify creating a new *.dl data line. *.ta files are not necessarily collaborative, they may simply contain data meant for only one user. *.dl file necessarily involve 2 or more parties.

[0096] DCS is different from traditional digital signing schemes because the same message signature not only authenticates a message but can also allow the signature holder to control signed data. One such example of control is message ownership. Ownership rights are conferred to signed messages by default and are enforceable through algorithms, not simply through voluntary human compliance.

[0097] The Data Control Signature, which is mathematically represented as the number pair (I, CMUHT), is recorded on the blockchain. The DCS CMUHT could be stored at any database equivalent storage structure which may include (but is not limited to) a Directed Acyclic Graph such as IOTA'S Tangle, a SQL database, an XML table, a private blockchain or others. The DCS could even be printed and stored at some physical location and the signing scheme would still provide a complete offering as detailed below.

[0098] By using a straightforward unsalted Huffman message recoding scheme instead of hashing a message, we retain the ability to authenticate a message "M" (improved because authentication is pro-active, not retro-active as described below) and gain mathematically enforceable message access control. The use of Huffman coding schemes give the user a mechanism to enforce message access through the resultant signature. [0099] A Huffman process is a compression method used to reduce a message length to the minimum possible length, which maximizes the plaintext's bit entropy from a symbol level analysis. The Huffman process takes a message "M" of character length "L", analyses the symbol frequency, and produces a Huffman Tree "HT" that can be used as a coding scheme to recode a message in an optimally compressed manner - MR. Huffman trees depend on the content of the message, just as a hash depends on the content of a message. [0100] Hashing algorithms used in traditional signing schemes are retroactive. If the same message is hashed with the same hashing algorithm then the same apparently random output is generated. This "random output" or hash - H(M) - serves as a sort of fingerprint that retroactively (after the fact) verifies that the target message is authentic and unchanged. [0101] Coding schemes are pro-active. Coding schemes do not identify a message after analysis, building a readable message during the decoding process instead. Message dependent coding schemes (such as Huffman coding) authenticate a message by only being able to uniquely rebuild one specific target message, and at the same time providing access to message content by mapping some "apparently random" binary to a useful character or value. [0102] To stress the point, it is possible to imagine an application that uses a Huffman Tree instead of ASCII or UTF-8 to read some Huffman encoded plaintext. The computational time would be comparable. By contrast, computing a hash first and then, if verified, running an application would require two individual computational processes.

[0103] Access and authentication is therefore concomitant. No matching of fingerprints is used to identify a message as unaltered, but rather message dependent coding schemes are used to produce a readable message that is unaltered from a binary base.

[0104] While message independent coding schemes (such as ASCII) identify characters or values from binary, they are not specific to messages as a whole, making them unsuitable in DCS signing schemes. A chief property of hash functions is that they depend on message content, ensuring that hash based signatures are tied to specific messages, assisting in nonrepudiation and preventing forgery. Signatures that did not depend on message content and where identical could simply be copied and re-assigned to other illegitimate messages by unlawful third parties.

[0105] Huffman coding schemes, like hashing algorithms, depend on message content and are "unique" to messages as they depend on message content. All coding schemes that are based on message content or can be provably and uniquely tied to a single message in some way are suitable for use in DCS and are collectively referred to as unique coding schemes. [0106] Considering the broad utility and application of DCS as a whole in commerce, law and application development the Huffman coding scheme is superior for many reasons, including compression and salting to produce strong twin resolution. Thus, while other unique coding schemes may be employed as Huffman process alternatives and still produce a workable Data Control Signing scheme, it is a Huffman process that is detailed and drawn in the provided examples. It should be noted strongly, however, that DCS is not dependent on the Huffman process specifically and can accept any process deemed to fulfil the function of a unique coding scheme. Indeed, the orthodox implementation of Huffman Trees is injective and has to be modified with random stack returns and salting to ensure the generation of Unique Huffman Trees - UHT as a non-injective function.

[0107] The Huffman coders maximize the entropy of a string. In a random coding scheme of variable word size you might make the message larger when recoding (ASCI has a fixed word size of 8 bits per character for all characters). Huffman gives no guarantee about word size, which is a plus because without the tree it is mathematically harder to know where a symbol starts or stops. Symbol "A" might have a word size of 9 bits, while symbol "B" might have a word size of 3 bits, you never know. Huffman mathematical principles are similar to the mathematical principles in JPEG compression. Therefore, as a compression module, it could become a way to allow media players to load a "one time Huffman codec" for pay per view, or streaming with very little computational overhead on the decode side. [0108] Key generation introduces the need to demonstrate perfect forward secrecy which depends heavily on implementation of MCP. With respect to KI, in messaging applications, tree agreement protocols can be used. In distribution of content on-the-fly, Diffie-Hellman type key agreement or standard key encapsulation and transport can be used. With respect to K2, the appropriate choice of hybrid encryption for key encapsulation and transport is used. These issues lie in implementation and are beyond the general scheme for data treatment presented here. When Alice transmits smart data to Bob, the decentralized file format poses a technical challenge to handle each component in a relevant manner.

[0109] Figure 7 illustrates a smart data transfer process in accordance with an embodiment of the invention. Block 700 are participants, for example a publisher (e.g., Alice), a subscriber (e.g., Bob) and a blockchain operative as a blind broker that provides collaboration to both parties and control to the smart data owner. Blocks 702 represent processes, such as MCP and a channel. The remaining blocks in Figure 7 represent data. [0110] The DCS is simply transmitted from Alice to Bob using cryptographic mechanics on a distributed ledger, but is unique in that it is a second entry against tokens. Thus, the blockchain records the transfer of a smart data resource or asset against crypto tokens.

[OHl] The significance of the two way entry is that it allows for Bob and Alice's financial transaction (payment for a smart data product or service) and the smart data transfer to be handled simultaneously while under different regulatory concerns. The smart data transfer is blind to everyone but Alice and Bob (enabling GDPR compliance) and can be forgotten, while the payment record cannot be forgotten and serves as a perfect financial record.

[0112] The DCS process is executed at the desired control point on the virtual machine VM as illustrated in Figure 5, which is typically installed on some local host or local device. The message "M" has been signed resulting in 3 outputs namely: CMR (encrypted recoded message), number pair (I, CMUHT) (the DCS), and keys KI and K2. Unlike digital signature schemes that co-localize signatures and messages, the DCS deliberately ensures decentralization of three core components. The DCS is sent from the VM to a blockchain network that commits it to the blockchain. It is mathematically possible to send the DCS to a Directed Acyclic Graph "tangle", a secure database, private blockchain, XML document or any data base type storage facility. While the signing scheme is a good fit for blockchain technologies, it is not dependent on a blockchain.

[0113] The CMR is stored at the user's preferred location. To maximize value of the DCS process the CMR would typically be sent to a cloud storage server. The user may choose to keep the CMR on the VM, depending on downstream application. Keys KI, K2 remain on the VM, which will typically be set up on the local host I device used to access the encrypted recoded message CMR at some later date.

[0114] Developers, enterprise and users in general manage all encrypted recoded messages CMR and the corresponding digital control signature at the VM site. The client wallet 122 includes software to assist users in message signing, management, transfer and storage. Traditional wallets chiefly act as a "key ring", storing all necessary private key counterparts to blockchain resident derivatives of public keys as the mathematical basis to control coins or tokens. The client wallet 122, by contrast, must not only act as a token key ring, but as a DCS key ring as well. To hold DCS keys, the wallet must interact with the VM and best practice key management schemes to secure and retrieve DCS keys. CMR management also falls under wallet utility with more straightforward requirements. [0115] VMs offer benefits to the overall DCS process, such as operating system independence, standardization, additional security and user access logs that provide an even stronger legal basis for data ownership. Wallet components dealing with logging into the wallet and signature rules are DCS signed and stored on the blockchain during VM and wallet installation.

[0116] These VM benefits set a firm foundation for forensic audits of message origin and non-repudiation. An extensive amount of VM customization will depend on application and enterprise user requirements. It is straightforward to install multiple VMs on one local device, with each VM separated from one another to manage separate operators.

[0117] Many worms, ransomware attacks and viruses exploit the fact that devices tend to have "root level" access. On a windows machine, access to the C:\ root gives a user, bot, application, virus or other independent agent unilateral access to messages, files and device content. A novel use for VMs is to configure applications such as Photoshop® as client wallets, with DCS control over Photoshop® produced content on a Photoshop® dedicated VM.

[0118] Such a scenario would allow the application publisher to own and control all produced content and restrict access to specific application associated content. An adversary gaining "root level" access to the Photoshop® VM would not be able to compromise or affect content managed on a different application VM on the same local device. This implementation ends root level access in favor of application level access.

[0119] The process of extracting a useful message - M - from the decentralized file form is shown in Figure 8. Figure 8 is effectively the reverse of the operations shown in Figure 5. The process requires a controlled decryption, followed by a controlled decompression. This accessible useful content M is built on demand atthe control point, and is not sent to some target destination.

[0120] Keys KI and K2 are in the client wallet 122 on the local host (e.g., client machine 102 1), which may host a container based virtual machine. The number pair (I, CMUHT ) are retrieved from the block chain. KI decrypts CMUHT to MUHT, while K2 decrypts CMR to MR. CMR optionally undergoes an appropriate integrity check (i.e., “I” match MR). MR is then applied to Huffman decoding to secure M. The private key never needs to be disclosed at any point to the reading party. Therefore, while the reading party may access M ultimately, the reading party can never generate the signature. [0121] International data privacy laws, such as the European General Data Privacy Regulation (GDPR) which came into effect in May 2018, confer more and more data rights to users regarding data privacy. Chiefly, such legislation insists on greater client-enterprise transparency detailing how client data will be used, what client data will be stored, and most importantly the right for a user to actively know what data has been collected and to demand the right for such data to be forgotten. The right to be forgotten is specifically significant for blockchain technologies attempting to store private information such as user identity, sensitive health records, smart contracts and other personal information.

[0122] Failure to comply with GDPR could cost a company up to 4% of its annual turnover for a single incident and so far, because of the permanence and public broadcast of blockchain ledgers in traditional blockchain technologies, there is no recognized method for blockchain providers to offer users the autonomous right to be forgotten.

[0123] The disclosed DCS solution is eloquent because while the DCS is stored on a blockchain and can never be forgotten, the CMR exists off-chain and can be deleted by the message owner from the VM.

[0124] Deleting the CMR makes any possible attempt to rebuild M strictly impossible. Thus DCS signed messages can be permanently forgotten. With on-chain offerings it is impossible to offer a client the right to be forgotten, and with a hash based off-chain signature (such as employed by Ethereum) it is possible (in theory, but not practically) to brute force and test all string combinations to identify what message will build a particular hash that was stored on the blockchain, even if the original off-chain message has been deleted.

[0125] With the presented DCS, without CMR it is physically impossible to rebuild M. From knowledge of just KI, K2 and CMUHT it is impossible to generate the correct unique M originally signed for, even if attempting brute force analysis. Thus, the DCS provides data control through authentication, non-repudiation, integrity, twin resolution and message access, while allowing the blockchain based right to be forgotten and a state of default data privacy in accordance with the specifications "Council of the European Union, European Parliament. GDPR. Regulation (EU) 20161679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95I46IEC (General Data Protection Regulation). IMMC: PE 17 2016. INIT CELEX: 32016R0679. OJ: JOL 2016 119 R 0001. 27 April 2016." [0126] From a signal processing perspective, “compression” is an encoding process whereby a message M is encoded using fewer bits than the original M. Any compression technique is either lossy or lossless. Lossless compression reduces bits by identifying and eliminating statistical redundancy. Lossy compression reduces bits by removing unnecessary or less important information. No information is lost in lossless compression. As used herein lossless compression is defined in a non-standard way. A conventional definition for lossless compression is an encoding process that guarantees the output message bit size to be strictly less than the original message bit size. As used herein, lossless compression is an encoding process that guarantees the output message bit size to be strictly less than or equal to the original message bit size. The reason for allowing equality is that there is utility in choosing a permutation function as the "Lossless compression" algorithm. This allows us to consider a permutation function as a Lossless compression function with zero compression. As such the description of the creation of smart files is singular without needing to distinguish between permutations, encoders and compression functions and instead to treat all variants as a singular idea.

[0127] The design goal of lossy compression traditionally is to preserve content as much as possible while reducing as much as possible the number of bits needed to represent an approximation to M. However, in certain implementations of smart data creation it is of extreme benefit to relax the first design goal to preserve content as much as possible. Therefore, the definition of lossy compression is merely that the output bit string from a lossy compression function in some way encodes something of the original M bitstring that cannot be trivially undone, that given lossy compression of M it is not obvious what the precise bit string of M was. Using this definition, one can say that a perceptual hash of M is a very aggressive, lossy compression of M. Thus, in the following embodiments we need not attempt to remember that the second choice of algorithm is a one-way compression function or a perceptual hash or a locality sensitive hash or a lossy compression function and can just refer to a choice of lossy compression function. The utility of perceptual hash functions is in generating one way multimedia watermarks in h(M’) which is critical in digital rights management and biometric data.

[0128] Thus, a permutation function is acknowledged as a lossless compression function, albeit with no compression. A perceptual hash function, like an image hash can be chosen as an aggressive lossy compression function.

[0129] Figure 9 shows a process for creating smart data. Block 1 shows a lossless compression operation on message M. The lossless compression allows the original data M to be perfectly reconstructed from the compressed data M’ . M’ contains all information required to reconstruct M. Examples of lossless compression are Huffman encoders and ZIP. In the case of a Huffman encoder, M’ would either contain or refer to the Huffman tree used by the encoder. The lossless compression could also be skipped. M’ would then be identical to M. Lossless compression is used to reduce the data size.

[0130] Block 2 shows a lossy compression operation on message M. The lossy compression permits reconstruction of an approximation of the original data, usually with greatly improved compression rates. Examples of lossy compression are JPEG and MPEG. Lossy compression is used to detect duplicates of the original data M that are similar, but not identical to the original data.

[0131] Block 3 shows the creator of the asset chooses the key KI at random and uses authenticated encryption with associate data (AEAD) to encrypt and sign M’ to generate the recoded data MR. A creator may generate for a single original M several MR and sell each MR as an individual asset.

[0132] Block 4 shows the selection of key K2 for use in an authenticated encryption with associated data (AEAD) to encrypt and sign MR to generate the recoded encrypted data object CMR.

[0133] MR and CMR are files stored in the cloud (e.g., storage machines 150 1 through 150 N) along with a data control signature formed using the single use coding function encrypted with a private key stored in client wallet 122.

[0134] Block 5 shows an asset is created by adding a transaction to a blockchain. The transaction contains the public key of the creator and is signed by the creator with the corresponding private key stored in client wallet 122. The asset is defined by several hash values. h(M) identifies the original data M. An owner of M may create multiple assets for the same original data M, each with a different key KI and therefore also with a different MR. This will be visible in the blockchain as assets with identical h(M), but different h(Kl) and different 1I(MR). Certain modifications of M may result in the same M’ ’ . The purpose of h(M’ ’) is to detect certain modifications of M in the blockchain. The value I may be omitted. This is useful for example for a streaming service. Each subscriber of a stream would then buy a key KI.

[0135] Prior embodiments stored the data control signature on the blockchain. In contrast, with this embodiment, the data control signature is stored on one or more storage machines 150 1 through 150 N along with its associated file, while the block chain (e.g., machines 170 1 through 170_N) stores hashes of recoded files. [0136] Figure 10 illustrates the transfer of smart data from the current owner to the next owner. The transfer takes place in two phases. The first phase is visible in the blockchain. The asset that represents the smart data is traded for a token by a pair of transactions in the blockchain. The second phase is not visible in the blockchain. The new owner receives the keys KI and K2 in a secure manner from the previous owner.

[0137] Block 1 in Figure 10 shows Alice (A) selecting a private key and Bob (B) selecting a private key. Each key is kept secrete in a digital wallet.

[0138] Block 2 of Figure 10 shows Alice transferring an asset to Bob and Bob transferring a token to Alice. This pair of transactions is in the blockchain.

[0139] Block 3 of Figure 10 shows Alice and Bob choosing a and b, respectively to compute g ^a and g ^b , sign these values, and send the signed values to the other. Both verify the signature of the received data to make sure that the data came from the correct source. The signature verification prevents man-in-the-middle attacks. Alice and Bob then compute the shared key encryption key KEK.

[0140] The final operation depicted in Figure 10 is for Alice to send the keys KI and K2 encrypted and signed with the KEK to Bob. Bob checks the signature and decrypts the encrypted keys. Bob as the new owner of the asset that was transferred has full access to the asset via keys KI and K2. This completes the transfer of ownership.

[0141] Figure 11 illustrates operations to access smart data. Block 1 shows the transaction in the blockchain. In particular, block 1 shows that Bob bought the asset referred by the data “asset” from X. Bob would like to access its CMR stored in the cloud and associated in the cloud to “asset”.

[0142] Block 2 shows that Bob sends to the cloud a request to access CMR. Part of this request is the data “asset”. The cloud resource consults the blockchain and finds the current owner of “asset”. Block 3 shows a challenge (e.g., random data) and sends it to Bob. Bob uses his private key to sign the challenge and returns the signed challenge to the cloud, as shown with block 4. Only on successful verification will Bob obtain access to CMR. Care must be taken in the design of the data format of the challenge. Signing a challenge must be different from signing a transaction. Otherwise, Bob might think that he signs a challenge, while he actually signs a transaction. Domain separation is required (e.g., define the size of a challenge to be different from the size of a transaction hash value).

[0143] An embodiment of the present invention relates to a computer storage product with a computer readable storage medium having computer code thereon for performing various computer-implemented operations. The media and computer code may be those specially designed and constructed for the purposes of the present invention, or they may be of the kind well known and available to those having skill in the computer software arts. Examples of computer-readable media include, but are not limited to: magnetic media such as hard disks, floppy disks, and magnetic tape; optical media such as CD-ROMs, DVDs and holographic devices; magneto-optical media; and hardware devices that are specially configured to store and execute program code, such as application-specific integrated circuits (“ASICs”), programmable logic devices (“PLDs”) and ROM and RAM devices. Examples of computer code include machine code, such as produced by a compiler, and files containing higher-level code that are executed by a computer using an interpreter. For example, an embodiment of the invention may be implemented using JAVA®, C++, or other object- oriented programming language and development tools. Another embodiment of the invention may be implemented in hardwired circuitry in place of, or in combination with, machine-executable software instructions.

[0144] The foregoing description, for purposes of explanation, used specific nomenclature to provide a thorough understanding of the invention. However, it will be apparent to one skilled in the art that specific details are not required in order to practice the invention. Thus, the foregoing descriptions of specific embodiments of the invention are presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise forms disclosed; obviously, many modifications and variations are possible in view of the above teachings. The embodiments were chosen and described in order to best explain the principles of the invention and its practical applications, they thereby enable others skilled in the art to best utilize the invention and various embodiments with various modifications as are suited to the particular use contemplated. It is intended that the following claims and their equivalents define the scope of the invention.