Background
According to the stipulations of the people's republic of China anti-money laundering law, financial institution anti-money laundering regulation, financial institution large-amount transaction and suspicious transaction report management method, financial institution suspicious transaction management method for reporting suspicious terrorist financing and financial institution client identification and client data and transaction storage management method, when a bank establishes a personal account, a client needs to be subjected to KYC (Know Your Customer, Know Your client). KYC total information is 30 pieces, for example: name, identification card, cell phone number, etc.; when opening a public account, 75 pieces of KYC full-size information are available, for example: business name, business license, corporate representative, etc.
When the existing financial institutions and credit companies expand client groups, KYC surveys are not strictly executed according to laws and regulations, and a large amount of multiple account opening and false account opening are caused. The supervision department wants to know the number of customers and the lever amplitude in the P2P industry, and evaluates the risk level and the foam size, and has no reason for missing KYC supervision.
By using unique identification (such as identification number and business license number) for users, multiple financial institutions can collect and compare the information of the same user and evaluate the credit level and financial risk of the user on the basis, and supervision institutions and government departments can perform lever investigation, money laundering, large-volume transaction and suspicious transaction investigation on any user and user group in a financial system at any time.
However, the financial institution cannot freely reveal and share the personal information, assets and transaction data of the user, otherwise, the legal regulations such as financial institution client identification and client data and transaction preservation and management approach, new consumer rights and interests protection law and the like are violated, and the willingness of the financial institution to protect the client resources and maintain valuable client information is also violated. On the premise of not violating laws and regulations, not causing customer loss and credit damage of the financial institution, the financial institution is assured to participate in joint calculation, and thus, services such as joint supervision, wind control, money laundering prevention, KYC and the like are developed; the communication of the data island and the removal of the data chimney becomes a difficult point and a pain point of the current financial science and technology. To do good job, first benefit the device; financial systems need new technologies and new tools which can enable supervision agencies, commercial banks and other financial service agencies to participate in KYC compliance supervision and risk control and asset liability monitoring on the basis of the KYC compliance supervision.
Disclosure of Invention
The invention aims to provide a KYC compliance supervision system based on multi-party safety calculation aiming at the defects in the prior art.
In order to achieve the purpose, the invention provides a KYC compliance supervision system based on multi-party safety calculation, which comprises a KYC safety server and a plurality of front-end processors respectively connected with a central server and the KYC safety server of each mechanism;
the front-end processor is used for receiving a calculation request instruction sent by a central server of a mechanism connected with the front-end processor, wherein the calculation request instruction comprises calculation logic negotiated in advance with a KYC security server, parameters involved in calculation and KYC basic information, and the front-end processor encrypts the calculation request instruction and sends the encrypted calculation request instruction to the KYC security server;
the KYC security server decrypts the calculation request instruction to obtain the calculation logic, the parameters related to calculation and KYC basic information, generates a data request instruction according to the parameters related to calculation and the KYC basic information, encrypts the data request instruction and sends the encrypted data request instruction to each front-end processor;
the front-end processor decrypts the received encrypted data request instruction and sends the data request instruction to central servers of mechanisms connected with the front-end processor, the central servers of all the mechanisms return corresponding target data to the front-end processor according to the data request instruction, the target data comprise KYC basic information and user privacy data corresponding to parameters related to calculation, and the front-end processor encrypts the target data and sends the encrypted target data to a KYC security server;
and the KYC security server performs ciphertext calculation based on the received encrypted target data and the calculation logic to obtain a ciphertext result, sends the ciphertext result to a front-end processor which sends a calculation request instruction, and sends the calculation result to a central server of a mechanism connected with the front-end processor after the front-end processor decrypts the calculation result.
Further, data interaction is carried out between the front-end processor and the KYC security server based on an HTTPS protocol, so that data can be transmitted safely and cannot be stolen.
Further, the institution includes banks, and the computing logic includes investigating whether to repeatedly open an account, investigating whether KYC information is consistent with other banks, investigating whether net property is greater than a threshold value, investigating whether there is a bad loan record, investigating whether there is a large withdrawal, and investigating a risk investment record.
Further, the organization includes an insurance company, and the computing logic includes an insurance history for the survey client, a policy record for the survey client, and a survey of past traffic violations and insurance benefits.
Further, when the KYC security server fails to receive all encrypted target data and the computation logic has to rely on all target data for execution, the KYC security server resends the data request instruction, and when the set number of times is reached and all target data cannot be obtained, the KYC security server outputs a computation failure result to a front-end processor which sends the computation request instruction, and the front-end processor further sends the computation failure result to a central server of a mechanism connected with the front-end processor.
Further, the front-end processor includes:
the data transceiver module is used for realizing data interaction between a central server of the mechanism and a KYC security server; and the data encryption and decryption module is used for encrypting or decrypting the data received by the data receiving and transmitting module by using a secret sharing protocol.
Further, the KYC security server is also used for encrypting and signing the received calculation request instruction, the target data and the calculation result and writing the encrypted and signed calculation request instruction, target data and calculation result into the block chain for storage.
The system further comprises a front-end processor connected with a central server of a supervision mechanism of the mechanism, so that the central server of the supervision mechanism can receive target data and ciphertext results, screen KYC information of violation-related objects according to the ciphertext results, and select violation-related data from the target data.
Has the advantages that: the invention is based on multi-party safe calculation, realizes the quantitative and directional use of data, the data can be used and can not be seen, and the agent can register the digital currency wallet for the user across lines to carry out KYC compliance supervision without worrying about the leakage of the privacy or business information of the user, and can also carry out joint wind control. The method not only can protect the privacy of users and the legal rights of the agency, avoid bad competition in the banking industry, but also can communicate the data island between the supervision institution and the commercial banking institution, remove the data chimney in the financial system, and assist people's banks to realize the penetrating supervision of KYC information, thereby greatly improving the working efficiency, and revolutionarily solving the difficult and painful points of mutual conflict of data interconnection and commercial secret protection in the current big data era.
Detailed Description
The present invention will be further illustrated with reference to the accompanying drawings and specific examples, which are carried out on the premise of the technical solution of the present invention, and it should be understood that these examples are only for illustrating the present invention and are not intended to limit the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a KYC compliance supervision system based on multi-party secure computing, including a plurality of front-end processors 2 and a KYC security server 3, where the plurality of front-end processors 2 are respectively arranged in an internal network of each organization one by one and are respectively connected to a central server 1 of each organization, and the front-end processors 2 are further connected to the KYC security server 3 through an external network.
During the service handling, a calculation request can be initiated, the central server 1 of each organization generates a calculation request instruction according to the service handling object and sends the calculation request instruction to the front-end processor 2 connected with the front-end processor, and the front-end processor 2 is used for receiving the calculation request instruction sent by the central server 1 of the organization connected with the front-end processor. Specifically, the calculation request instruction includes calculation logic, parameters involved in calculation, and KYC basic information (KYC information of the current service transactor). Wherein the computational logic is pre-negotiated with the KYC security server 3. The parameters involved in the calculation vary according to the calculation logic, and specifically include thresholds, time periods, and the like. The KYC basic information is mainly the most important identity information for confirming the current business transactor, and includes identification information such as name, mobile phone number and identification card number, or business license number and enterprise name. The selection of the KYC basic information takes on the principle of minimization, namely, only enough information for uniquely confirming the identity of the respondent is provided. After receiving the calculation request instruction, the front-end processor 2 encrypts the calculation request instruction and transmits the encrypted calculation request instruction to the KYC security server 3.
The front-end processor 2 has a low level of encryption protection for the calculation request command, and the KYC security server 3 has the right to decrypt the calculation request command in the ciphertext state. When the KYC security server 3 receives the encrypted calculation request instruction, the KYC security server decrypts the calculation request instruction to obtain the calculation logic, the parameters related to calculation and KYC basic information in a plaintext state, generates a data request instruction according to the parameters related to calculation and the KYC basic information, and encrypts the data request instruction and then transmits the data request instruction to each front-end processor 2.
Similarly, the KYC security server 3 has a low level of encryption protection for the data request command, and the front-end processors 2 of the respective organizations have authority to decrypt the data request command in the ciphertext state. When the front-end processor 2 receives the data request instruction in the ciphertext state, the front-end processor 2 decrypts the encrypted data request instruction so as to obtain the data request instruction in the plaintext state, and the front-end processor 2 sends the data request instruction in the plaintext state to the central server 1 of the mechanism connected with the front-end processor. When receiving the data request command, the central server 1 of each mechanism returns corresponding target data to the front-end processor according to the data request command, specifically, the target data includes KYC basic information and user privacy data corresponding to parameters involved in calculation, the KYC basic information is used for verifying current target data by the KYC security server 3, and the user privacy data is used for calculation by the KYC security server 3. After receiving the target data, the front-end processor 2 encrypts the target data and transmits the encrypted target data to the KYC security server 3.
Note that the front-end processor 2 has a high level of encryption protection for the target data, and the KYC security server 3 has no right to decrypt the target data. After receiving the encrypted target data, the KYC security server 3 performs ciphertext calculation based on the received encrypted target data and calculation logic to obtain a ciphertext result, and sends the ciphertext result to the front-end processor 2 which sends out a calculation request instruction, and after decrypting the calculation result, the front-end processor 2 sends the calculation result to the central server 1 of the mechanism connected with the front-end processor. Thereby allowing the central server 1 of the organization to perform subsequent business transaction with the calculation result.
The encryption of the target data by the front-end processor 2 of the embodiment of the invention can be realized by the encryption of a secret sharing protocol. The principle is that data which is originally plaintext is divided into calculation factors by using a random number, and the random number is used as a secret key to encrypt the data so that the data becomes an unreadable section of code which is a ciphertext, and the purpose of protecting the data from being stolen and read by an illegal person is achieved through the way. The key is one-time pad, and the key used for each calculation of each value is different. In the application of multi-party security computing, an encryption algorithm is different from the traditional symmetric encryption/asymmetric encryption; the encrypted ciphertext can be used for ciphertext calculation without setting a key. Only after the ciphertext calculation, the generated result ciphertext can be decrypted into the plaintext again. Ciphertext computation (Ciphertext computation) refers to performing mathematical operations on data while keeping the data in a Ciphertext state. Alternative ways are homomorphic encryption, secret sharing, obfuscation, differential privacy, etc.
It can be seen from the above embodiments that the data transmitted between the front-end processor 2 and the front-end processor 2 of the embodiment of the present invention and the central server 1 of the mechanism is plaintext data, the data transmitted between the front-end processor 2 and the KYC security server 3 is ciphertext data, and different levels of encryption modes are adopted according to different data, so that the security of data transmission is improved on the premise of realizing functions, and in order to ensure the encryption effect, the front-end processor 2 and the KYC security server 3 may use, for example, HTTPS protocol to perform data interaction, so as to ensure the secure transmission and non-theft of data.
The institution of embodiments of the invention includes a bank. For banks, the computational logic includes investigating whether to repeat an account, investigating whether KYC information is consistent with other banks, investigating whether net property is greater than a threshold, investigating whether there is a bad loan record and investigating whether there is a large withdrawal and investigating a risk investment record. For investigating whether account opening is repeated, parameters related to calculation are not set, and the calculation logic here is that when all data are not account opened, the result is that account is not opened, otherwise, account is opened. For investigating whether the KYC information is consistent with other banks, the parameters involved in calculation are an information list (such as birthday, gender and place of household registration) of the current service transactor, and the calculation logic here is that when all the banks return data which are consistent, the result is passed, otherwise, the result is not passed. For an investigation of whether net assets are greater than a threshold, the parameters involved in the calculation include asset load values and set thresholds, where the calculation logic is to add all the data and pass if it is greater than or equal to the threshold. For the survey of whether there is a bad loan record, the parameters involved in the calculation include the time period, such as within 10 years, etc., where the logic of the calculation is that when all data is null, the result is null. For investigating whether a large amount is paid, parameters related to calculation comprise a time period, a withdrawal threshold value and the like, for example, 100 ten thousand withdrawals within 10 years, and the calculation logic is that when all data are null, the result is null.
For example, let us take a KYC scene for current digital currency as an example. According to the regulations of the ministry, the agency of digital currency acts as an industrial and commercial bank, an agricultural bank, a Chinese bank, a construction bank, a transportation bank and a postal storage bank, and is six in total. Each customer can only open a unique account at one of the banks. Other commercial banks, acting as proxied lines, require verification of customer information in the process of opening an account for the customer, which necessarily involves investigating whether the customer has already opened a digital money account with a proxy line at a certain place. If the account is opened, the account can not be opened for the customer. Through multi-party security calculation, the identity card number of a customer can be sent to six agent banks, the six agent banks respectively investigate whether account information of the customer exists in a database, and Yes/No information is encrypted and then sent to a KYC security server 3; the KYC security server 3 collects the information to obtain the final Yes/No (if and only if all six agent lines are No, the result is No), returns the Yes/No to the agent line, and the agent line decrypts the No to obtain the plaintext to further determine whether to account for the client.
For another example, in an application scenario, to know whether a certain customer is at the capital level of non-repudiation, multiple agent banks can calculate the net assets of the customer at their own bank according to the data mastered by the agent banks. And then the bank encrypts the value and sends the value to a computing platform, and the computing platform obtains a sum of the net asset ciphertexts reported by all banks in a cipher text computing mode and then judges whether the sum is non-negative. After obtaining the result, all participants can be informed whether the user has the condition of non-repudiation. Similarly, the method can also calculate and investigate whether the user has the business related to anti-money laundering, such as suspicious transactions, frequent large-amount transfer and the like.
The institution of the embodiment of the invention can be other non-banking financial enterprises besides banks, such as insurance companies, and for the insurance companies, the calculation logic includes the insurance history of the investigation clients, the insurance policy records of the investigation clients, the investigation of the past traffic violation quantity and insurance benefits, and the like. Help the insurance company know whether the customer has illegal activities such as cheating insurance.
Besides, the mechanism of the embodiment of the invention can also be a bank and a security company, and the security company can perform asset statistics, investment history investigation and risk assessment on the security trading user through the system and the joint commercial bank to estimate whether the user can be authorized to use the lever and use the credit line for trading.
In the case that a network failure or a system error occurs, the KYC security server 3 may not receive all encrypted target data, in this case, if the computation logic must rely on all target data to execute, the KYC security server 3 retransmits the data request instruction, and when all target data cannot be acquired after reaching a set number of times (for example, 3 times), the KYC security server outputs a computation failure result to the front-end processor 2 that issued the computation request instruction, and the front-end processor 2 further transmits the computation failure result to the central server 1 of the mechanism to which it is connected. And informing the service manager that the current situation can not be normally calculated.
In order to implement the above functions, the front-end processor 2 according to the embodiment of the present invention includes a data transceiver module and a data encryption/decryption module. The data transceiver module is used for realizing data interaction between a central server and a KYC security server of the mechanism. Specifically, the system comprises a calculation request instruction and target data sent by a central server 1 of the organization, an encrypted data request instruction sent by a KYC security server 3 and an encrypted calculation result sent by the KYC security server 3. The data transceiver module is also responsible for sending data to the central server 1 and the KYC security server 3 of the organization, and comprises sending an encrypted calculation instruction and target data to the KYC security server 3 and sending a decrypted data request instruction and a decrypted calculation result to the central server 1. The data Encryption and decryption module is used for encrypting or decrypting data sent or received by the data transceiver module by using a Secret-sharing Protocol (Encryption), and specifically comprises encrypting the data before sending an operation instruction and target data to the KYC security server 3; after receiving the encrypted data request instruction and the calculation result sent by the KYC security server 3, the data is decrypted into a plaintext by the data encryption and decryption module and then sent to the central server 1 of the organization for processing.
The embodiment of the invention can be combined with a block chain technology, before the KYC security server 3 performs calculation, the KYC security server 3 encrypts and signs the received calculation request instruction and the target data respectively and writes the encrypted and signed calculation request instruction and the target data into a block chain network for evidence storage backup, and after the calculation is completed, the KYC security server 3 encrypts and signs the ciphertext result and writes the ciphertext result into the block chain network for evidence storage backup. If any party disputes the calculation result, the plaintext operation after decryption can be performed and the ciphertext result can be verified on the premise that all parties agree, or through a safe and trusted third party (such as a supervision agency).
The embodiment of the invention also comprises a supervision front-end processor 5 connected with the central server 4 of the supervision mechanism of the mechanism, wherein the supervision front-end processor 5 is used for receiving the target data and the ciphertext result in the ciphertext state, after the supervision front-end processor 5 decrypts the target data and the ciphertext result, the decrypted target data and the ciphertext result are sent to the central server 4 of the supervision mechanism, so that the central server 4 of the supervision mechanism can receive the target data and the ciphertext result, KYC information of an object suspected of violation can be screened according to the calculation result, and meanwhile, the data suspected of violation can be screened from the target data, so that a supervisor can conveniently carry out supervision. For example, if the large amount of money is withdrawn from the ciphertext result, the monitoring department can acquire the information through the calculation result and report the information of the bank node with the large amount of money withdrawn, so as to assist the anti-money-laundering supervision. The supervision mechanism is different according to different mechanisms, and can be a Chinese people bank, a bank prison, a certificate prison, a guardian and a local supervision mechanism and the like.
Based on the above embodiments, it can be seen that the present invention has the following features: data is not sent out, which means that all plaintext data is encrypted before being sent to the KYC security server; the data is not dropped, which means that the data cannot be stored and copied by a third-party organization, and subsequent data leakage is avoided; the fact that data is not available and invisible means that the multi-KYC security server has technical capability of performing ciphertext calculation in a data-keeping ciphertext state, but the ciphertext of an original operator, even the KYC security server, cannot be decrypted and observed before inquiring the consent of a data provider. Through the configuration of the data source, the quantitative and directional use of the data can be realized. Through multi-party safe calculation, each organization obtains expected calculation answers on the premise of not revealing data of any party.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that other parts not specifically described are within the prior art or common general knowledge to those of ordinary skill in the art. Without departing from the principle of the invention, several improvements and modifications can be made, and these improvements and modifications should also be construed as the scope of the invention.