The present invention relates generally to secure transactions, e-commerce, cryptocurrency, telecommunications, digital communications, computer security, computer technology, and mobile computing.
A cryptographically-based currency has been proposed that provides for payment transactions between parties based on cryptographic proof rather than trust. That particular system is described in the document entitled “Bitcoin: A Peer-to-Peer Electronic Cash System”, by Satoshi Nakamoto, which is available for internet download as of Apr. 27, 2014 at https://bitcoin.org/bitcoin.pdf. For the system as described therein, an “electronic coin” is defined to be a chain of digital signatures. Such electronic coins can be transferred by one owner to another (the transfer being a payment transaction) via the present owner digitally signing a hash of the previous transaction and the public key of the next owner, and adding the result to the end of the coin. At any given time, a coin is owned by the party or entity possessing the private key associated with the public key at the end of the coin at that time. A payee can verify the signatures to verify the chain of ownership.
The described system includes the use of a distributed peer-to-peer time stamp server to prevent double spending, the time stamp providing robust proof of the order of transactions, especially of the singularity of the present transaction by the immediately previous owner, Privacy can be maintained in such a system partly through the use of new key pairs for each transaction so that multiple transactions cannot be traced to a common owner.
Such systems are said to have significant advantages over earlier forms of payment and online payments such as the elimination of the need for, and likely expense of, a trusted third party to oversee the transaction. From henceforth in the present document we will refer to a cryptographic current or cryptographically-based currency based on such a system, or based on a similar system for payment transactions or other transactions, a “cryptocurrency”, with plural “cryptocurrencies”.
Cryptocurrency systems are advantageous because they facilitate electronic transactions without the need for currency or for a trusted third party, however they lack flexibility. Current cyptocurrency systems concern themselves only with the verification of the currency itself, not with the transaction the currency is to be used for. The present invention addresses this shortcoming by inserting a policy-based system at the endpoints of each transaction with the ability to embed policy concerning the transaction into the coin itself that is transmitted from endpoint to endpoint. The system can be used for simple, point to point transactions with one buyer and one seller, or it can be used for more complex transactions where multiple approvals might be needed. Furthermore, the policy system is extensible such that any parameter can be used as part of the approval process to include, time of transaction, place of transaction, context of the sale, or approved vendor.
The invention consists of a system and methods for augmenting and supplementing cryptocurrencies, to manage the use of such currencies, provide customizable governance of payment transactions, provide new features for improving cryptocurrency utility, and to enhance the security of cryptocurrencies.
The system is used to secure cryptocurrency ownership to assure that the keys to the currency are under the control of the rightful owner, A given user or owning entity's electronic coins can be accessed and used via digital “wallets” that contain linkages of specific coins to that owner's private key(s) that represent coin ownership. Here, a “wallet” may be any user space application or software or hardware entity that has such linkages to the owners private keys or otherwise manages the set of owned coins for the owner. It is the private key ownership that is desired by owners to be as secure as possible, since unauthorized access to the private key(s) associated with an electronic coin exposes the coin to potential theft and other unauthorized uses.
One approach to defending security-related systems and components from malicious attack is to have all or part of them reside within especially secure areas, partitions, or environments on device hardware that are inaccessible to unauthorized parties and/or for unauthorized purposes, and are separated from the main device operating system, file system, and, in some cases, from certain of its resources. A further degree of security can be provided if such secure partitions or areas are also invisible and undetectable to the greatest degrees possible, under unauthorized circumstances and by unauthorized parties.
The present invention therefore places the private keys (101) of electronic coin wallets in such secure areas (102) on computing devices, or on secure removable media. The wallets themselves (103), having a need for user viewing and input, can reside in less secure areas, but having carefully limited access to the private keys held in secure storage for use in authorized wallet viewing and authorized transactions. Such access itself may separately be secured by a requirement to have possession of a separate private key (104) that secures the containing hardware and private key file storage area for the owned coins associated with the wallet. This is represented in
U.S. patent application Ser. No. 13/945,677, included by reference as if fully set forth herein, discloses a system for policy-based. access control and management for mobile computing devices, The basic system presented in that application is depicted in
First, the cryptocurrency system and protocol can be extended to embed policy within it (see
As non-limiting examples, policies could specify that a given coin could only be used for the purchase of office supplies or other specific items, or that only specific vendors may be purchased from, or that only approved nontoxic materials may be purchased with the coin. Policies may also be enforced wallet-wide by reproduction of policy elements across all coins in the wallet at purchase time.
Second, a network with policy built or compiled into it could have event-driven protections native to the network itself. These inherent protections might make it possible to effectively manage a widely disparate, peer-to-peer network. For a cryptocurrency network, such embedded policy can provide additional security controls, for example, in the form of policies that limit or halt transactions, or notify appropriate administrative parties, if transaction frequencies from a specific party exceed some specified threshold at which suspicion of undesired activity is warranted.
Third, cryptocurrencies can include requirements for multiple signatures by more than one private key for a given payment to proceed. This is described here http://bitcoin.stackexchange.com/questions/3718/what-are-multi-signature-transactions. This allows for many useful payment control scenarios, such as that of an organization providing payment only if a majority of key-holders within it accede to the payment, or only if two or more authorized personnel sign the payment.
In the present invention, this concept is extended to include all aspects of policy, not only multiple signatories. A policy-based system provides extensive policies for novel, complex multi-signature requirements that lead to new possibilities. For one such case, a policy-protected “cloud-based wallet” is shown in
The invention applies most generally to commerce, particularly e-commerce, but can be further generalized to any application domain where transactions are to be governed by policy rules. The invention relies on the existence of a cryptocurrency system such as, but not exclusive to Bitcoin. The system describe herein would be utilized at the endpoints of transactions where policy can be implemented and enforced. It further operates not only on single, point to point transactions, but when multiple users are involved in the transaction or over an entire network to enforce consistency in policy execution.
This application is entitled to the benefit of and claims priority to U.S. Provisional Application 61/990,448, filed on May 8, 2014, which is included by reference as if fully set forth herein.
Number | Date | Country | |
---|---|---|---|
61990448 | May 2014 | US |