Regulation in the United States requires banks, savings associations, casinos, credit unions, and money service businesses to comply with anti-money laundering programs, including customer identification programs (CIP). CIP requires businesses to collect personal information about all of their customers. For a US citizen, this personal information must include: name, date of birth for an individual, residential or business street address, taxpayer identification number. CIP also requires businesses to perform documentary or non-documentary identity verification procedures on this personal information. Due to higher speed and lower cost, businesses most commonly conduct non-documentary identity verification procedures where a comparison is made between the personal information and records obtained from consumer reporting agencies, public databases, or other sources. Similar regulations exist in other Countries and regions, leading to an exponentially more complicated regulatory landscape for international transactions.
These requirements necessitate that businesses collect and maintain databases of personal information, but also create demand for third party identity verification processors, credit reporting agencies and other businesses that specialize in these activities. Personal information is also subsequently sold to data brokers, who further sell the data to other entities. Transacting with a financial product online or at retail also creates a transference of personal information, as credit card numbers, names, addresses, and security codes are used to validate transactions over the major payment networks. This creates an exponential increase in systemic risk where an individual's personal information is stored redundantly with hundreds or thousands of separate databases and companies, creating a massive attack surface for hackers and organized criminals. If any one of these entities experiences a data breach due to a technology or process vulnerability when collecting, storing, transmitting, or processing data, millions of individual identities are subject to theft. Hundreds of millions of US citizens have now been victimized by these breaches. A recent breach compromised over one-hundred million identities in a single event, and many have been victimized multiple times. Each compromise results in the identities being sold openly to the highest bidder on anonymous deep web ecommerce sites, or in closed black markets. Because the same personal information traditionally used to validate a citizen's identity is also used to authorize financial transactions, the theft of either creates a wave of additional frauds with ecommerce, banking, and tax refund processing, as purchased identities are monetized in the existing system for profit. The issue is equally as pervasive in other developed Countries, who have modeled their regulatory regimes on that of the United States.
While data breaches are a serious risk for online banks and their vendor companies, they are catastrophic events for businesses that wish to offer cryptocurrency services. While online cryptocurrency services look and feel just like an online bank, the currency they deal in is subject to immediate, untraceable, and irreversible theft. While traditional currencies are associated with individuals or businesses in electronic format and can easily be reversed or tracked, cryptocurrencies behave more like a digitized precious metal or unmarked cash currency. When it is stolen there is little to no chance of retrieving your funds, or apprehending the party responsible.
When businesses offer services that aggregate cryptographic currency in large amounts, they become targets for both organized crime rings, unscrupulous employees who may work for organized crime rings, or hackers outside of the business entirely. Breaking in can pay off hundreds of millions of US dollars at today's exchange rates, with little to no risk of being caught. The proportion of the businesses' balance of cryptographic currency scales in direct proportion to how lucrative they are as a target for theft. The risks of theft are catastrophic for businesses and their account holders, and the costs of securing and insuring the cryptocurrency from theft are high. This invention obviates the need for this level of security by allowing participants to retain control of their cryptocurrency yet enables the participant to comply with regulation, clearing the way for a safer, less expensive, and entirely new hybrid decentralized exchange business model.
The terms “invention,” “the invention,” “this invention” and “the present invention” used in this patent are intended to refer broadly to all of the subject matter of this patent and the patent claims below. Statements containing these terms should not be understood to limit the subject matter described herein or to limit the meaning or scope of the patent claims below. Embodiments of the invention covered by this patent are defined by the claims below, not this summary. This summary is a high-level overview of various aspects of the invention and introduces some of the concepts that are further described in the Detailed Description section below. This summary is not intended to identify key or essential features of the claimed subject matter, nor is it intended to be used in isolation to determine the scope of the claimed subject matter. The subject matter should be understood by reference to the entire specification of this patent, all drawings and each claim.
The specific personal information elements and cryptographic hash function(s) suggested for use for verification, matching, revocation and expiration are outlined in the brief summary and detailed description sections below, however the invention is not meant to be specific to these elements and functions or limited by their mention. The invention is conceived to work with alternate elements and functions and transcends these details so as to be extended globally, as documented in the claims portion of the application. Specifically, the definition, length, and consistency of ISO codes, compliance level codes, ID type indicator, or the construction, length, or definition of the identity hash, including the cryptographic hash function(s) or other processes used in its creation should not limit or constrain the claims of the invention, as regulations constantly change globally, and cryptographic hash functions reach obsolescence and new, more secure functions replace them. Furthermore, the claims of the invention should not be considered constrained or limited by the rules of the cryptocurrency protocol used for an implementation, as identity signatures could be components of addresses, transactions sent to or from addresses, the specific inputs and outputs associated with transactions, or scripts within inputs or outputs that may contain or refer to identity signature records depending on the technology of the underlying cryptocurrency protocol. Herein this application will use the bitcoin protocol version 0.9.1 and US Country regulation to describe the invention and aid in its demonstration, but these implementation details should not limit the claims of the invention.
The participant sends required personal information through a plurality of channels, including but not limited to visiting a web page, calling an interactive voice response unit or customer service telephone number, or sending information physically by mail. The participant may provide their own cryptocurrency address or a plurality of addresses, or request an address or plurality of addresses if desired. In one embodiment of the invention, the participant also enters a passphrase or biometric identifier along with the cryptocurrency address and personal information.
The service provider first determines an identity signature value for the participant based on provided information. This signature consists of an ISO code corresponding to the participant's Country and subdivision, a compliance level code corresponding to the level of identity verification performed, an ID type indicator that reveals the type of ID that was used to verify the participant's identity, and an identity hash, which is the cryptographic output or digest of elements of a plurality of elements within the participant's personal information. The identity hash and ISO code portions of the identity signature may be used by the service provider to confirm the information provided does not match an existing identity signature for the participant's Country and subdivision in the decentralized cryptocurrency ledger. This is possible because the elements used to create the identity hash are unique to a participant in a given Country. In the event of a matching hash and Country, the service provider will check for the presence of a digitally signed revocation transaction with the same hash and Country, or if the transaction has expired by comparing its timestamp of the identity signature transaction with the time of the comparison. If the transaction with the matching hash has a valid signature, has not been revoked, and is not expired, the request is rejected as invalid as a duplicate request. In another embodiment of the invention particular to a specific Country, only an identity hash is required, as created from a plurality of personal information elements, verified or unverified. In another embodiment of the invention, the identity hash is generated using an international identity number as an input, allowing for a globally unique identity hash and or signature.
After the service provider verifies that the hashed digest of the specific elements in the participant's information does not match a previously existing transaction, or if a match exists, that the transaction has been revoked or is expired, the service provider may or may not perform specific identity verification procedures as required by applicable regulation. In one embodiment of the invention, a documentary identity verification procedure is required, where the participant share physical documents containing their identity by post, transmit facsimiles of images, or upload images of such documentation to the service provider. In another embodiment of the invention, a non-documentary identity verification procedure is performed, where data provided by the participant is compared against data in public records or other sources, and assuming a sufficient degree of consistency between records, is considered verified. In yet another embodiment of the invention, no identity verification procedure is required.
Assuming successful identity verification if required in the embodiment, the service provider stamps the participant's cryptocurrency address or plurality of addresses with a transaction or plurality of transactions. This transaction or plurality of transactions includes an identity signature and is digitally signed with a private key possessed by the service provider, proving authenticity. The public key corresponding to this private key is available publicly for third parties to access and use to verify the authenticity of the service provider's digital signature and may be included for reference in the transaction or plurality of transactions, depending on the underlying cryptocurrency protocol used. The contents of the identity signature will be documented in the detailed description section.
This process uniquely identifies a cryptocurrency network participant in a manner congruent with processes required by banks or money service businesses. In one embodiment, the participant's personal information may be archived by the service provider in order to meet applicable rules around data retention following a customer identification event. In another embodiment, the participant's personal information may be encrypted with the service provider's keys, and stored in a decentralized storage network hosted by other participants. All embodiments authorize the participant to transact and exchange crypto or traditional currency as a known customer, regardless of whether the customer has an account, as the verified identity signature is available for reference and verification in a decentralized public database, and the corresponding personal information may be retrieved with a lawful order from the archived database of the service provider, or with authorizing events retrieved and decrypted from the decentralized storage network.
The participant may then purchase or exchange cryptocurrency and alternate currencies using traditional financial instruments as allowed by applicable regulation and law, including but not limited to: alternate cryptocurrencies, non-cryptographic virtual/digital currencies or e-currencies, credit card instruments, debit card instruments, prepaid card instruments, EMV/CHIP enabled card instruments, federated payment systems such as ACH, BACS or Faster Payments, IBAN, SWIFT, Instant ACH, other bank wires, money orders, personal checks, or cashier's checks. Furthermore, the participant may conduct other activities that legally require a verified identity freely, without requiring redundant identity verification processes, sharing of sensitive personal information or cryptocurrency private keys with additional entities.
In another embodiment of the invention, law may require limits on the amount or number of transactions a participant may conduct in a specific timeframe. In this embodiment, entities with which the verified participant transacts may stamp transactions with a variation of this compliance level code to the fixed and verified cryptocurrency address, allowing aggregate principal or transaction counts. Entities transacting directly with the participant's fixed verified address may stamp the transactions directly with a variation of the compliance level code.
In another embodiment, entities may transact with the participant indirectly using a verified cryptocurrency routing or stealth address. Here the transaction between the participant and entity remains private as the destination address are derived with a shared secret. The entity may observe regulation by sending a subsequent transaction to the verified cryptocurrency routing or stealth address with the count or principal amounts but without the transaction details.
In another embodiment the participant may require a plurality of fixed verified cryptocurrency addresses, and the service provider may send a plurality of digitally signed transactions to more than one fixed or stealth address, associating many cryptocurrency addresses with a single verified identity for a participant.
In the event that the participant forgets or loses control over their verified cryptocurrency address or plurality of verified addresses, or upon granting power of attorney or upon participant death, the service provider may send a digitally signed revocation transaction or a plurality of transactions as required, severing the participant's identity from the cryptocurrency address or plurality of addresses. The participant, heirs, estate attorney, or other interested prty may need to repeat a documentary or non-documentary identity verification procedure or provide a certificate of death in order to initiate the revocation process.
In one embodiment of the invention, the identity verification procedure may expire after a period of time as determined by law. In this embodiment, the timestamp associated with the original transaction or plurality of transactions containing the identity signature may be used to calculate the expiry period of the identity verification. In another embodiment of the invention, multiple private key digital signatures are required by a service provider or sovereign authority in order to authorize an exchange transaction or plurality of transactions, in addition to the initiating participant and or recipient. In yet another embodiment, multiple private key digital signatures are required by a service provider or sovereign authority in order to serve a subpoena or similar lawful order for transaction, plurality of transactions, and or corresponding personal information details.
Illustrative embodiments of the present invention are described in detail below with reference to the following drawing figures.
The subject matter of embodiments of the present invention is described here with specificity to meet statutory requirements, but this description is not necessarily intended to limit the scope of the claims. The claimed subject matter may be embodied in other ways, may include different elements or steps, and may be used in conjunction with other existing or future technologies. This description should not be interpreted as implying any particular order or arrangement among or between various steps or elements except when the order of individual steps or arrangement of elements is explicitly described.
As used herein, the term “cryptocurrency address” is a logical address in a cryptocurrency protocol, typically an encoded output of a cryptographic hash function using the public key as the input, or as a digital currency public key in raw or encoded format. The term “cryptocurrency address” may be used interchangeably with the public key or cryptocurrency address derived from the public key, or any raw or encoded versions of either the public key or cryptocurrency address.
The term “cryptocurrency network” refers to any decentralized system using a proof of work, proof of stake, or similar decision making methodology in order to determine consensus between participants in a decentralized network, with or without integrated economic incentives to provide computing power in order to run the decision making and consensus system.
The term “ledger” refers to a decentralized ledger of information that is shared between participants in a cryptocurrency or other decentralized network. The term “ledger” may be used interchangeably with “cryptocurrency ledger”, “public ledger”, “decentralized cryptocurrency ledger” or “decentralized ledger”.
The term “participant” refers to any individual, business, or other entity that participates in a cryptocurrency network. The term “participant” may be used interchangeably with “network participant”.
The term “service provider” refers to any entity authorized by regulatory authorities to perform participant identification verification activities, or refers to an entity contracted by the authorized entity to perform such activities on its behalf, as allowed by applicable regulation.
The term “third party” refers to any brokerage, exchange, or other entity with which a participant intends to engage in regulated activities, such as the exchange of cryptocurrency for traditional currency, or vice versa.
The term “transaction” refers to a cryptocurrency transaction sent to or from a cryptocurrency address inside a cryptocurrency protocol. The term “transaction” may be used interchangeably with inputs and or outputs that form a transaction, a plurality of such inputs and or outputs, and scripts within the transaction, and or a plurality of such scripts.
The term “digest” refers to the output of a cryptographic hash function, and may be used interchangeably with the term “hash” or “output”.
The term “identity signature” refers to a concatenation of information used to identify a verified network participant, including a geographic indicator, a compliance level code, an ID type indicator or identification type indicator, and an identity hash. In another embodiment, the term “identity signature” may refer to just an identity hash alone, or the identity hash and a subset of the plurality of elements used to form the concatenation defined above.
The term “identity hash” refers to the digest of a cryptographic hash function or plurality of hash functions used alone or in combination with a participant personal information element or a plurality of elements as the input to the function or plurality of functions.
In order to clarify the invention, below is a specific example implementation of the invention using a United States specific example under the bitcoin cryptocurrency protocol as of version 0.9.1. This detailed description will not specify the anatomy of bitcoin transaction inputs, outputs and scripts in great detail as this information is publicly available and not a claim of this invention. Instead the focus will be on the claims of the invention, the validation of an identity verification transaction through a digital signature from a service provider and an identity signature derived from the Country, subdivision, compliance level code, ID type indicator, and identity hash respectively.
In one embodiment of the invention, the ID verification transaction may contain an OP_CHECKSIG input that requires the transmitting participant, in this case the ID verification service provider, to include their public key and a digital signature from the private key matching this public key in order to certify the authenticity of the transaction. In another embodiment, the ID verification transaction may be sent from the participant to the ID verification service provider. Here the ID verification service provider may sign an output of the transaction containing an OP_RETURN output as they spend it as an input to another address, and in doing so certifying the authenticity of the identity signature inside, while simultaneously automating settlement as another output of the transaction in predefined amounts sufficient to compensate the provider for services rendered in one automated process.
In this implementation the identity signature is contained in an output called OP_RETURN that allows for up to 40 bytes of data. The first four bytes in positions one through four of the OP_RETURN output indicate the geography of the participant Country and State or Province as defined by 4 byte ISO 3166-2 alpha-2 country code with subdivision. The next two bytes in positions five and six indicate the compliance level of the verification event. These two bytes will vary by Country Subdivision combination but for the United States may initially contain four levels, with many levels reserved for later definition as required. Code 01 may corresponds to an anonymous verification event where the identity hash is ignored and no data is input to hash functions. Code 02 may correspond to minimal verification and is not to be considered unique or revocable, but indicates that an OFAC check or other non-unique matching was performed at the time of verification, should data be required by a lawful order to the service provider. Code 03 may correspond to identification meeting requirements for a money transfer from a US state without special requirements of between $1000 and $2999.99 or verification sufficient to open most current accounts. Code 03 may indicate a unique identity hash that is revocable, that OFAC checks were performed, and that a documentary or non-documentary identity verification procedure was completed successfully. Because Code 03 may be unique and revocable, the required ID type indicator for Code 03 may need to conform to an SSN/ITIN/EIN/TAXID number issued at a national level, so as to guarantee uniqueness and consistency of the identity hash. Code 04 may indicate a high level of verification as required for money transfers of $3,000 or above where two forms of identification were collected and validated, using national level ID for the unique identity hash, as with Code 03. The next two bytes in positions seven and eight indicate an ID type indicator, denoting the type or types of identification used in the verification procedure as required by compliance level codes three and four in this description. ID type indicator 01 may correspond to national ID such as SSN/ITIN/EIN/TAXID for the Country of US. ID type indicator 01 may be required as the sole form of ID that allows for uniqueness of a participant. The remaining tens of thousands of ID type indicators can be reserved for a plurality of other or subdivision specific ID types that are not unique or ubiquitous within a specific Country.
The anatomy for an example raw bitcoin transaction containing an OP_RETURN identity hash output is defined here and illustrates one embodiment of the identity signature that contains the ISO code geography, compliance level code, ID type indicator, and Identity Hash components. The transaction itself and OP_RETURN output is not a claim of the invention and should not constrain the scope of the invention, where the identity signature contained in the output of the example is an implementation of the invention and will vary across cryptocurrency networks and in new versions of the bitcoin protocol specifically outlined in this example:
########$$****************************************************************&&& &&&&&̂̂@@@@@@@@XX++++++++++++++++YYOOHH111122334444444444444444444444444444444444444444TTTTTTTT
Identity signature bolded and italicized for emphasis 1, 2, 3 and 4 (up to 40 bytes matching length indicated by H) in OP_RETURN conforming to:
111122334444444444444444444444444444444444444444
Where 1 is the 4 byte ISO 3166-2 alpha-2 country code with subdivision, 2 is the two byte compliance level code, 3 is the two byte ID type indicator, and 4 is the identity hash as the final output of the SHA256 and RIPEMD160 cryptographic hash functions in 204 “A” through “D”, base64 encoded as “E”. Any unused bytes in 4 are left null before the final 8 byte lock time T.
Below follows a detailed use case for a US participant living in the subdivision of Georgia for compliance level code 03 using ID type indicator 01 as calculated with the following steps.
This concludes calculate identity signature 204. In 205 the service provider reviews the public ledger for the cryptocurrency network 206 for a transaction or plurality of transactions containing an output containing the identity signature value matching the value “E” in 204. In other embodiments the identity signature may contain a subset of the components in this example, or consist of just the identity hash alone. The service provider compares “E” to transactions in the ledger in 207, and if no matching identity signatures are found, the process may proceed to 208 and