WO2017163090A1 - Device, method and system for a distributed ledger - Google Patents

Device, method and system for a distributed ledger Download PDF

Info

Publication number
WO2017163090A1
WO2017163090A1 PCT/GB2017/050851 GB2017050851W WO2017163090A1 WO 2017163090 A1 WO2017163090 A1 WO 2017163090A1 GB 2017050851 W GB2017050851 W GB 2017050851W WO 2017163090 A1 WO2017163090 A1 WO 2017163090A1
Authority
WO
WIPO (PCT)
Prior art keywords
transactions
memory
distributed ledger
node
processor
Prior art date
Application number
PCT/GB2017/050851
Other languages
French (fr)
Inventor
Brendan QUINN
Original Assignee
Mount Watatic Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mount Watatic Ltd filed Critical Mount Watatic Ltd
Publication of WO2017163090A1 publication Critical patent/WO2017163090A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/12Accounting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings
    • G06F21/87Secure or tamper-resistant housings by means of encapsulation, e.g. for integrated circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • the present invention is in the field of distributed ledger systems. More particularly, but not exclusively, the present invention relates to a secure node for a distributed ledger system.
  • Traders either individuals or companies write orders into an incoming order book.
  • a Trader who wants current market information must query both the single Incoming Order Book, and the Matched Order Ledger. While there may be a single market interface presented, the interface, Incoming Order Book, and Matched Order ledger are all hosted and maintained by the exchange provider, and a Trader queries a market interface, which queries the Incoming Order Book, and Matched Order Ledger on the Trader's behalf.
  • platform throughput is a function of Matcher efficiency.
  • Matcher efficiency The more quickly orders are removed from the incoming order book, the more orders the platform can handle.
  • Current implementations also aim to enforce a defined sequence for incoming orders.
  • Several mechanisms are used, which vary by implementation. The most common solution is to use a Single Writer Pattern. In a Single Writer Pattern, all incoming orders are written to a logical queue, usually implemented on a single physical machine. Distributed solutions exist, but can add to the inherent latency of the trading. This is generally deemed to be a negative in trading, as it typically directly affects exchange throughput.
  • a device for providing a node in a distributed ledger including:
  • a processor configured to match transactions
  • a communications apparatus configured to receive transactions from a plurality of devices each providing a node in the distributed ledger
  • a memory configured to store transactions in a transaction memory pool; and A casing configured to enclose, at least in part, the memory and the processor;
  • the device is modified into a non-functional state when the casing is compromised.
  • At least part of the memory may be modified into a non-functional state when the casing is compromised.
  • the at least part of the memory may be modified such that data stored within the at least part of the memory is rendered inaccessible.
  • the transaction memory pool may be rendered inaccessible.
  • At least part of the memory may be destroyed to render it inaccessible.
  • the at least part of the memory may be destroyed via one or more of the following: voltage, heat, acid, cold, explosives, or mechanical force applied to the at least part of the memory.
  • the casing may include radio frequency shielding to inhibit detection of electrical activity within the casing outside the casing.
  • the memory may be further configured to store one or more encryption keys and wherein the processor is further configured to decode transactions received from the plurality of devices using the one or more encryption keys.
  • the one or more encryption keys may be rendered inaccessible.
  • the processor may be further configured to encode transactions transmitted to the plurality of devices using the one or more encryption keys.
  • the device may be further configured to receive transactions from a user of the device.
  • the device may be further configured to validate the transactions received from the user.
  • the device may be further configured to broadcast the transactions received from the user to each other node within the distributed ledger.
  • the transactions may comprise both bids and quotes for a trading market.
  • the transactions may comprise both bids and quotes for a plurality of trading markets.
  • the processor may be configured to match the transactions in accordance with a deterministic matching algorithm.
  • Each of the plurality of devices providing a node in the distributed ledger may be a device as claimed in the above claim.
  • the processor may be configured to group valid transactions into a block, to calculate a satisfactory hash for the block based upon a previous consensus block in a chain of blocks, to broadcast the block to the other nodes, and to use the longest chain of blocks to replace the consensus block.
  • the processor may match transactions within the consensus block.
  • the distributed ledger may be a blockchain.
  • Transactions within the memory pool may be inaccessible to a user of the device until approval is received from a commit and reveal module executing at the device.
  • the commit and reveal module may utilise a time delay calculated based upon network distances to other nodes.
  • a system for providing a distributed ledger including:
  • a communications system configured to enable each of the plurality of devices to communicate with one another.
  • a method for providing a node within a distributed ledger including:
  • the method above may further include the step of determining a consensus block of transactions.
  • the transactions may be matched within the consensus block.
  • the consensus block may be received at the device from one of a plurality of other devices.
  • the device may be as described in relation to the first aspect.
  • a device for providing a node within a distributed ledger wherein at least a part of the device is modified into a non-functional state when the device is physically compromised.
  • Figure 1 shows a block diagram illustrating a device in accordance with an embodiment of the invention
  • Figure 2 shows a block diagram illustrating a system in accordance with an embodiment of the invention
  • Figure 3 shows a flow diagram illustrating a method in accordance with an embodiment of the invention
  • Figure 4 shows a block diagram illustrating shared ledgers in accordance with an embodiment of the invention
  • Figure 5 shows a sequence diagram illustrating three verification stages of an embodiment of the invention
  • Figure 6 shows a block diagram illustrating matching algorithms used with shared ledgers in accordance with an embodiment of the invention
  • Figure 7 shows a block diagram illustrating an exemplary trading sequence in accordance with an embodiment of the invention
  • Figure 8 shows a block diagram illustrating multiple trading markets in accordance with an embodiment of the invention
  • Figure 9 shows a block diagram illustrating an exemplary communications system in accordance with an embodiment of the invention.
  • Figure 10 shows a circuit diagram illustrating a voltage-based memory destruction means in accordance with an embodiment of the invention.
  • the present invention provides a device, method and system for a distributed ledger.
  • a distributed ledger such as blockchain
  • a transaction matching system such as a market trading platform.
  • the advantages of utilising a distributed ledger is greater resilience for the matching system (i.e. greater uptime), increased speed due to distributed processing, more equality for traders, and greater transparency.
  • nodes for distributed ledgers for a transaction matching system may be susceptible to unfair trading practices if in the physical possession of a bad actor.
  • the inventor has discovered that a node can be suitably configured for use with a distributed ledger such that the node is rendered non-functional, at least in part, when physically compromised or tampered with. With such nodes, the effects of bad actors may be mitigated and/or eliminated in a distributed ledger system.
  • FIG. 1 a device 100 for providing a node in a distributed ledger in accordance with an embodiment of the invention is shown.
  • the device 100 comprises a processor 101 , a communications apparatus 102, a memory 103, and a casing 104.
  • the processor 101 is configured to match transactions.
  • the processor 101 may be configured for processing received transactions to reconcile the transactions with each of a plurality of devices providing nodes within the distributed ledger.
  • the process of reconciliation may include sequencing of the transactions.
  • the sequencing may be such that the transactions share the same sequence as each of the plurality of nodes.
  • the processor 101 may reconcile the transactions by grouping valid transactions into a block, calculating a satisfactory hash for the block based upon a previous consensus block in a chain of blocks, broadcasting the block to the other nodes, and using the longest chain of blocks (i.e. either using blocks received from the other nodes or the present device's block) to replace the consensus block.
  • the processor 101 may be configured to match the transactions in accordance with one of a plurality of matching algorithms.
  • the matching algorithms may be deterministic and may include "First Match”, “Auction”, “Dutch Auction”, and/or "Volume Weighted”. It will be appreciated that the list of algorithms is exemplary only and that other matching algorithms may be utilised.
  • the processor 101 may be configured to match transactions within the reconciled transaction (e.g. within the consensus block).
  • the communications apparatus 102 is configured to receive transactions from the plurality of devices.
  • the communications apparatus 102 may be further configured to transmit transactions to the plurality of devices.
  • the communications apparatus 102 may be further configured to transmit and receive transaction blocks to/from the plurality of devices.
  • the device 100 may also include an input apparatus 105 configured to receive transactions from one or more traders.
  • the processor 101 may be further configured to validate these received transactions before communicating the received transactions via the communications apparatus to each of the plurality of devices (e.g. broadcasting the transactions).
  • the memory 103 is configured to store a transaction memory pool.
  • the memory 103 may be further configured to store a reconciled transaction list.
  • the transaction memory pool may be encrypted by one or more encryption keys and the processor 101 may be further configured to decrypt the memory pool.
  • the processor 101 may be a FPGA (field-programmable gate array) incorporating the one or more encryption keys in hardware or the encryption keys may be stored in a portion of the memory 103.
  • the memory 103 may include mutable memory (such as RAM or flash memory) for dynamic data such as transactions and immutable memory (such as ROM) for static data such as encryption keys. It will be appreciated that, in this context, immutable memory also includes difficult to modify memory such as EPROMs.
  • the device 100 may be configured for encoding and decoding transmission and reception of transactions to and from the plurality of devices using one or more encryption keys.
  • the processor 101 is further configured for encoding and decoding the transmissions
  • the memory is further configured for storing the encryption key(s).
  • the casing 104 is configured to enclose at least a part of the device 100. In one embodiment, the casing 104 encloses the entire device 100. In another embodiment, the casing 104 encloses the processor 101 and a portion of the memory 103 configured for storing the memory pool and/or the encryption keys. A secondary casing may enclose all portions of the device 100 not enclosed by the casing 104.
  • the casing 104 provides RF (Radio Frequency) shielding or otherwise inhibits interception or interference with the electrically functioning of the device 100.
  • the device 100 further includes an active interference apparatus to prevent or inhibit the interception or interference of the electrically functioning of the device.
  • the device 100 is configured such that at least a part of the device 100 is modified into a non-functional state when the casing 104 is compromised.
  • modification into a non-functional state include modifications which prevent accurate analysis of or access to transactions stored in the memory pool.
  • modification into a non-functional state include modifications which prevent access to one or more, or all the encryption keys.
  • Modifications may include damage or destruction caused to at least part of the hardware such as the memory 103 and/or processor 101 storing transaction and/or encryption data (e.g. damage may be caused to the portion of the memory storing the memory pool).
  • the device 100 may be configured to damage or destroy the hardware via one or more of the following: voltage, heat, acid, cold explosives or mechanical force.
  • the device 100 may be configured to provide access to the transaction memory pool to the one or more traders. Access may be provided in accordance with a commit & reveal algorithm. The commit & reveal algorithm may utilise a time delay calculated based upon network distances to other nodes.
  • the device 100 may further include an output apparatus 106.
  • the output apparatus 106 may be configured for communicating matched transactions to the one or more traders.
  • FIG 2 a system 200 for providing a distributed ledger in accordance with an embodiment of the invention is shown.
  • the communications system 205 may include a network such as a private network.
  • the network may be a virtual network overlaid on top of a physical network or internetwork (such as a VPN (virtual private network) overlaid on a LAN, WLAN or the Internet).
  • the network is an entirely private network (e.g. using the 802.1 x protocol) or a physically private network (e.g. using non-public signalling mechanisms).
  • the distributed ledger within the system 200 is actuated via the blockchain methodology.
  • Transactions within the distributed ledger may comprise bids and quotes for a single or multiple trading markets.
  • Each trading market may be associated with an entity who provides fulfilment services and an entity who provides market operations.
  • each trading market is associated with a defined matching algorithm and/or at least one defined encryption key.
  • the system 200 may be configured to utilise the defined encryption key to encode transactions for a market such that only the devices of participants in the market may interact with transactions for that market.
  • Each of the devices 201 to 204 may be utilised by one or more traders.
  • One or more of the devices 201 to 204 may be physically located at the premises of a trader (or trading firm) or broker or trader consortium. One or more of the devices 201 to 204 may be physically located within a hosted environment.
  • the node is being provided by a device.
  • the device may be the device described in relation to Figure 1 .
  • transactions are received at the device. Transactions may be received from a plurality of devices within a distributed ledger system (e.g. as described in relation to Figure 2), and/or from one or more traders via an input apparatus (e.g. 105) at the device.
  • received transactions are stored in a memory pool (e.g. in a memory pool at memory 103).
  • transactions are matched (e.g. by processor 101 ). Transactions may be matched within reconciled transactions. Reconciled transactions may be transactions that have been distributed to each of the plurality of devices (e.g. 201 to 204) and sequenced across the distributed ledger system (e.g. 200), for example, and at least part by a distributed ledger methodology such as blockchain such that the reconciled transactions are those within the consensus block.
  • a distributed ledger methodology such as blockchain
  • step 304 at least a part of the device may be rendered non-functional when a casing (e.g. 104) is compromised.
  • Embodiments of the invention will now be described with reference to Figures 4 to 10. These embodiments relate to secure, distributed network-attached ledger, which provides the means to establish a trade, and thus form the basis of a new type of trading exchange which prevents certain types of unfair trading practices (specifically network-latency-based arbitrage), and which enables new types of market models. It does this providing a distributed, non- repudiable ledger, made up of nodes which communicate with each over a private network (whether physical or virtual).
  • the ledger is provided by means of a block-chain, and the ledger-nodes themselves are contained in secure cases, which cannot be opened without destroying their usefulness.
  • inventions implement an alternative model for a trading exchange, designed to account for conditions existing in wide area networks. Specifically, the embodiments prevents timing and network distance from being exploited in such a way as to privilege a subset of Traders.
  • a Trader in this context need not be an individual trader.
  • a Trader could be a trading firm, where the Ledger is used by their employees, or a consortium of traders, or indeed a broker who allows their customers to place orders into their Ledger Node.
  • a Trader may be considered any participant in a market who maintains a Ledger Node and takes responsibility for the transactions entered into that Node.
  • a single Trader may run more than one node.
  • a Trader may even, exchange rules permitting, run more than one node of a single Trading Exchange. Regardless, care must always be taken to ensure that a single Trader does not control the majority of a single Trading Exchange's processing power.
  • reconciliation consists of three stages (see Figure 5):
  • Stage 1 Validation: This ensures that all orders are valid.
  • Stage 3 Sequencing This ensures that the sequence of those orders in all instances of the Shared Ledger is the same.
  • orders are not made visible to other Traders until they have passed the second reconciliation stage. Once orders have been fully reconciled, every Trader has an identical copy of the reconciled Ledger. A Matcher can then run over any instance of the Shared Ledger. So long as a deterministic algorithm is used for the Matcher, the same result will be obtained, regardless of instance. This implies that matched orders do not need to be removed from the Shared Ledger, nor do matches need to be written anywhere. The Matcher process can simply be run over the Shared Ledger as needed, to determine market state.
  • the generic type of algorithm used for the Matcher is not limited by the mechanism used to reconcile the shared Ledger. Algorithms such as 'First Match', 'Auction', 'Dutch Auction', 'Volume Weighted', and 'Value Weighted', are possible, as well as many others. Even an open outcry auction conducted via video or voice conferencing would be possible, although in the that case the actual matching would be done by the human conducting the sale, who would enter the match as a transaction into the ledger. Any Matcher algorithm implemented in software would be minimal. Matching possibilities are also not limited to price, instrument, etc.
  • An example of the latter case would be a market where matches were constrained by delivery distance. If the location of origin and delivery were expressed in the relevant transaction (quote or bid), the distance could be determined at match time.
  • Any constraints presented by the choice of Ledger reconciliation mechanisms are likely, however, to have implications for market semantics, and may also influence Trader behaviour.
  • maximum exchange throughput is a function solely of the efficiency of the reconciliation process, not Matcher efficiency.
  • the Shared Ledger model also has implications for market operations and fulfilment.
  • An example will be described: consider a group of Traders named Alice, Bob, Carol, and David, who each possess a Shared Ledger Instance. Initially, they use this to trade baseball cards. They agree on a Matcher algorithm to use, and Alice offers to provide fulfilment services, as she sees Bob, Carol, and David regularly, and baseball cards are easily portable. She also agrees to provide market operations, and ensure that the market is closed when she is away on her annual holiday. They all begin to trade (see Figure 7).
  • Alice submits a quote to the Shared Ledger to sell 300 assorted 1950s baseball cards at a unit price of $1 , and 400 assorted 1960s baseball cards at a unit price of $0.50, with a minimum quantity of 50 cards.
  • the Matcher algorithm sees only the sequence in the ledger, and does not handle incoming orders. If using a simple 'First Match' algorithm, this sequence would result in:
  • Carol decides to offer a market in bicycles. She approaches Alice, David and Bob and proposes the scheme. Alice and David agree to participate, but Bob declines. Alice, David and Carol agree to use the Shared Ledger, and an algorithm for the Matcher. They also agree that Carol will provide Market Operations and Fulfilment (see Figure 8). With reference to Figure 8, note that transactions in the bicycle market will be visible to Bob, as they will exist in the Shared Ledger. If the participants in the bicycle market desire privacy, they can include an encoding scheme, which may include forms of cryptography in the Bicycle Market order placement, and Matcher. If this is done, Bob can see that transactions are happening, but not what they are.
  • a block chain functions as a distributed, append-only data store that has the following properties:
  • Nodes attempt to put transactions in the Memory Pool into blocks, by: a. Verifying that the transactions are valid
  • ordering in a block chain is a function of the block chain algorithm.
  • the order of transactions in a converged block chain may bear no resemblance to the order they were received.
  • the block chain mechanism does guarantee that once the block chain has converged, the transactions are in the only possible sequence. This means that as blocks are immutable, Matcher operation over a converged block chain will be deterministic.
  • transactions in the Memory Pool must not be directly visible to Traders.
  • the obvious solution is to make transactions in the Memory Pool only visible through an interface that maintains a table of network distances to all other nodes, and ensures that no transaction is visible until sufficient time has passed for network propagation to take place.
  • This type of system in exchange platforms is often called a 'Commit and Reveal' system, but similar algorithms as used in Internet content distribution networks (CDNs), and other data caching systems may also be suitable.
  • CDNs Internet content distribution networks
  • 'Commit and Reveal' systems are a common part of many economic systems.
  • One common example in the real world is a sealed bid auction. In this model, a piece of property is put up for sale, with bidders invited to submit bids in sealed envelopes by a specific date and time. At a specified time after the submission deadline, all envelopes are opened and the highest bidder wins the auction.
  • a cheat may attempt to run different software on a Ledger node.
  • a cheat may attempt to read the contents of the Memory Pool off of the network during transfer between nodes.
  • a cheat with access to the underlying operating system of a Ledger node may attempt to read data directly.
  • a cheat with access to the physical machine which runs a Ledger node may attempt to read data:
  • Embodiments of the present invention prevent the first two vectors by requiring Ledger nodes to use a virtual private network (VPN) to connect to each other. If only known nodes with encryption keys signed by a trusted authority can connect, the first vector is prevented. The VPN itself encrypts the traffic, thereby preventing the second vector. However, the third and fourth vectors remain. They also imply that any encryption keys could also be read by an attacker, thus bypassing this solution and re-enabling attacks via the first two vectors. However, other implementations are possible, so long as they provide both strong node authentication, and incorporate an encoding scheme which may include forms of encryption for all communications.
  • VPN virtual private network
  • One example alternate implementation uses an entirely private network, incorporating the 802.1 x (https://en.wikipedia.org wiki/IEEE .. 802.1 X ) protocol for node authentication, (see Figure 9).
  • nodes are issued as a credential, an X.509 certificate signed by the private key of a Trusted Signing Authority(TSA).
  • TSA Trusted Signing Authority
  • X.509 certificates incorporate the public key corresponding to a private key generated by the node. This signature may be verified using the corresponding public key.
  • the Authentication Server holds a copy of that public key, and is configured to validate credentials signed by the TSA.
  • the router demands a credential before the node is allowed to connect
  • the router forwards the credential to the Authentication Server for validation 4) If the credential is successfully validated by the authentication server, the node is given access to the network
  • nodes communicate using Transport Layer Security (TLS) encryption (ht1ps://en.wikipedia >rg/wikl irans :x>rt_La.yer_Security ) using the same certificate as a credential.
  • TLS Transport Layer Security
  • Another example might use purely physical means to protect the network.
  • One mechanism by which this could be achieved is to use a private network which depends on non-public signaling mechanisms between switches. So long as access to network hardware could be strictly controlled (i.e. limited manufacture, highly tracked, etc.), access to the network could similarly be controlled. For example: if the only end-point network interfaces in existence were those already in use on a particular network, and no more could ever be made, that network would be secure enough to satisfy both requirements (although there would likely be concerns about that same network's reliability). Note that this example does not make use of encryption in the mathematical sense (in that there is no 'key' as such).
  • each alternate implementation will place constraints on network operation in terms of performance, latency, how to provide resilience and redundancy, what level of attack will be deterred, etc. Therefore, the implementation chosen should closely match the constraints of the markets intended to be provided by the network. How credentials are provided and authenticated can also vary without affecting the intended function of the invention.
  • the central authority ise considered as the credential provider, but other models are possible. For example, consider a model where in order to connect to the network, an aspiring Node Operator must obtain the approval of 30% of the existing Node Operators. Assume a private, physical, wide-area network with access control implemented at the router. Assume the all routers in the network maintain a distributed state table containing the public key of every node connected to the network. When a node attempts to connect:
  • the node is allowed to connect to the network
  • model chosen may constrain the implementation, any common model for credential provision and verification may be used.
  • the third vector is prevented by placing the Ledger nodes in a physical device which provides no access to an underlying operating system.
  • the fourth vector may be addressed by using a secure physical case for the device, which has a security system fitted which has the following characteristics:
  • the case itself is fitted with radio frequency (RF) shielding, active interference device, or other means, sufficient to ensure that internal electrical activity cannot be detected outside the case.
  • RF radio frequency
  • active interference device or other means, sufficient to ensure that internal electrical activity cannot be detected outside the case.
  • the device is selectively or entirely destroyed, permanently erased, or otherwise made inoperable. Typically, this includes:
  • a mechanism to implement the second requirement which is electrically based is used.
  • This mechanism consists of a battery- powered circuit which, when the circuit is completed by opening the case, applies voltage to the memory chips which hold the required memory segments (see Figure 10).
  • Other mechanisms are possible, so long as they destroy, damage or render inoperable the appropriate memory segments.
  • Block Chain or similar distributed ledger algorithm
  • the case could be rigged to explode when opened. This may be less advantageous than other methods of destruction/damage.
  • the case could be fitted with a mechanical lock which physically destroys the memory as a consequence of allowing the case to be opened.
  • a metal rod could be threaded through the case such that it must be removed for the case to be opened.
  • the rod would also be threaded in such a way that removing it from the case will snap the memory chips in half.
  • the case could be fitted with another device which physically destroys the memory chips by means of acid, heat, cold, or physical force when the case is opened. 4) Should the outer case need to be opened and closed regularly, the case could be fitted with an interior case which only encloses the required components, which itself is fitted with a device to enclose, and shield the critical components, and destroy them should the inner case be opened.
  • these variants may also need to be fitted with additional measures to ensure that the device could not be operated while the outer case was open, and care would need to be taken to ensure that no direct electrical access to the components in the inner case was provided.
  • a potential advantage of some embodiments of the present invention is that bad actors are unable to infer with the legitimate functioning of a distributed ledger even if they are in physical possession of a node in the distributed ledger.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a device for providing a node in a distributed ledger. The device includes a processor configured to match transactions; a communications apparatus configured to receive transactions from a plurality of devices each providing a node in the distributed ledger; a memory configured to store transactions in a transaction memory pool; and a casing configured to enclose, at least in part, the memory and the processor. At least part of, the device is modified into a non-functional state when the casing is compromised. A system for providing a distributed ledger and a method for providing a node for a distributed ledger are also disclosed.

Description

Device, Method and System for a Distributed Ledger
Field of Invention The present invention is in the field of distributed ledger systems. More particularly, but not exclusively, the present invention relates to a secure node for a distributed ledger system.
Background
Market trading platforms today have evolved from models based on the physical exchanges they have replaced. In the most common models, transaction flow proceeds as follows:
1 ) Traders (either individuals or companies) write orders into an incoming order book.
2) A Matcher runs and:
a. reads the incoming order book
b. matches bids to quotes
c. removes matched orders from the incoming order book
d. writes matched orders to a matched order ledger
In these models, a Trader who wants current market information must query both the single Incoming Order Book, and the Matched Order Ledger. While there may be a single market interface presented, the interface, Incoming Order Book, and Matched Order ledger are all hosted and maintained by the exchange provider, and a Trader queries a market interface, which queries the Incoming Order Book, and Matched Order Ledger on the Trader's behalf.
In most implementations of these models, platform throughput (maximum possible volume of orders) is a function of Matcher efficiency. The more quickly orders are removed from the incoming order book, the more orders the platform can handle. Current implementations also aim to enforce a defined sequence for incoming orders. Several mechanisms are used, which vary by implementation. The most common solution is to use a Single Writer Pattern. In a Single Writer Pattern, all incoming orders are written to a logical queue, usually implemented on a single physical machine. Distributed solutions exist, but can add to the inherent latency of the trading. This is generally deemed to be a negative in trading, as it typically directly affects exchange throughput.
Limitations of distributed solutions has meant that existing implementations are normally only able to operate in a single datacenter, with all parts of the system under the control of a single provider.
There can be no doubt that existing trading exchanges work. However, problems have become apparent, as high frequency trading strategies have emerged. One persistent problem is that of network speeds and switching latency. Networks are not perfect, and latency is governed by fundamental physical laws. The farther in network terms a Trader is from the Single Writer (whether machine or network), the greater their disadvantage in every transaction. In the context of a single trading exchange, this can be (and has been) partly mitigated by exchange providers selling datacenter space in the same datacenter as the Single Writer. This, in effect, creates a two-tier system for Traders. Traders who can afford to purchase datacenter space from the trading exchange provider, can purchase a permanent advantage in the markets provided by that exchange. Traders who cannot, are at a permanent disadvantage. This also forces institutional players to either go through an existing brokerage or invest in establishing full trading teams, in order to execute their large orders.
The problem grows even more complex when multiple trading exchanges are considered. Traders who can purchase private exotic network links between datacenters where trading exchanges are located can (and have) gain significant advantage by shaving milliseconds off of transfer latencies. In 2010, Forbes Magazine estimated the cost of these network links at $700 million, in order to save 3ms.
Another disadvantage of these models is that the requirement for a centralized Incoming Order Book, Matcher, and Matched Order Ledger has meant that Trading Exchange platform providers typically also must provide both fulfilment and market operations services to Traders. The latter includes functions such as opening and closing markets, responding to regulators, and on occasion, unwinding trades. This leads to significant inefficiencies, and presents a barrier to the formation of smaller private markets among Traders.
These problems are a natural consequence of existing trading exchange models, and their implementations around the world. It is an object of the present invention to provide a device, method and system for a distributed ledger which overcomes the disadvantages of the prior art, or at least provides a useful alternative.
Summary of Invention
According to a first aspect of the invention there is provided a device for providing a node in a distributed ledger, including:
A processor configured to match transactions;
A communications apparatus configured to receive transactions from a plurality of devices each providing a node in the distributed ledger;
A memory configured to store transactions in a transaction memory pool; and A casing configured to enclose, at least in part, the memory and the processor;
Wherein, at least part of, the device is modified into a non-functional state when the casing is compromised. At least part of the memory may be modified into a non-functional state when the casing is compromised. The at least part of the memory may be modified such that data stored within the at least part of the memory is rendered inaccessible. The transaction memory pool may be rendered inaccessible. At least part of the memory may be destroyed to render it inaccessible. The at least part of the memory may be destroyed via one or more of the following: voltage, heat, acid, cold, explosives, or mechanical force applied to the at least part of the memory. The casing may include radio frequency shielding to inhibit detection of electrical activity within the casing outside the casing.
The memory may be further configured to store one or more encryption keys and wherein the processor is further configured to decode transactions received from the plurality of devices using the one or more encryption keys. The one or more encryption keys may be rendered inaccessible. The processor may be further configured to encode transactions transmitted to the plurality of devices using the one or more encryption keys. The device may be further configured to receive transactions from a user of the device. The device may be further configured to validate the transactions received from the user. The device may be further configured to broadcast the transactions received from the user to each other node within the distributed ledger.
The transactions may comprise both bids and quotes for a trading market.
The transactions may comprise both bids and quotes for a plurality of trading markets.
The processor may be configured to match the transactions in accordance with a deterministic matching algorithm. Each of the plurality of devices providing a node in the distributed ledger may be a device as claimed in the above claim. The processor may be configured to group valid transactions into a block, to calculate a satisfactory hash for the block based upon a previous consensus block in a chain of blocks, to broadcast the block to the other nodes, and to use the longest chain of blocks to replace the consensus block. The processor may match transactions within the consensus block.
The distributed ledger may be a blockchain.
Transactions within the memory pool may be inaccessible to a user of the device until approval is received from a commit and reveal module executing at the device. The commit and reveal module may utilise a time delay calculated based upon network distances to other nodes.
According to a further aspect of the invention there is provided a system for providing a distributed ledger, including:
A plurality of devices, each device as claimed in any one of claims 1 to 22; and
A communications system configured to enable each of the plurality of devices to communicate with one another. According to a further aspect of the invention there is provided a method for providing a node within a distributed ledger, including:
a) receiving transactions at a device;
b) storing the received transactions in a memory pool at the device;
c) matching transactions at the device; and
d) rendering at least a part of the device non-functional when a casing of the device is compromised. The method above may further include the step of determining a consensus block of transactions. The transactions may be matched within the consensus block. The consensus block may be received at the device from one of a plurality of other devices. The device may be as described in relation to the first aspect.
According to a further aspect of the invention there is provided a device for providing a node within a distributed ledger wherein at least a part of the device is modified into a non-functional state when the device is physically compromised.
Other aspects of the invention are described within the claims.
Brief Description of the Drawings
Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:
Figure 1 : shows a block diagram illustrating a device in accordance with an embodiment of the invention;
Figure 2: shows a block diagram illustrating a system in accordance with an embodiment of the invention; Figure 3: shows a flow diagram illustrating a method in accordance with an embodiment of the invention;
Figure 4: shows a block diagram illustrating shared ledgers in accordance with an embodiment of the invention;
Figure 5: shows a sequence diagram illustrating three verification stages of an embodiment of the invention; Figure 6: shows a block diagram illustrating matching algorithms used with shared ledgers in accordance with an embodiment of the invention; Figure 7: shows a block diagram illustrating an exemplary trading sequence in accordance with an embodiment of the invention;
Figure 8: shows a block diagram illustrating multiple trading markets in accordance with an embodiment of the invention;
Figure 9: shows a block diagram illustrating an exemplary communications system in accordance with an embodiment of the invention; and Figure 10: shows a circuit diagram illustrating a voltage-based memory destruction means in accordance with an embodiment of the invention.
Detailed Description of Preferred Embodiments The present invention provides a device, method and system for a distributed ledger.
The inventor has determined that a distributed ledger (such as blockchain) can be used to provide a transaction matching system (such as a market trading platform). The advantages of utilising a distributed ledger is greater resilience for the matching system (i.e. greater uptime), increased speed due to distributed processing, more equality for traders, and greater transparency.
However, the inventor has concluded that nodes for distributed ledgers for a transaction matching system may be susceptible to unfair trading practices if in the physical possession of a bad actor. The inventor has discovered that a node can be suitably configured for use with a distributed ledger such that the node is rendered non-functional, at least in part, when physically compromised or tampered with. With such nodes, the effects of bad actors may be mitigated and/or eliminated in a distributed ledger system.
In Figure 1 , a device 100 for providing a node in a distributed ledger in accordance with an embodiment of the invention is shown. The device 100 comprises a processor 101 , a communications apparatus 102, a memory 103, and a casing 104.
The processor 101 is configured to match transactions. The processor 101 may be configured for processing received transactions to reconcile the transactions with each of a plurality of devices providing nodes within the distributed ledger. The process of reconciliation may include sequencing of the transactions. The sequencing may be such that the transactions share the same sequence as each of the plurality of nodes. The processor 101 may reconcile the transactions by grouping valid transactions into a block, calculating a satisfactory hash for the block based upon a previous consensus block in a chain of blocks, broadcasting the block to the other nodes, and using the longest chain of blocks (i.e. either using blocks received from the other nodes or the present device's block) to replace the consensus block. The processor 101 may be configured to match the transactions in accordance with one of a plurality of matching algorithms. The matching algorithms may be deterministic and may include "First Match", "Auction", "Dutch Auction", and/or "Volume Weighted". It will be appreciated that the list of algorithms is exemplary only and that other matching algorithms may be utilised. The processor 101 may be configured to match transactions within the reconciled transaction (e.g. within the consensus block).
The communications apparatus 102 is configured to receive transactions from the plurality of devices. The communications apparatus 102 may be further configured to transmit transactions to the plurality of devices. The communications apparatus 102 may be further configured to transmit and receive transaction blocks to/from the plurality of devices. The device 100 may also include an input apparatus 105 configured to receive transactions from one or more traders. The processor 101 may be further configured to validate these received transactions before communicating the received transactions via the communications apparatus to each of the plurality of devices (e.g. broadcasting the transactions).
The memory 103 is configured to store a transaction memory pool. The memory 103 may be further configured to store a reconciled transaction list. In one embodiment, the transaction memory pool may be encrypted by one or more encryption keys and the processor 101 may be further configured to decrypt the memory pool. In this embodiment, the processor 101 may be a FPGA (field-programmable gate array) incorporating the one or more encryption keys in hardware or the encryption keys may be stored in a portion of the memory 103. The memory 103 may include mutable memory (such as RAM or flash memory) for dynamic data such as transactions and immutable memory (such as ROM) for static data such as encryption keys. It will be appreciated that, in this context, immutable memory also includes difficult to modify memory such as EPROMs.
The device 100 may be configured for encoding and decoding transmission and reception of transactions to and from the plurality of devices using one or more encryption keys. In one embodiment, the processor 101 is further configured for encoding and decoding the transmissions, and the memory is further configured for storing the encryption key(s). The casing 104 is configured to enclose at least a part of the device 100. In one embodiment, the casing 104 encloses the entire device 100. In another embodiment, the casing 104 encloses the processor 101 and a portion of the memory 103 configured for storing the memory pool and/or the encryption keys. A secondary casing may enclose all portions of the device 100 not enclosed by the casing 104.
In one embodiment, the casing 104 provides RF (Radio Frequency) shielding or otherwise inhibits interception or interference with the electrically functioning of the device 100. In one embodiment, the device 100 further includes an active interference apparatus to prevent or inhibit the interception or interference of the electrically functioning of the device.
The device 100 is configured such that at least a part of the device 100 is modified into a non-functional state when the casing 104 is compromised. In one embodiment, modification into a non-functional state include modifications which prevent accurate analysis of or access to transactions stored in the memory pool. In one embodiment, modification into a non-functional state include modifications which prevent access to one or more, or all the encryption keys. Modifications may include damage or destruction caused to at least part of the hardware such as the memory 103 and/or processor 101 storing transaction and/or encryption data (e.g. damage may be caused to the portion of the memory storing the memory pool). The device 100 may be configured to damage or destroy the hardware via one or more of the following: voltage, heat, acid, cold explosives or mechanical force. In one embodiment where the memory pool is encrypted, only the memory 103 storing the encryption keys may be destroyed or damaged (or the keys rendered otherwise inaccessible). In one embodiment, the device 100 may be configured to provide access to the transaction memory pool to the one or more traders. Access may be provided in accordance with a commit & reveal algorithm. The commit & reveal algorithm may utilise a time delay calculated based upon network distances to other nodes.
The device 100 may further include an output apparatus 106. The output apparatus 106 may be configured for communicating matched transactions to the one or more traders.
In Figure 2, a system 200 for providing a distributed ledger in accordance with an embodiment of the invention is shown. A plurality of devices 201 , 202, 203, and 204, each device as described in relation to Figure 1 , are shown.
A communications system 205 is also shown. The communications system 205 may include a network such as a private network. The network may be a virtual network overlaid on top of a physical network or internetwork (such as a VPN (virtual private network) overlaid on a LAN, WLAN or the Internet). In one embodiment, the network is an entirely private network (e.g. using the 802.1 x protocol) or a physically private network (e.g. using non-public signalling mechanisms).
In one embodiment, the distributed ledger within the system 200 is actuated via the blockchain methodology. However, it will be appreciated that other distributed, append-only data store methods may be used. Transactions within the distributed ledger may comprise bids and quotes for a single or multiple trading markets. Each trading market may be associated with an entity who provides fulfilment services and an entity who provides market operations. In one embodiment, each trading market is associated with a defined matching algorithm and/or at least one defined encryption key. The system 200 may be configured to utilise the defined encryption key to encode transactions for a market such that only the devices of participants in the market may interact with transactions for that market.
Each of the devices 201 to 204 may be utilised by one or more traders.
One or more of the devices 201 to 204 may be physically located at the premises of a trader (or trading firm) or broker or trader consortium. One or more of the devices 201 to 204 may be physically located within a hosted environment.
Referring to Figure 3, a method 300 for providing a node in a distributed ledger in accordance with an embodiment of the invention will be described.
In this embodiment, the node is being provided by a device. The device may be the device described in relation to Figure 1 . In step 301 , transactions are received at the device. Transactions may be received from a plurality of devices within a distributed ledger system (e.g. as described in relation to Figure 2), and/or from one or more traders via an input apparatus (e.g. 105) at the device. In step 302, received transactions are stored in a memory pool (e.g. in a memory pool at memory 103).
In step 303, transactions are matched (e.g. by processor 101 ). Transactions may be matched within reconciled transactions. Reconciled transactions may be transactions that have been distributed to each of the plurality of devices (e.g. 201 to 204) and sequenced across the distributed ledger system (e.g. 200), for example, and at least part by a distributed ledger methodology such as blockchain such that the reconciled transactions are those within the consensus block.
In step 304, at least a part of the device may be rendered non-functional when a casing (e.g. 104) is compromised.
Embodiments of the invention will now be described with reference to Figures 4 to 10. These embodiments relate to secure, distributed network-attached ledger, which provides the means to establish a trade, and thus form the basis of a new type of trading exchange which prevents certain types of unfair trading practices (specifically network-latency-based arbitrage), and which enables new types of market models. It does this providing a distributed, non- repudiable ledger, made up of nodes which communicate with each over a private network (whether physical or virtual). The ledger is provided by means of a block-chain, and the ledger-nodes themselves are contained in secure cases, which cannot be opened without destroying their usefulness. Model
These embodiments implement an alternative model for a trading exchange, designed to account for conditions existing in wide area networks. Specifically, the embodiments prevents timing and network distance from being exploited in such a way as to privilege a subset of Traders.
This model presented uses a distributed, append-only data store as a Shared Ledger. Transactions can be entered, but once entered can never be removed. Every Trader maintains their own copy of the Shared Ledger (on their own premises), and interacts directly with it, while the Ledgers themselves are constantly being reconciled across the network (see Figure 4). With reference to Figure 4, note that the Ledger Nodes are not required to be on the physical premises of a Trader; however, it would be the responsibility of the Trader to place the Node in a trusted network, which might be that of a hosting provider.
Note also that a Trader in this context need not be an individual trader. A Trader could be a trading firm, where the Ledger is used by their employees, or a consortium of traders, or indeed a broker who allows their customers to place orders into their Ledger Node. Thus, in this sense, a Trader may be considered any participant in a market who maintains a Ledger Node and takes responsibility for the transactions entered into that Node. Note also that a single Trader may run more than one node. A Trader may even, exchange rules permitting, run more than one node of a single Trading Exchange. Regardless, care must always be taken to ensure that a single Trader does not control the majority of a single Trading Exchange's processing power.
In order to function as the basis of a trading exchange, there are several constraints placed on the reconciliation process. In one embodiment, reconciliation consists of three stages (see Figure 5):
With reference to Figure 5:
1 ) Stage 1 , Validation: This ensures that all orders are valid.
2) Stage 2, Ensuring Uniformity: All orders which have passed this stage may be considered to have been entered into all instances of the Shared Ledger.
3) Stage 3, Sequencing: This ensures that the sequence of those orders in all instances of the Shared Ledger is the same.
In order to prevent exploitation of network effects and in one embodiment, orders are not made visible to other Traders until they have passed the second reconciliation stage. Once orders have been fully reconciled, every Trader has an identical copy of the reconciled Ledger. A Matcher can then run over any instance of the Shared Ledger. So long as a deterministic algorithm is used for the Matcher, the same result will be obtained, regardless of instance. This implies that matched orders do not need to be removed from the Shared Ledger, nor do matches need to be written anywhere. The Matcher process can simply be run over the Shared Ledger as needed, to determine market state.
The generic type of algorithm used for the Matcher is not limited by the mechanism used to reconcile the shared Ledger. Algorithms such as 'First Match', 'Auction', 'Dutch Auction', 'Volume Weighted', and 'Value Weighted', are possible, as well as many others. Even an open outcry auction conducted via video or voice conferencing would be possible, although in the that case the actual matching would be done by the human conducting the sale, who would enter the match as a transaction into the ledger. Any Matcher algorithm implemented in software would be minimal. Matching possibilities are also not limited to price, instrument, etc. Any criteria which is agreed by participating Traders, and can be expressed either entirely in the transactions contained in the Ledger, or in combination with data available to all Traders, is possible. An example of the latter case would be a market where matches were constrained by delivery distance. If the location of origin and delivery were expressed in the relevant transaction (quote or bid), the distance could be determined at match time. Any constraints presented by the choice of Ledger reconciliation mechanisms are likely, however, to have implications for market semantics, and may also influence Trader behaviour.
The full trading sequence will be described with reference to Figure 6:
1 ) Orders are placed into a local Shared Ledger instance
2) Traders run independent instances of the Matcher against a local Shared Ledger instance:
a) Matcher examines only fully reconciled transactions
b) matches bids to quotes 3) Reports matched orders to the Trader
Note that in implementations of this model, maximum exchange throughput is a function solely of the efficiency of the reconciliation process, not Matcher efficiency.
The Shared Ledger model also has implications for market operations and fulfilment. An example will be described: consider a group of Traders named Alice, Bob, Carol, and David, who each possess a Shared Ledger Instance. Initially, they use this to trade baseball cards. They agree on a Matcher algorithm to use, and Alice offers to provide fulfilment services, as she sees Bob, Carol, and David regularly, and baseball cards are easily portable. She also agrees to provide market operations, and ensure that the market is closed when she is away on her annual holiday. They all begin to trade (see Figure 7).
With reference to Figure 7:
1 . Alice submits a quote to the Shared Ledger to sell 300 assorted 1950s baseball cards at a unit price of $1 , and 400 assorted 1960s baseball cards at a unit price of $0.50, with a minimum quantity of 50 cards.
2. Carol submits a bid to the Shared Ledger to buy between 50 and 75 assorted 1950s baseball cards at a unit price of $1 .
3. Bob and David both submit bids to the Shared Ledger at roughly the same time. Bob bids to buy a maximum of 300 assorted 1950s baseball cards at a unit price of $1 , and a maximum of 50 assorted
1960s baseball cards at a unit price of £0.50. David bids to buy a maximum of 200 assorted 1950s baseball cards at a unit price of £1 .05, and a maximum of 300 assorted 1960s baseball cards at a unit price of $0.75.
4. Carol submits a bid to the Shared Ledger to purchase a maximum of 500 assorted 1960s baseball cards at a unit price of $0.50 After the reconciliation process is complete, the sequence of orders in the ledger is as follows:
[AliceQuotel , CarolBidl , DavidBidl , BobBidl , CarolBid2]
The Matcher algorithm sees only the sequence in the ledger, and does not handle incoming orders. If using a simple 'First Match' algorithm, this sequence would result in:
• Carol purchases:
o 75 x 1950s baseball cards for $1 each
o 150 x 1960s baseball cards for $0.50 each
· Bob purchases:
o 125 x 1950s baseball cards for $1 each
o 50 x 1960s baseball cards for $0.50 each
• David purchases:
o 100 x 1950s baseball cards for $1.05 each
o 200 x 1960s baseball cards for $0.75 each
Note that if the Matcher had used a 'Best Price and First Match' criteria instead, this would have resulted in:
• Carol purchases:
o 75 x 1950s baseball cards for $1 each
o 50 x 1960s baseball cards for $0.50 each
• Bob purchases:
o 25 x 1950s baseball cards for $1 each
o 50 x 1960s baseball cards for $0.50 each
• David purchases:
o 200 x 1950s baseball cards for $1.05 each
o 300 x 1960s baseball cards for $0.75 each
After some time has passed, Carol decides to offer a market in bicycles. She approaches Alice, David and Bob and proposes the scheme. Alice and David agree to participate, but Bob declines. Alice, David and Carol agree to use the Shared Ledger, and an algorithm for the Matcher. They also agree that Carol will provide Market Operations and Fulfilment (see Figure 8). With reference to Figure 8, note that transactions in the bicycle market will be visible to Bob, as they will exist in the Shared Ledger. If the participants in the bicycle market desire privacy, they can include an encoding scheme, which may include forms of cryptography in the Bicycle Market order placement, and Matcher. If this is done, Bob can see that transactions are happening, but not what they are.
For example, consider that the above participants do desire privacy in the bicycle market (as they do not trust Bob). When Alice, David, and Carol meet, they agree on both a Matcher algorithm and a shared key. The key is incorporated into the Matcher algorithm and distributed on USB keys to each of them. Orders into this market are then encrypted with this key, creating a ciphertext. This ciphertext is placed into a Node, where it is tagged with a market ID. The Matcher looks for transactions in the distributed Ledger for orders with its market ID, decrypts the cyphertext, and matches orders in exactly the same way as a non-private market. Note that while this example considers one type of cryptography (symmetrical), and key distribution (physical), most common types of cryptographic and key distribution mechanisms that are agreed by market participants should suffice.
Note that this model means that ensuring the validity of individual transactions in individual markets becomes the responsibility of the Matcher, rather than of the block chain transaction validation rules. The latter can only ensure that the orders themselves follow the rules of the overall exchange. If the transaction themselves are opaque to the Ledger validation process, the Matcher Algorithm must incorporate its own validation mechanism, specific to the market where that Matcher runs. Further markets can be layered into the Shared Ledger in a similar fashion; market operations and fulfilment services can be distributed between participants in any manner, so long as they all agree. Implementation
An exemplary implementation for the Shared Ledger based on a block chain, as defined in "Bitcoin: A Peer-to-Peer Electronic Cash System" by Satoshi Nakamoto (https://bltcoln.org/bstcoln. pdf ), will now be described:
A block chain functions as a distributed, append-only data store that has the following properties:
1 ) Transactions are entered into the Memory Pool on a node.
2) Those transactions are broadcast to all nodes, and put into the Memory Pool on every node that receives them.
3) Nodes attempt to put transactions in the Memory Pool into blocks, by: a. Verifying that the transactions are valid
b. Grouping valid transactions together
c. Calculating a mathematical hash of the group, along with a timestamp
d. Checking to see if the hash matches a pre-determined "difficulty factor" (Note: The difficulty factor has the property that the number of hash calculations required to successfully create a block increases exponentially as the factor increases, while blocks can be verified by calculating a single hash.) e. If successful, the new block is sent to all other nodes, along with the timestamp of the previous block (thus "chaining" the blocks together).
f. Whenever a node receives a new block chain from another node, it always uses the longest chain as the basis for its own verification work.
4) Over time, the chain will converge, as the amount of work required to replace the consensus blocks becomes infeasible. (Note: In the Bitcoin block chain today, this is believed to be six blocks deep.)
Note that ordering in a block chain is a function of the block chain algorithm. The order of transactions in a converged block chain may bear no resemblance to the order they were received. However, the block chain mechanism does guarantee that once the block chain has converged, the transactions are in the only possible sequence. This means that as blocks are immutable, Matcher operation over a converged block chain will be deterministic.
This also implies that from the perspective of the block chain, all transactions in the Memory Pool must be seen as happening simultaneously. Therefore, while the block chain can provide the first and third stages of reconciliation required by the model presented, it does not provide the second.
Specific implementations of embodiments of the invention may incorporate modifications to the above exemplary implementation to optimise the implementation for the specific markets it is expected to handle. For example: changes to the hashing algorithm and difficulty factor to optimise for performance; changes to the structure of the memory pool or verification rules to disincentive specific behaviours in specific participant groups; changes to transaction verification rules, etc. Network Effects, Bad Actors and the Memory Pool
In order to account for network effects, in some embodiments, transactions in the Memory Pool must not be directly visible to Traders. The obvious solution is to make transactions in the Memory Pool only visible through an interface that maintains a table of network distances to all other nodes, and ensures that no transaction is visible until sufficient time has passed for network propagation to take place. This type of system in exchange platforms is often called a 'Commit and Reveal' system, but similar algorithms as used in Internet content distribution networks (CDNs), and other data caching systems may also be suitable. 'Commit and Reveal' systems are a common part of many economic systems. One common example in the real world is a sealed bid auction. In this model, a piece of property is put up for sale, with bidders invited to submit bids in sealed envelopes by a specific date and time. At a specified time after the submission deadline, all envelopes are opened and the highest bidder wins the auction.
'Commit and Reveal' algorithms are commonly implemented in software in turn-based, multiplayer strategy games. For example:
1 ) Turn Begins
2) Players are invited to submit their moves.
3) When all player moves have been received:
a. All moves are executed on the game board simultaneously b. Conflicting moves are resolved according to the game rules
4) The new state of the game board is revealed to all players
5) Turn Ends
A 'Commit and Reveal' system alone may not be sufficient to prevent malicious behaviour by Bad Actors who run Ledger Nodes. This is especially true in this model, as Traders may be considered to have physical access to Shared Ledger nodes.
Note that visibility of the memory pool may not necessarily give a Bad Actor an exploitable advantage. However, such visibility may be a necessary precursor to an entire category of theoretical attacks.
Attack Vectors
These are the attack vectors that could be considered:
1 ) A cheat may attempt to run different software on a Ledger node.
2) A cheat may attempt to read the contents of the Memory Pool off of the network during transfer between nodes.
3) A cheat with access to the underlying operating system of a Ledger node may attempt to read data directly. 4) A cheat with access to the physical machine which runs a Ledger node may attempt to read data:
a) by manipulating the hardware directly.
b) by passively monitoring the radio spectrum near the physical machine.
Embodiments of the present invention prevent the first two vectors by requiring Ledger nodes to use a virtual private network (VPN) to connect to each other. If only known nodes with encryption keys signed by a trusted authority can connect, the first vector is prevented. The VPN itself encrypts the traffic, thereby preventing the second vector. However, the third and fourth vectors remain. They also imply that any encryption keys could also be read by an attacker, thus bypassing this solution and re-enabling attacks via the first two vectors. However, other implementations are possible, so long as they provide both strong node authentication, and incorporate an encoding scheme which may include forms of encryption for all communications.
One example alternate implementation uses an entirely private network, incorporating the 802.1 x (https://en.wikipedia.org wiki/IEEE.. 802.1 X ) protocol for node authentication, (see Figure 9).
In the example shown in Figure 9, nodes are issued as a credential, an X.509 certificate signed by the private key of a Trusted Signing Authority(TSA). X.509 certificates incorporate the public key corresponding to a private key generated by the node. This signature may be verified using the corresponding public key. The Authentication Server holds a copy of that public key, and is configured to validate credentials signed by the TSA. When a node attempts to connect to the network:
1 ) the router demands a credential before the node is allowed to connect
2) the node provides a credential to the router
3) the router forwards the credential to the Authentication Server for validation 4) If the credential is successfully validated by the authentication server, the node is given access to the network
In this example, nodes communicate using Transport Layer Security (TLS) encryption (ht1ps://en.wikipedia >rg/wikl irans :x>rt_La.yer_Security ) using the same certificate as a credential.
Another example might use purely physical means to protect the network. One mechanism by which this could be achieved is to use a private network which depends on non-public signaling mechanisms between switches. So long as access to network hardware could be strictly controlled (i.e. limited manufacture, highly tracked, etc.), access to the network could similarly be controlled. For example: if the only end-point network interfaces in existence were those already in use on a particular network, and no more could ever be made, that network would be secure enough to satisfy both requirements (although there would likely be concerns about that same network's reliability). Note that this example does not make use of encryption in the mathematical sense (in that there is no 'key' as such).
Other examples of an alternative implementation operating entirely across public networks could rely entirely on application-level authentication and point-to-point application level encryption. Again, so long as nodes are authenticated, and traffic is encoded to a degree sufficient to deter eavesdroppers, the network (whether virtual, physical, or application layer) can be made secure enough to guarantee:
· that only known Ledger nodes can connect to the network.
• that only known Ledger nodes can read the traffic on the network.
However, each alternate implementation will place constraints on network operation in terms of performance, latency, how to provide resilience and redundancy, what level of attack will be deterred, etc. Therefore, the implementation chosen should closely match the constraints of the markets intended to be provided by the network. How credentials are provided and authenticated can also vary without affecting the intended function of the invention. Above, the central authority ise considered as the credential provider, but other models are possible. For example, consider a model where in order to connect to the network, an aspiring Node Operator must obtain the approval of 30% of the existing Node Operators. Assume a private, physical, wide-area network with access control implemented at the router. Assume the all routers in the network maintain a distributed state table containing the public key of every node connected to the network. When a node attempts to connect:
1 ) the router demands a credential
2) the node presents a public key, along with all the signatures it has collected for that key
3) the router verifies as many signatures as needed/possible, using the distributed state table
4) If the public key presented has verified signatures of more than 30% of the nodes connected to the network:
a. the node is allowed to connect to the network
b. the public key for that node is placed into the distributed state table
Although the model chosen may constrain the implementation, any common model for credential provision and verification may be used.
The third vector is prevented by placing the Ledger nodes in a physical device which provides no access to an underlying operating system. The fourth vector may be addressed by using a secure physical case for the device, which has a security system fitted which has the following characteristics:
1 ) The case itself is fitted with radio frequency (RF) shielding, active interference device, or other means, sufficient to ensure that internal electrical activity cannot be detected outside the case. 2) When the case is opened, the device is selectively or entirely destroyed, permanently erased, or otherwise made inoperable. Typically, this includes:
a) working RAM which contains the memory pool. b) static ROM which contains the encryption keys.
However, if the memory pool is encrypted, only the ROM containing the keys would need to be destroyed, permanently erased, or otherwise rendered inoperable. Additionally, if the encryption keys were themselves embedded in a hardware processing unit (FPGA or similar), then only the hardware processing unit would need to be destroyed, permanently erased, or otherwise rendered inoperable.
Note that, in some embodiments, while the underlying Operating System must be inaccessible while the node is in use, in most implementations it would not be necessary to destroy the OS on case open.
In one embodiment, a mechanism to implement the second requirement which is electrically based is used. This mechanism consists of a battery- powered circuit which, when the circuit is completed by opening the case, applies voltage to the memory chips which hold the required memory segments (see Figure 10). Other mechanisms are possible, so long as they destroy, damage or render inoperable the appropriate memory segments.
Note that for systemic exploitation of network effects to be prevented, preferably all the following parts are included within an implementation:
1 ) Block Chain or similar distributed ledger algorithm ;
2) Commit and Reveal System to compensate for network latencies (if traders require access to the memory pool);
3) A Network which is secure enough to ensure:
a. only authorized nodes may connect; and
b. only authorized nodes may read network traffic; and 4) Secure Physical Case.
A number of alternatives for elements of embodiments described above are envisaged by the inventor.
For example, alternative distributed ledger algorithms could be used; such as the algorithms used in Litecoin and HyperLedger. Variations to transaction verification rules, such as minimum order durations, could also be added to the block chain algorithm.
There are also a number of algorithms which could be used either together or separately in the Commit and Reveal system, which use alternative means to determine network propagation timings. In some cases, the Commit and Reveal system could be removed, if Traders are given no access whatsoever to the Memory Pool. This system could also be augmented with latency guarantee algorithms and external monitoring.
In relation to the secure physical case, several possible alternatives are described below:
1 ) In the simplest case, the case could be rigged to explode when opened. This may be less advantageous than other methods of destruction/damage.
2) The case could be fitted with a mechanical lock which physically destroys the memory as a consequence of allowing the case to be opened. For example: a metal rod could be threaded through the case such that it must be removed for the case to be opened. The rod would also be threaded in such a way that removing it from the case will snap the memory chips in half.
3) The case could be fitted with another device which physically destroys the memory chips by means of acid, heat, cold, or physical force when the case is opened. 4) Should the outer case need to be opened and closed regularly, the case could be fitted with an interior case which only encloses the required components, which itself is fitted with a device to enclose, and shield the critical components, and destroy them should the inner case be opened. However, these variants may also need to be fitted with additional measures to ensure that the device could not be operated while the outer case was open, and care would need to be taken to ensure that no direct electrical access to the components in the inner case was provided.
A potential advantage of some embodiments of the present invention is that bad actors are unable to infer with the legitimate functioning of a distributed ledger even if they are in physical possession of a node in the distributed ledger.
While the present invention has been illustrated by the description of the embodiments thereof, and while the embodiments have been described in considerable detail, it is not the intention of the applicant to restrict or in any way limit the scope of the appended claims to such detail. Additional advantages and modifications will readily appear to those skilled in the art. Therefore, the invention in its broader aspects is not limited to the specific details, representative apparatus and method, and illustrative examples shown and described. Accordingly, departures may be made from such details without departure from the spirit or scope of applicant's general inventive concept.

Claims

Claims
1. A device for providing a node in a distributed ledger, including:
A processor configured to match transactions;
A communications apparatus configured to receive transactions from a plurality of devices each providing a node in the distributed ledger;
A memory configured to store transactions in a transaction memory pool; and
A casing configured to enclose, at least in part, the memory and the processor;
Wherein, at least part of, the device is modified into a nonfunctional state when the casing is compromised.
2. A device as claimed in claim 1 , wherein at least part of the memory is modified into a non-functional state when the casing is compromised.
3. A device as claimed in claim 2, wherein the at least part of the memory is modified such that data stored within the at least part of the memory is rendered inaccessible.
4. A device as claimed in claim 3, wherein the transaction memory pool is rendered inaccessible.
5. A device as claimed in any one of claims 3 to 4, wherein the at least part of the memory is destroyed to render it inaccessible.
6. A device as claimed in claim 5, wherein the at least part of the memory is destroyed via one or more of the following: voltage, heat, acid, cold, explosives, or mechanical force applied to the at least part of the memory.
A device as claimed in any one of the preceding claims, wherein the casing includes radio frequency shielding to inhibit detection of electrical activity within the casing outside the casing.
A device as claimed in any one of the preceding claims, wherein the memory is further configured to store one or more encryption keys and wherein the processor is further configured to decode transactions received from the plurality of devices using the one or more encryption keys.
A device as claimed in claim 8, wherein the one or more encryption keys are rendered inaccessible.
A device as claimed in any one of claims 8 to 9, wherein the processor is further configured to encode transactions transmitted to the plurality of devices using the one or more encryption keys.
A device as claimed in any one of the preceding claims, wherein the device is further configured to receive transactions from a user of the device.
A device as claimed in claim 1 1 , wherein the device is further configured to validate the transactions received from the user.
A device as claimed in any one of claims 1 1 to 12, wherein the device is further configured to broadcast the transactions received from the user to each other node within the distributed ledger.
A device as claimed in any one of the preceding claims, wherein the transactions comprise both bids and quotes for a trading market.
A device as claimed in any one of the preceding claims, wherein the transactions comprise both bids and quotes for a plurality of trading markets.
A device as claimed in any one of the preceding claims, wherein the processor is configured to match the transactions in accordance with a deterministic matching algorithm.
A device as claimed in any one of the preceding claims, wherein each of the plurality of devices providing a node in the distributed ledger is a device as claimed in the above claim.
A device as claimed in any one of the preceding claims, wherein the processor is configured to group valid transactions into a block, to calculate a satisfactory hash for the block based upon a previous consensus block in a chain of blocks, to broadcast the block to the other nodes, and to use the longest chain of blocks to replace the consensus block.
A device as claimed in claim 18, wherein the processor matches transactions within the consensus block.
A device as claimed in any one of the preceding claims, wherein the distributed ledger is a blockchain.
A device as claimed in any one of the preceding claims, wherein transactions within the memory pool are inaccessible to a user of the device until approval is received from a commit and reveal module executing at the device.
22. A device as claimed in claim 21 , wherein the commit and reveal module utilises a time delay calculated based upon network distances to other nodes.
23. A system for providing a distributed ledger, including:
A plurality of devices, each device as claimed in any one of claims 1 to 22; and
A communications system configured to enable each of the plurality of devices to communicate with one another.
24. A method for providing a node within a distributed ledger, including:
a) receiving transactions at a device;
b) storing the received transactions in a memory pool at the device; c) matching transactions at the device; and
d) rendering at least a part of the device non-functional when a casing of the device is compromised.
25. A method as claimed in claim 24, further including the step of
determining a consensus block of transactions.
26. A method as claimed in claim 25, wherein the transactions are matched within the consensus block.
27. A method as claimed in any one of claims 25 to 26, wherein the
consensus block is received at the device from one of a plurality of other devices.
28. A method as claimed in any one of claims 24 to 27, wherein the device is a device as claimed in any one of claims 1 to 22.
29. A device for providing a node within a distributed ledger wherein at least a part of the device is modified into a non-functional state when the device is physically compromised.
30. A device or method for providing a node in a distributed ledger as herein described with reference to the Figures.
31 . A system for providing a distributed ledger as herein described with reference to the Figures.
PCT/GB2017/050851 2016-03-24 2017-03-24 Device, method and system for a distributed ledger WO2017163090A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB1605123.7A GB2549075B (en) 2016-03-24 2016-03-24 Device, method and system for a distributed ledger
GB1605123.7 2016-03-24

Publications (1)

Publication Number Publication Date
WO2017163090A1 true WO2017163090A1 (en) 2017-09-28

Family

ID=56027417

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2017/050851 WO2017163090A1 (en) 2016-03-24 2017-03-24 Device, method and system for a distributed ledger

Country Status (2)

Country Link
GB (1) GB2549075B (en)
WO (1) WO2017163090A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108769146A (en) * 2018-05-11 2018-11-06 北京奇虎科技有限公司 A kind of data transmission method, device and block catenary system based on block chain
CN109525678A (en) * 2018-12-25 2019-03-26 众安信息技术服务有限公司 Block chain network system and corresponding node device find method
US10861039B2 (en) * 2017-04-12 2020-12-08 Royal Bank Of Canada Bid platform
US11334888B2 (en) * 2017-03-24 2022-05-17 Advanced New Technologies Co., Ltd. Method and apparatus for consensus verification
US11488059B2 (en) 2018-05-06 2022-11-01 Strong Force TX Portfolio 2018, LLC Transaction-enabled systems for providing provable access to a distributed ledger with a tokenized instruction set
US11494836B2 (en) 2018-05-06 2022-11-08 Strong Force TX Portfolio 2018, LLC System and method that varies the terms and conditions of a subsidized loan
US11544782B2 (en) 2018-05-06 2023-01-03 Strong Force TX Portfolio 2018, LLC System and method of a smart contract and distributed ledger platform with blockchain custody service
US11550299B2 (en) 2020-02-03 2023-01-10 Strong Force TX Portfolio 2018, LLC Automated robotic process selection and configuration
US11631477B2 (en) 2017-09-07 2023-04-18 Dmitry Shvartsman System and method for authenticated exchange of biosamples
US11982993B2 (en) 2020-02-03 2024-05-14 Strong Force TX Portfolio 2018, LLC AI solution selection for an automated robotic process

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201711879D0 (en) * 2017-07-24 2017-09-06 Nchain Holdings Ltd Computer-implemented system and method
CN107742252A (en) * 2017-09-30 2018-02-27 浙江时间林农业有限公司 A kind of digital forest tenure management method and platform

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060253333A1 (en) * 2005-03-31 2006-11-09 Microsoft Corporation Centralized distributions

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6234389B1 (en) * 1998-04-29 2001-05-22 @Pos.Com, Inc. PCMCIA-based point of sale transaction system
US6182223B1 (en) * 1998-06-10 2001-01-30 International Business Machines Corporation Method and apparatus for preventing unauthorized access to computer-stored information
US7028191B2 (en) * 2001-03-30 2006-04-11 Michener John R Trusted authorization device
RU154072U1 (en) * 2011-11-14 2015-08-10 Васко Дэйта Секьюрити Интернэшнл Гмбх SMART CARD READER WITH SAFE JOURNALING FUNCTION
US9022286B2 (en) * 2013-03-15 2015-05-05 Virtual Electric, Inc. Multi-functional credit card type portable electronic device
US20160085955A1 (en) * 2013-06-10 2016-03-24 Doosra, Inc. Secure Storing and Offline Transferring of Digitally Transferable Assets
WO2015136434A1 (en) * 2014-03-11 2015-09-17 Tracopay Limited Device and system for electronic fund transfer
US20150332224A1 (en) * 2014-05-19 2015-11-19 OX Labs Inc. System and method for rendering virtual currency related services

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060253333A1 (en) * 2005-03-31 2006-11-09 Microsoft Corporation Centralized distributions

Cited By (70)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11334888B2 (en) * 2017-03-24 2022-05-17 Advanced New Technologies Co., Ltd. Method and apparatus for consensus verification
US10861039B2 (en) * 2017-04-12 2020-12-08 Royal Bank Of Canada Bid platform
US11631477B2 (en) 2017-09-07 2023-04-18 Dmitry Shvartsman System and method for authenticated exchange of biosamples
US11741552B2 (en) 2018-05-06 2023-08-29 Strong Force TX Portfolio 2018, LLC Systems and methods for automatic classification of loan collection actions
US11605124B2 (en) 2018-05-06 2023-03-14 Strong Force TX Portfolio 2018, LLC Systems and methods of smart contract and distributed ledger platform with blockchain authenticity verification
US11928747B2 (en) 2018-05-06 2024-03-12 Strong Force TX Portfolio 2018, LLC System and method of an automated agent to automatically implement loan activities based on loan status
US11488059B2 (en) 2018-05-06 2022-11-01 Strong Force TX Portfolio 2018, LLC Transaction-enabled systems for providing provable access to a distributed ledger with a tokenized instruction set
US11494836B2 (en) 2018-05-06 2022-11-08 Strong Force TX Portfolio 2018, LLC System and method that varies the terms and conditions of a subsidized loan
US11494694B2 (en) 2018-05-06 2022-11-08 Strong Force TX Portfolio 2018, LLC Transaction-enabled systems and methods for creating an aggregate stack of intellectual property
US11538124B2 (en) 2018-05-06 2022-12-27 Strong Force TX Portfolio 2018, LLC Transaction-enabled systems and methods for smart contracts
US11681958B2 (en) 2018-05-06 2023-06-20 Strong Force TX Portfolio 2018, LLC Forward market renewable energy credit prediction from human behavioral data
US11544782B2 (en) 2018-05-06 2023-01-03 Strong Force TX Portfolio 2018, LLC System and method of a smart contract and distributed ledger platform with blockchain custody service
US11829906B2 (en) 2018-05-06 2023-11-28 Strong Force TX Portfolio 2018, LLC System and method for adjusting a facility configuration based on detected conditions
US11829907B2 (en) 2018-05-06 2023-11-28 Strong Force TX Portfolio 2018, LLC Systems and methods for aggregating transactions and optimization data related to energy and energy credits
US11580448B2 (en) 2018-05-06 2023-02-14 Strong Force TX Portfolio 2018, LLC Transaction-enabled systems and methods for royalty apportionment and stacking
US11586994B2 (en) 2018-05-06 2023-02-21 Strong Force TX Portfolio 2018, LLC Transaction-enabled systems and methods for providing provable access to a distributed ledger with serverless code logic
US11687846B2 (en) 2018-05-06 2023-06-27 Strong Force TX Portfolio 2018, LLC Forward market renewable energy credit prediction from automated agent behavioral data
US11823098B2 (en) 2018-05-06 2023-11-21 Strong Force TX Portfolio 2018, LLC Transaction-enabled systems and methods to utilize a transaction location in implementing a transaction request
US11599940B2 (en) 2018-05-06 2023-03-07 Strong Force TX Portfolio 2018, LLC System and method of automated debt management with machine learning
US11599941B2 (en) 2018-05-06 2023-03-07 Strong Force TX Portfolio 2018, LLC System and method of a smart contract that automatically restructures debt loan
US11688023B2 (en) 2018-05-06 2023-06-27 Strong Force TX Portfolio 2018, LLC System and method of event processing with machine learning
US11605125B2 (en) 2018-05-06 2023-03-14 Strong Force TX Portfolio 2018, LLC System and method of varied terms and conditions of a subsidized loan
US11605127B2 (en) 2018-05-06 2023-03-14 Strong Force TX Portfolio 2018, LLC Systems and methods for automatic consideration of jurisdiction in loan related actions
US11609788B2 (en) 2018-05-06 2023-03-21 Strong Force TX Portfolio 2018, LLC Systems and methods related to resource distribution for a fleet of machines
US11610261B2 (en) 2018-05-06 2023-03-21 Strong Force TX Portfolio 2018, LLC System that varies the terms and conditions of a subsidized loan
US11620702B2 (en) 2018-05-06 2023-04-04 Strong Force TX Portfolio 2018, LLC Systems and methods for crowdsourcing information on a guarantor for a loan
US11625792B2 (en) 2018-05-06 2023-04-11 Strong Force TX Portfolio 2018, LLC System and method for automated blockchain custody service for managing a set of custodial assets
US11816604B2 (en) 2018-05-06 2023-11-14 Strong Force TX Portfolio 2018, LLC Systems and methods for forward market price prediction and sale of energy storage capacity
US11631145B2 (en) 2018-05-06 2023-04-18 Strong Force TX Portfolio 2018, LLC Systems and methods for automatic loan classification
US11636555B2 (en) 2018-05-06 2023-04-25 Strong Force TX Portfolio 2018, LLC Systems and methods for crowdsourcing condition of guarantor
US11657461B2 (en) 2018-05-06 2023-05-23 Strong Force TX Portfolio 2018, LLC System and method of initiating a collateral action based on a smart lending contract
US11657340B2 (en) 2018-05-06 2023-05-23 Strong Force TX Portfolio 2018, LLC Transaction-enabled methods for providing provable access to a distributed ledger with a tokenized instruction set for a biological production process
US11657339B2 (en) 2018-05-06 2023-05-23 Strong Force TX Portfolio 2018, LLC Transaction-enabled methods for providing provable access to a distributed ledger with a tokenized instruction set for a semiconductor fabrication process
US11669914B2 (en) 2018-05-06 2023-06-06 Strong Force TX Portfolio 2018, LLC Adaptive intelligence and shared infrastructure lending transaction enablement platform responsive to crowd sourced information
US11676219B2 (en) 2018-05-06 2023-06-13 Strong Force TX Portfolio 2018, LLC Systems and methods for leveraging internet of things data to validate an entity
US11544622B2 (en) 2018-05-06 2023-01-03 Strong Force TX Portfolio 2018, LLC Transaction-enabling systems and methods for customer notification regarding facility provisioning and allocation of resources
US11810027B2 (en) 2018-05-06 2023-11-07 Strong Force TX Portfolio 2018, LLC Systems and methods for enabling machine resource transactions
US11790288B2 (en) 2018-05-06 2023-10-17 Strong Force TX Portfolio 2018, LLC Systems and methods for machine forward energy transactions optimization
US11710084B2 (en) 2018-05-06 2023-07-25 Strong Force TX Portfolio 2018, LLC Transaction-enabled systems and methods for resource acquisition for a fleet of machines
US11715164B2 (en) 2018-05-06 2023-08-01 Strong Force TX Portfolio 2018, LLC Robotic process automation system for negotiation
US11715163B2 (en) 2018-05-06 2023-08-01 Strong Force TX Portfolio 2018, LLC Systems and methods for using social network data to validate a loan guarantee
US11720978B2 (en) 2018-05-06 2023-08-08 Strong Force TX Portfolio 2018, LLC Systems and methods for crowdsourcing a condition of collateral
US11727319B2 (en) 2018-05-06 2023-08-15 Strong Force TX Portfolio 2018, LLC Systems and methods for improving resource utilization for a fleet of machines
US11727505B2 (en) 2018-05-06 2023-08-15 Strong Force TX Portfolio 2018, LLC Systems, methods, and apparatus for consolidating a set of loans
US11727320B2 (en) 2018-05-06 2023-08-15 Strong Force TX Portfolio 2018, LLC Transaction-enabled methods for providing provable access to a distributed ledger with a tokenized instruction set
US11727506B2 (en) 2018-05-06 2023-08-15 Strong Force TX Portfolio 2018, LLC Systems and methods for automated loan management based on crowdsourced entity information
US11727504B2 (en) 2018-05-06 2023-08-15 Strong Force TX Portfolio 2018, LLC System and method for automated blockchain custody service for managing a set of custodial assets with block chain authenticity verification
US11734619B2 (en) 2018-05-06 2023-08-22 Strong Force TX Portfolio 2018, LLC Transaction-enabled systems and methods for predicting a forward market price utilizing external data sources and resource utilization requirements
US11734620B2 (en) 2018-05-06 2023-08-22 Strong Force TX Portfolio 2018, LLC Transaction-enabled systems and methods for identifying and acquiring machine resources on a forward resource market
US11734774B2 (en) 2018-05-06 2023-08-22 Strong Force TX Portfolio 2018, LLC Systems and methods for crowdsourcing data collection for condition classification of bond entities
US11741402B2 (en) 2018-05-06 2023-08-29 Strong Force TX Portfolio 2018, LLC Systems and methods for forward market purchase of machine resources
US11790286B2 (en) 2018-05-06 2023-10-17 Strong Force TX Portfolio 2018, LLC Systems and methods for fleet forward energy and energy credits purchase
US11741553B2 (en) 2018-05-06 2023-08-29 Strong Force TX Portfolio 2018, LLC Systems and methods for automatic classification of loan refinancing interactions and outcomes
US11741401B2 (en) 2018-05-06 2023-08-29 Strong Force TX Portfolio 2018, LLC Systems and methods for enabling machine resource transactions for a fleet of machines
US11748673B2 (en) 2018-05-06 2023-09-05 Strong Force TX Portfolio 2018, LLC Facility level transaction-enabling systems and methods for provisioning and resource allocation
US11748822B2 (en) 2018-05-06 2023-09-05 Strong Force TX Portfolio 2018, LLC Systems and methods for automatically restructuring debt
US11763213B2 (en) 2018-05-06 2023-09-19 Strong Force TX Portfolio 2018, LLC Systems and methods for forward market price prediction and sale of energy credits
US11763214B2 (en) 2018-05-06 2023-09-19 Strong Force TX Portfolio 2018, LLC Systems and methods for machine forward energy and energy credit purchase
US11769217B2 (en) 2018-05-06 2023-09-26 Strong Force TX Portfolio 2018, LLC Systems, methods and apparatus for automatic entity classification based on social media data
US11776069B2 (en) 2018-05-06 2023-10-03 Strong Force TX Portfolio 2018, LLC Systems and methods using IoT input to validate a loan guarantee
US11790287B2 (en) 2018-05-06 2023-10-17 Strong Force TX Portfolio 2018, LLC Systems and methods for machine forward energy and energy storage transactions
CN108769146A (en) * 2018-05-11 2018-11-06 北京奇虎科技有限公司 A kind of data transmission method, device and block catenary system based on block chain
CN108769146B (en) * 2018-05-11 2022-01-21 北京奇虎科技有限公司 Data transmission method and device based on block chain and block chain system
CN109525678A (en) * 2018-12-25 2019-03-26 众安信息技术服务有限公司 Block chain network system and corresponding node device find method
CN109525678B (en) * 2018-12-25 2022-09-27 众安信息技术服务有限公司 Block chain network system and corresponding node device discovery method
US11586178B2 (en) 2020-02-03 2023-02-21 Strong Force TX Portfolio 2018, LLC AI solution selection for an automated robotic process
US11586177B2 (en) 2020-02-03 2023-02-21 Strong Force TX Portfolio 2018, LLC Robotic process selection and configuration
US11567478B2 (en) 2020-02-03 2023-01-31 Strong Force TX Portfolio 2018, LLC Selection and configuration of an automated robotic process
US11550299B2 (en) 2020-02-03 2023-01-10 Strong Force TX Portfolio 2018, LLC Automated robotic process selection and configuration
US11982993B2 (en) 2020-02-03 2024-05-14 Strong Force TX Portfolio 2018, LLC AI solution selection for an automated robotic process

Also Published As

Publication number Publication date
GB201605123D0 (en) 2016-05-11
GB2549075B (en) 2022-10-12
GB2549075A (en) 2017-10-11

Similar Documents

Publication Publication Date Title
WO2017163090A1 (en) Device, method and system for a distributed ledger
Saad et al. Exploring the attack surface of blockchain: A systematic overview
Homoliak et al. The security reference architecture for blockchains: Toward a standardized model for studying vulnerabilities, threats, and defenses
Conti et al. A survey on security and privacy issues of bitcoin
US11244309B2 (en) Real-time cryptocurrency exchange using trusted hardware
Bhutta et al. A survey on blockchain technology: Evolution, architecture and security
Saad et al. Exploring the attack surface of blockchain: A comprehensive survey
Iqbal et al. Exploring sybil and double-spending risks in blockchain systems
Gao et al. Privacy-preserving auction for big data trading using homomorphic encryption
KR20190005915A (en) Distributed transaction propagation and verification system
CN107454114A (en) A kind of auction bidding method, server and readable storage medium storing program for executing
CN106161415B (en) A kind of information processing method and mobile gunz perception application platform
Jansen et al. LIRA: Lightweight Incentivized Routing for Anonymity.
WO2001011448A2 (en) Privacy preserving negotiation and computation
WO2020051710A1 (en) System and process for managing digitized security tokens
Gayvoronskaya et al. Blockchain
US11424916B2 (en) Selectively private distributed computation for blockchain
Woetzel Secret Network: A Privacy-Preserving Secret Contract & Decentralized Application Platform
Li et al. A decentralized and secure blockchain platform for open fair data trading
Momeni et al. Fairblock: Preventing blockchain front-running with minimal overheads
Li et al. A blockchain-based sealed-bid e-auction scheme with smart contract and zero-knowledge proof
Manimaran et al. Blockchain-based smart contract for e-bidding system
Islam et al. A low-cost cross-border payment system based on auditable cryptocurrency with consortium blockchain: Joint digital currency
Ahmad et al. Moving beyond the crypto-currency success of blockchain: A systematic survey
Jiang et al. SearchBC: A blockchain-based PEKS framework for IoT services

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17715265

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17715265

Country of ref document: EP

Kind code of ref document: A1