US Patent 11468435 Apparatus and methods of air-gapped crypto storage using diodes

In a blockchain network, a “cold wallet” allows users to securely create and store their private key and sign their transaction data only when the wallet is completely offline. When a user requests a transaction, a user key tag that identifies the user's key is determined. The transaction data and the user's key tag are transmitted to a cold wallet that includes an HSM Trusted Client and an HSM over a first one-way communication channel during a window in a first sequence of connection windows. Inside the cold wallet, the HSM Trusted Client uses the user key tag to determine an encrypted version of the user's signing key. During a processing window, the transaction data and encrypted signing key are transmitted to the HSM, where a cleartext key is recovered and used to sign the transaction, and the signed transaction is transmitted back to the HSM Trusted Client. During a second connection window, the signed transaction is transmitted from the HSM Trusted Client for transmission to the blockchain network. The processing and connection windows do not overlap. The one-way communication paths combined with the non-overlapping connection and processing prevent unauthorized access to the signing keys.