CH716505B1 - System and method for providing cryptographic asset transactions, hardware approval terminal, backend server and computer program product. - Google Patents

Abstract

The invention relates to a system (100) for carrying out cryptographic asset transactions. The system (100) is designed so that it can communicate with a hardware security module (40). The system (100) includes a client device (10) configured to run a front-end application (11), a back-end server (20) configured to run a back-end application ( 21), and a variety of hardware approval terminals (30). The backend server (20) is configured to receive approval logic for a source asset address from the hardware security module (40). The backend server (20) is configured to send the transaction request and the corresponding approval logic to the hardware approval terminals (30) associated with the approval logic. The hardware approval terminals (30) are configured to verify the approval logic using the public key of the hardware security module (40) and to the hardware security module (40) signed transaction approvals that include the asset address key name and the transaction request , provide. After verification, the backend server (20) receives the signed transaction from the hardware security module (40) and delivers the signed transaction to a blockchain node. The invention also relates to a hardware authorization terminal, a backend server, a method for carrying out cryptographic asset transactions and a computer program product for operating a backend application.

Description

Technical area

The present invention relates to a system for carrying out cryptographic asset transactions. Further aspects relate to a method for carrying out cryptographic asset transactions and a computer program for carrying out cryptographic asset transactions.

background

Cryptographic assets include, for example, cryptographic currencies such as Bitcoin, Ether (ETH), Bitcoin Cash (BCH) or IOTA as well as cryptographic funds and tokens that represent off-chain assets. Such cryptographic assets, often referred to as crypto assets, constitute a digital asset that represents a medium of exchange that uses cryptography to secure transactions and control the creation of additional units. Cryptographic assets can also be referred to as virtual assets.

[0003] Crypto assets use decentralized control methods via a blockchain, which is a public transaction database operating as a distributed ledger, or other globally consistent data structures (e.g. a Tangle).

[0004] Such cryptographic assets are gaining more and more interest, e.g. in view of their low costs for transferring assets.

[0005] However, the secure storage of such assets is a challenge, especially the storage of the private keys of cryptographic asset addresses, e.g. Bitcoin addresses.

A common solution is to store the private keys completely offline.

However, such a solution lacks flexibility and is not suitable for all business needs.

There is therefore a need for alternative systems and methods.

Presentation of the invention

Accordingly, a problem of one aspect of the invention is to provide a system with which cryptographic asset transactions can be carried out in a secure manner.

In particular, aspects of the invention address the problem of providing a system for conducting cryptographic asset transactions that include secure storage of cryptographic assets.

[0011] Additionally, aspects of the invention address the problem of providing a system for conducting cryptographic asset transactions that facilitates multi-user approval.

According to a first aspect of the invention, a system for carrying out cryptographic asset transactions is provided. The system includes a client device configured to run a front-end application, a back-end server configured to run a back-end application, and a plurality of hardware approval terminals. The system is designed to communicate, operate and/or interact with a hardware security module. Such a hardware security module, which can interact with a system according to the embodiments of the invention, is in particular configured to store a private key of the hardware security module and a plurality of asset address files that correspond to a cryptographic asset address. Each of the plurality of asset address files includes an asset address key name, an asset address private key, and approval logic. The approval logic can include a variety of public approval keys.

The system is configured to store a public key of the hardware security module and one or more private authorization keys of a cryptographic asset transaction through the plurality of authorization terminals. The system is further configured to issue, through the front-end application, a transaction request for signing a cryptographic asset transaction to the back-end server. The transaction request includes a source asset address, specifically the name of the asset address key, a destination asset address and an asset transaction value. The system is configured to request the source asset address approval logic from the hardware security module through the backend server. The backend server is configured to receive the source asset address approval logic from the hardware security module. The backend server is configured to send the transaction request and the corresponding approval logic to one or more approval terminals, in particular to the approval terminals that are associated with the approval rules. The approval terminals linked to the approval rules can in particular be terminals at which the approvers are logged in for the respective transaction and/or have an account. The approval terminals are configured to verify the approval logic using the public key of the hardware security module and send signed transaction approvals to the backend server. The signed transaction approvals consist of the asset address key name and the transaction request. The backend server is configured to forward the signed transaction approvals to the hardware security module for verification. The hardware security module then verifies the transaction approvals received according to the approval logic stored for the corresponding asset address and, after successful verification, signs the transaction with the corresponding private asset address key. The backend server receives the signed transaction from the hardware approval terminal. The backend server is configured to provide, in particular send, the signed transaction to a blockchain node.

[0014] Such a system allows cryptographic asset transactions to be carried out in a secure manner. In addition, such a solution includes secure storage of cryptographic assets in the hardware security module. In particular, storing the approval logic in the hardware security module enables the secure implementation of multi-party approval schemes. Under such multi-party approval schemes, two or more approvals are required for a transaction. Furthermore, the backend is not involved in the security of the solution. In particular, even in cases where the backend server and frontend application are compromised, the security of the cryptographic assets can still be guaranteed. This has the particular advantage that the owners of the cryptographic assets do not have to fully trust the backend server.

Depending on the embodiment, the plurality of asset address files can also contain locking and/or unlocking logic. The locking and/or unlocking logic may include a plurality of public locking and/or unlocking keys assigned to individuals authorized to lock a source asset address and the corresponding keys.

According to one embodiment, the system is further configured such that upon receipt of a transaction request by the approval terminals, it sends a timestamp request to the hardware security module and receives a signed transaction request including a timestamp from the hardware security module. The approval terminals are configured to verify the signed transaction request including the timestamp. The timestamp can trigger a signing window for each transaction request, during which a hardware security module is authorized to sign a transaction request.

The timestamp can be derived from an internal clock of the hardware security module.

[0018] For each cryptographic asset address, the approval logic may define a combinatorial logic of a plurality of approval signatures that are required to approve a transaction of the cryptographic asset address.

A variety of approval rules can be defined using such combinatorial logic. In particular, the combinatorial logic may include one or more combinations of signatures required to approve a transaction. The required signatures are defined by the public approval keys.

According to one embodiment, the private authorization keys are encrypted with a password and a smart card key.

[0021] This enables secure storage of the public approval keys in the hardware approval terminal. To gain access to the private approval key, the respective approver must enter their smart card into the hardware approval terminal and also enter their password, e.g. a PIN number. A hardware authorization terminal can store multiple private authorization keys, which can be accessed individually with a corresponding smart card and a password, such as a PIN number. A typical example would be 16 private approval keys per approval terminal.

According to one embodiment, the system is further configured to send an address generation request from the front-end application to the back-end server to generate an asset address. The address generation request includes an asset address key name, an asset type, an approval logic, and a variety of public approval keys of the approval logic. The backend server is configured to send a key generation request to the hardware security module to generate an asymmetric key pair that includes an asset address public key and an asset address private key. The key generation request includes the asset address key name, the approval logic, and the variety of public approval keys of the approval logic. The hardware security module can then generate the asymmetric key pair and store the asymmetric key pair's private asset address key and associated authorization logic, and the backend server can receive the asymmetric key pair's public asset address key in response. The backend server is configured to provide the frontend application with the asset address key name, the public asset address key, or a derivative of the public asset address key as a cryptographic asset address.

With such an embodiment, new cryptographic asset addresses can be initiated by the front-end application in a flexible manner, including secure storage of individual access logic for each cryptographic asset address.

According to one embodiment, the system is further configured to carry out a method for verifying the asset address. The asset address verification method includes sending an asset address verification request by the front-end application through the back-end server to the hardware security module and receiving the approval logic and the corresponding asset address public key associated with the private key of the hardware security module is signed by the hardware authorization terminal via the backend server. The method for verifying the asset address further includes performing an integrity check on the received signed approval logic by the hardware approval terminal. The integrity check includes verifying the signature of the hardware security module and calculating the corresponding asset address from the received public key of the asset address. The method for verifying the asset address further includes displaying, by the hardware approval terminal, the asset address calculated by the hardware approval terminal and the approval logic on a display of the hardware approval terminal for verification by an operator.

[0025] Such a method for verifying asset addresses ensures secure generation of asset addresses, including the corresponding access logic. In the event of a compromised backend, the operator would detect malicious behavior using the hardware approval terminals.

According to embodiments, the plurality of hardware authorization terminals are configured to generate and store one or more private policy authorization keys and store one or more policies associated with the private policy authorization keys. The one or more policies may specify signing criteria for automatically signing a transaction request with one or more private policy approval keys. The signing criteria may include one or more predefined asset transaction values of a transaction and/or one or more predefined target asset addresses.

Such policy approval keys can be used to provide additional flexibility in defining signing policies using the hardware approval terminals. In particular, such signing policies stored in the hardware approval terminals may be used to implement automatic signing procedures that may be automatically performed by the hardware approval terminals without further approval by a human approver.

According to one embodiment, the backend server is configured to collect a required number of transaction approvals required according to the corresponding approval logic from the hardware approval terminals. The backend server is further configured to forward the collected transaction approvals to the hardware security module once the required number of approvals are received.

[0029] This prevents transaction approval requests from being sent to the hardware security module even though the required number of approvals has not yet been reached. This avoids unnecessary traffic between the backend server and the hardware security module. Since the backend server knows the respective approval logic, it can determine the required number of approvals from the approval logic.

A hardware security module (HSM) intended to interact with a system according to embodiments of the invention can be broadly defined as a tamper-resistant physical computing device that protects and manages highly sensitive data. In particular, HSMs can generally be defined to perform cryptographic tasks such as key generation, public/private key cryptography, data encryption, and secure storage of cryptographic data. As the name implies, conventional HSMs provide their functionality via hardware, i.e. circuits. Depending on the embodiment, extensive complex circuitry is used to implement the functional and memory requirements of the HSM.

According to one embodiment, the system is further configured to provide a secure communication channel for secure communication between the backend server and the hardware security module, for secure communication between the backend server and the frontend, and for secure communication between the backend server and the hardware approval terminals.

According to another aspect of the invention, there is provided a hardware approval terminal for a system according to the first aspect.

According to another aspect of the invention, a backend server is provided for a system according to the first aspect.

According to a further aspect of the invention, a method for carrying out cryptographic asset transactions using a system of the first aspect is provided.

According to a further aspect of the invention, a computer program product is provided for operating the backend application of a system for carrying out cryptographic asset transactions according to the first aspect. The computer program product includes a computer-readable storage medium with program instructions contained therein, the program instructions being executable by the back-end application of a back-end server to cause the back-end server to execute a method that includes receiving a transaction request from a front-end application, to sign a cryptographic asset transaction, wherein the transaction request includes a source asset address, in particular the asset address key name, a destination asset address and an asset transaction value. The method further includes requesting source asset address approval logic from the hardware security module, receiving source asset address approval logic from the hardware security module, sending the transaction request and corresponding approval logic to the hardware approval terminals, and receiving signed transaction approvals from the hardware approval terminals, where the signed transaction approvals include the asset address key name and the transaction request. Additional steps include forwarding the signed transaction approvals to the hardware security module for verification, receiving a signed transaction from the hardware security module, and providing the signed transaction to a blockchain node.

According to an embodiment of another aspect of the invention, a computer program product for operating hardware authorization terminals of a system for carrying out cryptographic asset transactions according to the first aspect of the invention is provided. The computer program product includes a computer-readable storage medium with program instructions contained therein, the program instructions being executable by the hardware authorization terminals to cause the hardware authorization terminals to perform a method comprising the steps of: storing a public key of the hardware security module and a or multiple private approval keys of approvers of a cryptographic asset transaction, receiving a transaction request and the corresponding approval logic from the backend server, and verifying the approval logic using the hardware security module's public key. Additional steps include displaying the transaction request and approval logic on a display of the hardware approval terminal, receiving confirmation of the transaction request from approvers associated with the hardware approval terminal, and sending signed transaction approvals to the backend server, wherein the Signed transaction approvals include the asset address key name and transaction request.

Features and advantages of one aspect of the invention may optionally be transferred to the other aspects of the invention.

Further advantageous embodiments are listed both in the dependent claims and in the description below.

Brief description of the drawings

The invention will be better understood and objects other than those stated above will become apparent from the following detailed description of the invention. This description refers to the accompanying drawings, in which: FIG. 1 shows an exemplary block diagram of a system for carrying out cryptographic asset transactions according to an embodiment of the invention; FIG. 2 shows a flowchart of a method for creating/generating a cryptographic asset address using the system of FIG. 1; FIG. 3 shows a flowchart of a method for conducting cryptographic asset transactions using the system of FIG. 1; FIG. 4 shows an exemplary embodiment of an asset address file stored in a hardware security module; FIG. 5 shows an exemplary embodiment of another asset address file stored in a hardware security module; FIG. 6 shows an exemplary embodiment of another asset address file stored in a hardware security module; FIG. 7 shows a flowchart of a method for introducing or initializing policy approval keys; FIG. 8a shows a method for performing automatic signatures with the policy approval keys by a hardware approval terminal; and FIG. 8b shows some partial steps of the method of FIG. 8a in detail.

Way(s) of carrying out the invention

[0040] In the description below, the following abbreviations may be used: Private Permission Key (SKapp) Public Permission Key (PKapp) Hardware Security Module Private Key (SKHSM) Hardware Security Module Public Key (PKHSM) Cryptographic Asset Transaction CAA Asset Address Key Name (namekaa) Private Asset Address Key (SKaa) Public Asset Address Key (PKaa) Asset Address (AA) Approval Logic (AL) Combinatorial Logic (CL) Approval Rules (AR) Timestamp (TP) Signature (sign) Signature Window (SW) Asset Address File (AAF) Policy (P) Public Policy Approval Key (PKpak) Private Policy Approval Key (SKpak)

[0041] FIG. 1 shows an exemplary block diagram of a system 100 for conducting cryptographic asset transactions according to an embodiment of the invention. The system consists of a front-end device 10 that is configured to run a front-end application 11. The front-end device 10 may be any suitable device operated by the user of the front-end application. The front-end application 11 can in particular be a computer program that offers a user of the system access to the system, in particular for storing cryptographic assets and for carrying out cryptographic asset transactions. The users of the front-end application 11 can in particular be specific companies or businesses, for example banks or brokers. The system 100 further includes a backend server 20 configured to execute a backend application 21.

The system 100 further includes a plurality of hardware authorization terminals 30 with a cryptoprocessor 31 and a secure memory 32. The cryptoprocessor 31 may include a key generator for generating asymmetric key pairs. The approval terminals 30 also include a display 33.

The system 100 further includes a hardware security module 40 with a cryptoprocessor 41 and a secure memory 42. The cryptoprocessor 41 may contain a key generator for generating asymmetric key pairs.

The backend application 21 can in particular be designed as a computer program that serves as an interface between the frontend application 11, the hardware security module 40 and the multitude of hardware approval terminals 30. For example, the backend application 21 receives messages from the hardware approval terminals 40 and the hardware security module 30 and forwards messages to the hardware security module and hardware approval terminals 30, respectively. In addition, the backend application performs administrative and accounting tasks for the system 100.

The hardware security module 40 is a tamper-proof device that makes it possible to securely generate, store and manage cryptographic keys and to carry out cryptographic transactions, in particular cryptographic signatures, in accordance with a predefined security level.

For example, the hardware security module 40 may provide security in accordance with Federal Information Processing Standard (FIPS) Publication 140-2, which is a U.S. government computer security standard used to approve cryptographic modules. According to embodiments, the hardware security module 40 is certified according to FIPS 140-2 of at least level 1, preferably level 2, more preferably level 3 and even more preferably level 4 or with a security level of equivalent standards.

The plurality of approval terminals 30 are configured to store a public key PKHSM of the hardware security module 40 and to generate and store one or more private approval keys SKapp1, SKapp2, ..., SKappn of approvers of a cryptographic asset transaction. For example, the approvers of the cryptographic asset transactions may be employees of the entity that uses the system 100 to store and trade its cryptographic assets. The private approval keys SKapp1, SKapp2, ..., SKappn are each assigned to an individual approver and secured, in particular encrypted, using a password and a smart card key. Accordingly, an approver who wants to access her private key must enter a smart card with the smart card key, in particular a secret key of an asymmetric key pair, into the hardware approval terminal 30. In addition, the approver must enter a password, such as a PIN number. Only after such a double authentication can the respective approver access their private approval key and sign a transaction approval request displayed on the display 33.

According to embodiments, the plurality of approval terminals 30 are configured to generate and store one or more private policy approval keys SKpak1, SKpak2, ..., SKpakn for cryptographic asset transactions. According to these embodiments, the corresponding public policy approval keys PKpak1, PKpak2, ..., PKpakn are stored in the asset address files AAF of the hardware security module 40. The private policy approval keys and the public policy approval keys are commonly referred to as policy approval keys. In addition, the hardware authorization terminals 30 store one or more policies P associated with the private policy authorization keys. The one or more policies P can, for example, set signing criteria for automatically signing a transaction request with one or more private policy approval keys. The signing criteria can, for example, specify one or more predefined asset transaction values of a transaction and/or one or more predefined target asset addresses.

The policy approval keys can be used to provide additional flexibility in defining signing policies using the hardware approval terminals 30. According to embodiments, such signing policies P can be used in particular to define signing policies P that depend on the transaction value of the assets of a transaction. Additionally, such policy approval keys may be used to implement automatic signing procedures that may be performed automatically by the hardware approval terminals 30 without further approval from a human approver. For example, very small transaction values, for example equivalent to an amount of less than 100 CHF, can be automatically signed with a policy approval key.

As an example, a signing policy P may specify that the hardware approval terminals 30 should automatically sign with a private policy approval key SKpakx when the value of the asset transaction is less than a predefined amount. As another example, a signing policy P may specify that the hardware authorization terminals 30 should automatically sign with a private policy authorization key SKpakx for one or more predefined target asset addresses.

This will be explained below with reference to FIG. 6 explained in more detail.

[0052] The hardware security module 40 is configured to generate and store its own private key SKHSM. In addition, the hardware security module is configured to store a plurality of asset address files AAF corresponding to a cryptographic asset address AA. Each of the plurality of asset address files AAF includes an asset address key name "namekaa" and an approval logic AL that includes a plurality of public approval keys PKapp1, PKapp2... PKappn and one or more signing windows SW1, SW2, ... SW. The asset address files AAF further include a private asset address key SKaa and optionally the corresponding public asset address key PKaa.

[0053] With such a facility, the hardware security module 40 can verify messages signed with the private authorization keys SKapp using the corresponding public authorization key PKapp stored in the AL of the AAF in the hardware security module 40. And the hardware authorization terminals 30 can verify messages signed with the private key SKHSM of the hardware security module 40 using the corresponding public key PKHSM of the hardware security module 40 stored in the hardware authorization terminals 30.

FIG. 2 shows a flowchart 200 of a method for creating a cryptographic asset address using the system 100 of FIG. 1.

[0055] In a step 201, the front-end application 11 sends an address generation request to generate a cryptographic asset address to the back-end application 21. The address generation request consists of an asset address key name namekaa, which later serves as a reference name for the front-end application 11 . In addition, the address creation request includes an asset type, e.g. the specific cryptocurrency for which the asset address is to be created. The currency can be, for example, Bitcoin, ETH, BCH or IOTA. In addition, the address generation request includes approval logic AL. The approval logic AL consists of a large number of public approval keys PKapp and one or more signing windows SW.

[0056] In a step 202, the backend server 20 sends a key generation request to the hardware security module 40 to generate an asymmetric key pair that includes a public asset address key PKaa and a private asset address key SKaa. The key generation request includes the asset address key name namekaa and the approval logic AL including the multiple public approval keys PKapp and the signing window SW.

[0057] In a step 203, the hardware security module 40 generates an asymmetric key pair and stores at least the private asset address key SKaades of the asymmetric key pair and the associated approval logic AL including the several public approval keys PKapp and the signing window SW in the secure memory 42 of the hardware security module.

[0058] In a step 204, the hardware security module 40 outputs the public asset address key PKaades asymmetric key pair to the backend server 20.

[0059] In a step 205, the backend application 21 stores the public asset address key PKaa in its internal database and calculates a cryptographic address AA from the public asset address key PKaa. This calculation is carried out in accordance with the respective rule of the respective cryptocurrency of the cryptographic asset. In general, the cryptographic asset address AA is a derivative of the public asset address key PKaa. As an example, the cryptographic asset address AA can be a hash function of the public asset address key PKaase.

In a step 206, the backend application 21 delivers, i.e. sends, the asset address key name and the asset address AA or the public key PKaa to the frontend application 11.

[0061] The front-end application 11 or in particular an operator of the front-end application 11 then triggers a subsequent asset address verification process 210, in which the operator verifies the received asset address AA and the associated approval logic AL. In particular, the front-end application 11 sends a request to verify the asset address to the back-end server 20 in a step 211. The back-end server 20 then sends a request to receive the approval logic AL for the respective asset address key name namekaaan in step 212 the hardware security module 20. In return, the hardware security module 20 sends the approval logic AL and the corresponding public asset address key PKaa, signed with the private key SKHSM, to the backend server 20 in a step 213. The backend server 20 directs then in a step 214 the signed approval logic AL and the associated public asset address key PKaaan the hardware approval terminals 30. The hardware approval terminals 30 then perform an integrity check on the received signed approval logic in a step 215 by verifying the signature with the public key of the hardware security module PKHSM. In addition, the hardware authorization terminals 30 calculate the corresponding asset address AA from the received public key PKaadi. The hardware approval terminals 30 then display the approval logic AL and the asset address AA in step 216. The operator then verifies the approval logic AL in step 217 and checks whether the asset address calculated by the hardware approval terminals 30 matches the asset address provided by the backend server 20 in step 206. This ensures that the asset address is correct. In particular, it enables detection of the case when a compromised backend server has sent an incorrect asset address in step 206.

[0062] FIG. 3 shows a flowchart 300 of a method for conducting cryptographic asset transactions using the system 100 of FIG. 1.

[0063] In a step 301, the front-end application 11 issues a transaction request to sign a cryptographic asset transaction to the back-end application 21/back-end server 20. The transaction request includes, as a source asset address, an asset address key name namekaa, which is defined, for example, by the above with reference to FIG. 2 steps described was issued and verified. In addition, the transaction request includes an asset transaction value and a destination asset address, which specifies a cryptographic asset address to which the asset transaction value, e.g. a number of Bitcoins, should be transferred.

[0064] In a step 302, the backend application 21 requests from the hardware security module 40 the approval logic AL of the asset address key name namekaaan, corresponding to the source asset address. In a step 303, the hardware security module 40 reads the approval logic AL associated with the received asset address key name namekaa from its secure memory 42 and sends the approval logic AL to the backend application 21.

[0065] In a step 304, the backend application 21 sends a transaction fee estimate request to a blockchain node 60.

[0066] In a step 305, the blockchain node 60 returns an estimated transaction fee. Such transaction fees for crypto assets mainly depend on the supply of network capacity compared to the asset holder's demand for a faster transaction.

[0067] In a step 306, the backend application 21 sends the transaction request and the corresponding approval logic AL to the hardware approval terminals 30 assigned to the approval logic.

[0068] In a step 307, the approval terminals 30 carry out an integrity check and verify the received approval logic AL using the public key PKHSM of the hardware security module 40.

[0069] In a step 308, the approval terminals 30 send a timestamp request for the received transaction request to the backend application 21. The backend application 21 forwards the timestamp request to the hardware security module 20 in a step 309.

[0070] Then, in a step 310, the hardware security module 40 adds a timestamp to the transaction request. This timestamp is derived from an internal clock of the hardware security module 40, and therefore the timestamp is referenced with respect to the internal clock of the hardware security module 40. The hardware security module 40 then signs the transaction request including the timestamp with its private key SKHSM and transmits the signed transaction request including the timestamp to the backend application 21.

[0071] The backend application 21 forwards the signed transaction request including the timestamp or the signed timestamp including the transaction request to the hardware approval terminals 30 in a step 311.

[0072] In a step 312, the hardware approval terminals 30 carry out an integrity check and verify the received transaction request, including the timestamp, using the public key PKHSM of the hardware security module 40.

The timestamp triggers the signing window SW for each transaction request, during which the hardware security module 40 can sign a transaction request.

[0074] In a step 313, the hardware approval terminals 30 display the transaction request on the displays 33. The approvers can then review and verify the displayed transaction request. This may include verifying the AL of all sources and destinations. The approvers can then approve the transaction, for example by pressing an approval button of the hardware approval terminal 30 in a step 314.

[0075] Then, the hardware approval terminal 30 signs the transaction request in a step 315 and sends a signed transaction approval to the backend server 20 in a step 316. The signed transaction approvals include the asset address key name, the transaction request and the timestamp.

[0076] According to embodiments, since two or more approvals are required according to the respective approval logic AL, the backend server 20 collects the required number of transaction approvals before forwarding them. When the required number of approvals have been received, the backend server 20 forwards the signed transaction approvals to the hardware security module 40 in a step 317.

[0077] In a step 318, the hardware security module 40 verifies the received transaction approvals according to the approval logic AL, which is stored for the corresponding asset address and which corresponds to the asset address key name namekaa. In particular, using the stored approval logic AL and the stored public approval key PKapp, it checks whether the approvals received match one of the approval options of the respective cryptographic asset address. In addition, it uses the signed timestamp to check whether the time at which the transaction approvals were received by the hardware security module 40 is within the signing window SW. As mentioned earlier, the signing window has an upper time limit and a lower time limit.

[0078] If the verification of the transaction approvals received was successful, the hardware security module 40 signs the transaction with the private key of the asset address in a step 319 and makes the signed transaction available to the backend application 21 in a step 320.

[0079] In a next step 321, the backend application 21 sends the signed transaction to a blockchain node 60.

[0080] Then, in a step 322, the transaction is verified by miners of a corresponding blockchain network and, after successful verification, is confirmed by a sufficient number of miners.

[0081] Finally, in a step 323, the backend application 21 sends a transaction confirmation to the frontend application 11, and the operator can check the received transaction confirmation in step 324.

FIG. 4 shows an exemplary embodiment of an asset address file 400, also referred to as AAF1. The asset address file 400 includes an asset address key name namekaa, an asset private address key SKaa, a corresponding public asset address key PKaa, and approval logic AL. The public asset address key PKaader AssetAddress can be derived from the private asset address key SKaader AssetAddress and can optionally be stored in the asset address file 400.

The asset address file 400 corresponds to a cryptographic asset address AA, which can be derived from the public asset address key PKaa. In particular, the cryptographic asset address AA can be a function, in particular a hash function, of the public asset address key PKaase. The function or method for calculating the asset address AA from the public asset address key PKaa depends on the respective specification of the cryptographic assets, e.g. the respective crypto currency.

[0084] The approval logic AL includes a large number of public approval keys PKapp. The public approval keys PKapp are embedded in the approval logic AL. The approval logic AL defines for the cryptographic asset AA of the public asset address key PKaa a combinatorial logic from a large number of approval signatures that are required for the approval of a transaction of the cryptographic asset address AA. The signatures must be carried out with the private approval keys that correspond to the respective public approval keys PKapp. The authorization logic is designed so that it can technically be implemented in the hardware security module without posing a security risk, even if it is implemented in the inner core of the hardware security module. According to the embodiment shown, the approval logic is combinatorial logic consisting of one or more AND operators and one or more OR operators. Such simple operators enable secure implementation of approval logic. According to the one shown in FIG. 4, the approval logic AL includes three approval options 401, 402 and 403, which are combined by an OR operator.

[0085] The approval options include a plurality of public approval keys PKapp, which are combined by the AND and OR operators. As an example, the 401 approval option reads as follows: (PKapp1OR PKapp2) AND PKapp3

[0086] This means that a transaction approval request for the public asset address key PKaa can be approved either by the private approval keys corresponding to the public approval keys PKapp1 or PKapp2 and additionally by the private approval key corresponding to the public approval key PKapp3. In contrast, approval option 3 allows approval of a single approver, namely through the private keys corresponding to the public approval keys PKapp7 or PKapp8.

[0087] The three approval options 401, 402 and 403 each include a separate signing window SW1, SW2 and SW3, thereby defining a temporal logic. The signing windows SW1, SW2 and SW3 can be different and each have a predefined lower time limit and a predefined upper time limit. For example, the signing window SW1 may have a lower time limit of 10 minutes and an upper time limit of 20 minutes. The signing window SW2 can have the same lower time limit of 10 minutes and an upper time limit of 30 minutes. And the signing window SW3 can have a lower time limit of 1 month and an upper time limit of 2 months. The latter can, for example, enable the cryptographic asset to be restored in the event of a disaster.

FIG. 5 shows an exemplary embodiment of an asset address file 500, also referred to as AAF2. The asset address file 500 includes an asset address key name namekaa, an asset private address key SKaa, a corresponding public asset address key PKaa, and approval logic AL. The public asset address key PKaa can be derived from the private asset address key SKaa and can optionally be stored in the asset address file 500.

The asset address file 500 corresponds to a cryptographic asset address AA, which can be derived from the public asset address key PKaa.

[0090] The approval logic AL includes a large number of public approval keys PKapp. The public approval keys PKapp are embedded in the approval logic AL.

[0091] According to the in FIG. 5, the approval logic AL includes two approval options 501 and 502, which are combined by an OR operator.

[0092] The approval options include a variety of public approval keys. According to this embodiment, the first option 501 includes group logics. In particular, the approval logic defines a first group that includes the public approval keys PKapp1, PKapp2, and PKapp3, and a second group that includes the public approval keys PKapp4, PKapp5, and PKapp6. The two groups are combined with an AND operator. The group logic specifies that an approver from the first group and an approver from the second group must approve according to the first approval option.

The second approval option corresponds to the third approval option of FIG. 4 and enables the approval of a single approver, namely through the private keys that correspond to the public approval keys PKapp7 or PKapp8.

The two approval options 501 each include a separate signing window SW1 and SW2.

[0095] FIG. 6 shows an exemplary embodiment of an asset address file 600, also referred to as AAF3. The asset address file 600 includes an asset address key name namekaa, a private asset address key SKaa, a corresponding public asset address key PKaa, and an approval logic AL. The public asset address key PKaa can be derived from the private asset address key SKaa and optionally stored in the asset address file 600.

[0096] The asset address file 600 corresponds to a cryptographic asset address AA, which can be derived from the public asset address key PKaa.

[0097] The approval logic AL consists of a plurality of public approval keys PKapp and one or more public policy approval keys PKpak1, PKpak2, ..., PKpakn. The policy approval keys can be used to provide additional flexibility when defining signing policies or signing criteria.

[0098] The public approval keys PKapp and the public policy approval keys PKpak are embedded in the approval logic AL. The signatures must be performed with the private approval keys corresponding to the respective public approval keys PKapp and the private policy approval keys corresponding to the public policy approval keys PKpak.

[0099] According to the in FIG. 6, the approval logic AL includes three approval options 601, 602 and 603, which are combined by an OR operator.

[0100] The approval options include a plurality of public approval keys PKapp, and each of the options includes a public policy approval key. As an example, approval option 601 is as follows: ((PKapp1OR PKapp2) AND PKapp3) AND PKpak1)

[0101] This means that a transaction approval request of the public asset address key PKaage according to option 601 can only be approved with the private policy approval key SKpak1, which corresponds to the public policy approval key PKpak1. The signing with the private policy approval key SKpak1 can be performed automatically by the hardware approval terminal 30 depending on predefined characteristics of the transaction request, in particular the transaction value and the destination address of the asset. In contrast to the signatures with the private approval keys, no additional verification of the approver using a human approver's smart card and PIN is required.

[0102] For example, the hardware approval terminal 30 may automatically sign with the private policy approval key SKpak1 when the transaction value is less than a predefined transaction value.

[0103] Furthermore, according to approval option 601, a signature of one of the private approval keys corresponding to the public approval keys PKapp1 or PKapp2 and a signature of the private approval key corresponding to the public approval key PKapp3 are required.

[0104] The three approval options 601, 602 and 603 each include a separate signing window SW1, SW2 and SW3, respectively, and thus define a time logic.

[0105] The policy P stored in the hardware approval terminal 30 may specify individual signing criteria or signing rules for each of the public policy approval keys, in this example for PKpak1, PKpak2 and PKpak3.

[0106] As an example, the policy P may specify that the hardware approval terminal 30 automatically signs with the private policy approval key SKpak1 if the asset transaction value of the received transaction request is less than a predefined amount.

[0107] Additionally, it may specify that the hardware approval terminal 30 automatically signs with the private policy approval key SKpak2 when the received transaction request includes a predefined target asset address.

[0108] In addition, it may specify that the hardware approval terminal 30 automatically signs with the private policy approval key SKpak3 if the received transaction request includes another predefined target asset address or if the asset transaction value of the received transaction request is within a predefined range.

[0109] FIG. 7 shows a flowchart of a method for introducing or implementing policy approval keys in systems according to embodiments of the invention.

[0110] In a step 710, the operator enters one or more policies P into the approval terminal(s) 30.

[0111] In a step 720, the respective approval terminal 30 creates one or more policy approval key pairs (SKpakx, PKpakx) and stores the private policy approval keys SKpakx and the policy P in the respective hardware approval terminal 30.

[0112] The one or more policies P are linked to the private/public policy approval keys and can in particular define signing criteria or, in other words, signing rules for an automatic signing of a transaction request with the one or more private policy approval keys.

[0113] In a step 730, the operator exports the public policy approval keys PKpakx of the policy approval key pairs via the front end 10 into the corresponding approval logic AL.

[0114] FIG. 8a shows a method for performing automatic signatures with the policy approval keys by a hardware approval terminal 30.

[0115] In a step 810, the backend server 20 sends a transaction request with an approval logic AL to the hardware approval terminal 30.

[0116] In a step 820, the hardware authorization terminal 30 performs an automatic signature/signing process, which is described with reference to FIG. 8b is described in more detail and includes steps 821-824.

[0117] The automatic signature process begins in a step 821.

[0118] In a step 822, the hardware terminal 30 checks whether a public policy approval key is present in the respective access logic AL of the received transaction request.

[0119] If so, the hardware approval terminal 30 checks in a step 823 whether one or more signing criteria for an automatic signing according to the stored policy P are met.

[0120] If this is the case, in a step 824, the hardware approval terminal 30 signs the transaction request with the respective private policy approval key SKpakx specified by the policy P.

[0121] In a step 830, the hardware approval terminal 30 then sends the transaction request signed with the respective private policy approval key SKpakx to the backend server 20.

[0122] Such a method enables automatic signing by the hardware approval terminal 30 without user interaction based on the policy P stored in the hardware approval terminal 30. In addition, the approval options can be flexibly configured using the policy approval keys and the corresponding policy, and in particular with approval keys be combined.

Aspects of the present invention can be in the form of a system, in particular a system for carrying out cryptographic asset transactions, a method and/or a computer program product. The computer program product may include a computer-readable storage medium (or media) having thereon computer-readable program instructions that cause a processor to carry out aspects of the present invention.

[0124] The computer-readable storage medium may be a tangible device capable of retaining and storing instructions for use by an instruction execution device. The computer-readable storage medium may be, for example, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or a suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer-readable storage medium includes the following: a portable computer diskette, a hard drive, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory ( EPROM or flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile floppy disk (DVD), a memory stick, a floppy disk, a mechanically encoded one Devices such as punch cards or raised structures in a groove with commands recorded thereon, and any suitable combination of the foregoing. A computer-readable storage medium as used herein is not to be construed as a transient signal per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating over a waveguide or other transmission media (e.g. pulses of light traveling through a fiber optic cable running), or electrical signals that are transmitted over a wire.

[0125] The computer-readable program instructions described herein may be downloaded to the appropriate computing/processing devices from a computer-readable storage medium or over a network, e.g., the Internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium within the respective computing/processing device.

[0126] Computer-readable program instructions for performing operations of the present invention may be assembly language instructions, instruction set architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code , written in any combination of one or more programming languages, including an object-oriented programming language such as Smalltalk, C++, or similar, and traditional procedural programming languages, such as the “C” programming language or similar programming languages. The computer-readable program instructions may be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on the remote computer or server. In the latter case, the remote computer may be connected to the user's computer via any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (e.g. via the Internet with the help of an Internet service provider). In some embodiments, electronic circuits, such as programmable logic circuits, field programmable gate arrays (FPGA), or programmable logic arrays (PLA), may execute the computer-readable program instructions by using the status information of the computer-readable program instructions to personalize the electronic circuit to achieve aspects of the present To carry out the invention.

Aspects of the present invention are described herein with reference to flowchart illustrations, and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It is believed that each block of the flowchart representations and/or block diagrams and combinations of blocks in the flowchart representations and/or block diagrams can be implemented by computer-readable program instructions.

[0128] These computer-readable program instructions may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device for generating a machine, such that the instructions executed via the processor of the computer or other programmable data processing device have means for implementation of the functions/actions specified in the flowchart and/or in a block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can instruct a computer, a programmable data processing device, and/or other devices to function in a particular manner, so that the computer-readable storage medium with the instructions stored therein comprises an article containing instructions contains aspects of the function/action specified in the flowchart and/or in a block diagram block or blocks.

[0129] The computer-readable program instructions may also be loaded onto a computer, other programmable data processing device, or other device to perform a series of operational steps on the computer, other programmable device, or other device to produce a computer-implemented process, so on that the instructions executed on the computer, other programmable device or other device implement the functions/actions specified in the flowchart and/or in a block diagram block or blocks.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions that includes one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions specified in the block may occur in a different order than specified in the figures. For example, two blocks presented sequentially may actually be executed substantially simultaneously, or the blocks may sometimes be executed in reverse order, depending on the functionality involved. It is also noted that each block of the block diagrams and/or the flowchart representation, as well as combinations of blocks in the block diagrams and/or the flowchart representation, may be implemented by special-purpose hardware-based systems that perform the specified functions or actions or combinations of special-purpose -Hardware and computer commands.

While presently preferred embodiments of the invention are shown and described, it is to be clearly understood that the invention is not limited thereto but may be otherwise embodied and practiced in various ways within the scope of the following claims.

Claims (16)

1. System (100) for providing cryptographic asset transactions, the system (100) being designed to communicate with a hardware security module (40), the hardware security module (40) being configured such that it stores a private key of the hardware security module (40) and a plurality of asset address files corresponding to a cryptographic asset address, each of the plurality of asset address files comprising an asset address key name, an asset address private key and authorization logic , wherein the approval logic includes a plurality of public approval keys; the system (100) comprising a client device (10) configured to execute a front-end application (11); a backend server (20) configured to execute a backend application (21); and a plurality of hardware authorization terminals (30); wherein the system (100) is configured to store a public key of the hardware security module (40) and one or more private approval keys of approvers of a cryptographic asset transaction through the plurality of hardware approval terminals (30); Transaction requests to sign a cryptographic asset transaction to the backend server (20), issued by the frontend application (11), the transaction request comprising the following a source asset address, in particular an asset address key name; a target asset address; and an asset transaction value; request, through the backend server (20), the source asset address approval logic from the hardware security module (40); receive, through the backend server (20), the authorization logic of the source asset address from the hardware security module (40); send by the backend server (20) the transaction request and the corresponding approval logic to the hardware approval terminals (30); display the transaction request and approval logic on a display (33) of the hardware approval terminal; receiving an acknowledgment of the transaction request from approvers associated with the hardware approval terminal (30); through the hardware approval terminals (30) to verify the approval logic using the public key of the hardware security module (40); sending transaction approvals signed by the hardware approval terminals (30) to the backend server (20), the signed transaction approvals comprising the asset address key name and the transaction request; forwarding, through the backend server (20), the signed transaction authorizations to the hardware security module (40) for verification; receive by the backend server (20) the signed cryptographic asset transaction after verification from the hardware security module (40); and to provide the signed cryptographic asset transaction to a blockchain node through the backend server (20). 2. The system of claim 1, wherein the system (100) is further configured to upon receipt of a transaction request by the hardware approval terminals (30), sending a timestamp request to the hardware security module (40); receive, through the hardware approval terminals (30), a signed transaction request with a timestamp; verify the signed transaction request including the timestamp through the hardware approval terminals (30); wherein the timestamp for each transaction request triggers a signing window for the hardware security module (40). 3. System according to one of the preceding claims, in which the private authorization keys are encrypted using a password and a smart card key. 4. System according to one of the preceding claims, wherein the system (100) is further configured to send by the front-end application (11) an address generation request to the backend server for generating an asset address, the address generation request comprising an asset address key name, an asset type, an approval logic and a plurality of public approval keys of the approval logic; send through the backend server (20) a key generation request to the hardware security module (40) to generate an asymmetric key pair comprising a public asset address key and a private asset address key, the key generation request containing the asset address key name, the approval logic and the plurality of public approval keys of the approval logic; receive, by the backend server (20), the public asset address key of the asymmetric key pair from the hardware security module (40); the backend server (20) provides the asset address key name, the public asset address key or a derivative of the public asset address key as a cryptographic asset address for the frontend application (11). 5. The system of claim 4, wherein the system (100) is further configured to perform an asset address verification process, the asset address verification process comprising Sending a request to verify the asset address by the front-end application (11) via the back-end server (20) to the hardware security module (40); Receiving the approval logic and the corresponding public asset address keys signed with the private key of the hardware security module (40) by the hardware approval terminal (30) from the hardware security module (40) via the backend server (20), performing an integrity check of the received signed approval logic by the hardware approval terminal (30), the integrity check comprising verifying the signature of the hardware security module (40) and calculating the corresponding asset address from the received public asset address key; Displaying the asset address calculated by the hardware approval terminal (30) and the approval logic by the hardware approval terminal (30) on a display (33) of the hardware approval terminal for review by an operator. 6. System according to one of the preceding claims, in which the backend server (20) is configured to collect a required number of transaction approvals from the hardware approval terminals (30); and forward the collected transaction approvals to the hardware security module (40). 7. System according to one of the preceding claims, wherein the system (100) is further configured so that there is a secure communication channel, in particular an SSL/TLS channel, for secure communication between the backend server (20) and the frontend (10) and provides secure communication between the backend server (20) and the hardware approval terminals (30). 8. System according to one of the preceding claims, wherein the plurality of hardware approval terminals (30) are configured to generate and store one or more private policy approval keys; store one or more policies associated with the private policy approval keys; wherein the one or more policies establish signing criteria for automatically signing a transaction request with one or more private policy approval keys. 9. The system of claim 8, wherein the signing criteria include one or more predefined asset transaction values of a cryptographic asset transaction; and or one or more predefined target asset addresses; and/or one or more predefined asset transaction areas of a cryptographic asset transaction. 10. Hardware approval terminal (30) for a system (100) according to one of the preceding claims, wherein the hardware approval terminal (30) comprises a cryptoprocessor (31), a secure memory (32) and a display (33), wherein the Hardware approval terminal (30) is configured to store a public key of a hardware security module (40) and one or more private approval keys of approvers of a cryptographic asset transaction; receive from a backend server (20) a transaction request and corresponding approval logic; display the transaction request and approval logic on a display (33) of the hardware approval terminal; receiving an acknowledgment of the transaction request from approvers associated with the hardware approval terminal (30); verify the authorization logic using the public key of the hardware security module (40); and to send signed transaction approvals to the backend server (20), wherein the signed transaction approvals include the asset address key name and the transaction request. 11. The hardware approval terminal (30) of claim 10 configured thereto generate and store one or more private policy approval keys; and store one or more policies associated with the private policy approval keys; wherein the one or more policies establish signing criteria for automatically signing a transaction request with one or more private policy approval keys. 12. The hardware approval terminal (30) of claim 11, wherein said signing criteria includes one or more predefined asset transaction values of a cryptographic asset transaction; and or one or more predefined target asset addresses; and/or one or more predefined asset transaction areas of a cryptographic asset transaction. 13. Backend server (20) for a system (100) according to one of claims 1 to 9, wherein the backend server (20) is configured to execute a backend application (21), the backend application (21) is configured for this purpose receiving a transaction request from a front-end application (11) to sign a cryptographic asset transaction, the transaction request comprising the following a source asset address, in particular the asset address key name; a target asset address; and an asset transaction value; request authorization logic of the source asset address from the hardware security module (40); receive the source asset address authorization logic from the hardware security module (40); send the transaction request and the corresponding approval logic to the hardware approval terminals (30); receive transaction approvals signed by the hardware approval terminals (30), the signed transaction approvals comprising the asset address key name and the transaction request; forward the signed transaction authorizations to the hardware security module (40) for verification; receive a signed cryptographic asset transaction from the hardware security module (40); and make the signed cryptographic asset transaction available to a blockchain node. 14. A method for conducting cryptographic asset transactions using a system (100) comprising the following a client device (10) configured to execute a front-end application (11); a backend server (20) configured to execute a backend application (21); and a plurality of hardware approval terminals (30); wherein the system (100) is designed to communicate with a hardware security module (40), the hardware security module (40) being configured to have a private key of the hardware security module (40) and a plurality of asset address files corresponding to a cryptographic asset address, each of the plurality of asset address files comprising an asset address key name, an asset private address key and a permission logic, the permission logic comprising a plurality of public permission keys; wherein the method includes storing a public key of the hardware security module (40) and one or more private authorization keys of a cryptographic asset transaction by the plurality of hardware authorization terminals (30); Issuing a transaction request by the front-end application (11) to sign a cryptographic asset transaction to the back-end server (20), the transaction request comprising the following a source asset address, in particular the name of the asset address key; a target asset address; and an asset transaction value; requesting by the backend server (20) from the hardware security module (40) the authorization logic of the source asset address; receiving by the backend server (20) the authorization logic of the source asset address from the hardware security module (40); sending the transaction request and the corresponding approval logic by the backend server (20) to the hardware approval terminals (30); displaying the transaction request and approval logic on a display (33) of the hardware approval terminal; receiving a confirmation of the transaction request from approvers associated with the hardware approval terminal (30); verifying the approval logic by the hardware approval terminals (30) using the public key of the hardware security module (40); sending signed transaction approvals by the hardware approval terminals (30) to the backend server (20), the signed transaction approvals comprising the asset address key name and the transaction request; Forwarding the signed transaction approvals by the backend server (20) to the hardware security module (40) for verification; receiving by the backend server (20) the signed cryptographic asset transaction from the hardware security module (40); and Providing the signed cryptographic asset transaction to a blockchain node through the backend server (20). 15. Computer program product for operating the backend application (21) of a system (100) for carrying out cryptographic asset transactions according to any one of claims 1-9, wherein the computer program product comprises a computer-readable storage medium with program instructions formed therein, the program instructions being transmitted through the backend -Application (21) of a backend server (20) can be executed to cause the backend server (20) to carry out a method comprising the following Receiving a transaction request from a front-end application (11) to sign a cryptographic asset transaction, the transaction request comprising the following a source asset address, in particular the asset address key name; a target asset address; and an asset transaction value; requesting authorization logic of the source asset address from the hardware security module (40); receiving the source asset address authorization logic from the hardware security module (40); sending the transaction request and the corresponding approval logic to the hardware approval terminals (30); receiving signed transaction approvals from the hardware approval terminals (30), the signed transaction approvals including the asset address key name and the transaction request; forwarding the signed transaction authorizations to the hardware security module (40) for verification; receiving a signed cryptographic asset transaction from the hardware security module (40); and Deploying the signed cryptographic asset transaction to a blockchain node. 16. Computer program product for operating hardware authorization terminals (30) of a system (100) for conducting cryptographic asset transactions according to any one of claims 1-9, wherein the computer program product comprises a computer-readable storage medium with program instructions formed therein, the program instructions being read by the hardware -Approval terminals (30) are executable to cause the hardware approval terminals (30) to carry out a method comprising the following storing a public key of the hardware security module (40) and one or more private approval keys of approvers of a cryptographic asset transaction; receiving a transaction request and the corresponding approval logic from the backend server (20); verifying the authorization logic using the public key of the hardware security module (40); displaying the transaction request and approval logic on a display (33) of the hardware approval terminal (30); receiving a confirmation of the transaction request from approvers associated with the hardware approval terminal (30); and Sending signed transaction approvals to the backend server (20), the signed transaction approvals including the asset address key name and the transaction request.