US 12,206,756 B2
Electronic device within blockchain based PKI domain, electronic device within certification authority based PKI domain, and cryptographic communication system including these electronic devices
Younsung Chu, Yongin-si (KR); and Junho Huh, Yongin-si (KR)
Assigned to SAMSUNG ELECTRONICS CO., LTD., Suwon-si (KR)
Filed by SAMSUNG ELECTRONICS CO., LTD., Suwon-si (KR)
Filed on Oct. 28, 2020, as Appl. No. 17/082,790.
Claims priority of application No. 10-2020-0039126 (KR), filed on Mar. 31, 2020.
Prior Publication US 2021/0306135 A1, Sep. 30, 2021
Int. Cl. H04L 9/00 (2022.01); H04L 9/06 (2006.01); H04L 9/32 (2006.01)
CPC H04L 9/006 (2013.01) [H04L 9/0637 (2013.01); H04L 9/0643 (2013.01); H04L 9/3247 (2013.01); H04L 9/3268 (2013.01); H04L 9/50 (2022.05)] 17 Claims
OG exemplary drawing
 
1. An electronic device of a first domain, which is a blockchain-based public key infrastructure (PKI) domain, the electronic device comprising:
an interface configured to receive, from a first entity of a second domain, a first certificate of the first entity, a second certificate of a second entity of the second domain, and a third certificate of a third entity of the second domain, the first certificate having been issued by the third entity to the first entity, the third certificate having been issued by the second entity to the third entity;
a memory configured to store the first certificate, the second certificate, and the third certificate; and
a processor configured to:
look up a transaction corresponding to the second entity of the second domain at a distributed ledger of the first domain based on an identifier of the second entity, the transaction having been added to the distributed ledger based on a registration message comprising a public key of the second entity and a certificate hash value of the second certificate of the second entity, the transaction indicating that the second entity and the second certificate are registered in the distributed ledger of the first domain;
verify the second certificate of the second entity of the second domain based on the public key of the second entity and the certificate hash value of the second certificate of the second entity comprised by the transaction;
verify the third certificate based on verification of the second certificate, and further based on the public key of the second entity obtained from the second certificate, the third certificate not being registered in the distributed ledger of the first domain; and
verify the first certificate based on verification of the second certificate and verification of the third certificate, and further based on a public key of the third entity obtained from the third certificate, the first certificate not being registered in the distributed ledger of the first domain,
wherein the first domain is different from the second domain,
wherein the electronic device is not registered as a member of the second domain,
wherein the first entity is not registered as a member of the first domain,
wherein the second certificate of the second entity is registered in the distributed ledger of the first domain, and
wherein the third entity is not registered as a member of the first domain.