WO2019020824A1 - Method for authenticating a financial transaction in a blockchain-based cryptocurrency, smart card, and blockchain authentication infrastructure - Google Patents

Method for authenticating a financial transaction in a blockchain-based cryptocurrency, smart card, and blockchain authentication infrastructure Download PDF

Info

Publication number
WO2019020824A1
WO2019020824A1 PCT/EP2018/070517 EP2018070517W WO2019020824A1 WO 2019020824 A1 WO2019020824 A1 WO 2019020824A1 EP 2018070517 W EP2018070517 W EP 2018070517W WO 2019020824 A1 WO2019020824 A1 WO 2019020824A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
smart card
private key
blockchain
cryptocurrency
Prior art date
Application number
PCT/EP2018/070517
Other languages
French (fr)
Inventor
Alexander VASLYCHENKO
Igor RUZANOV
Original Assignee
Sofitto Nv
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sofitto Nv filed Critical Sofitto Nv
Priority to EP18752695.9A priority Critical patent/EP3659088A1/en
Publication of WO2019020824A1 publication Critical patent/WO2019020824A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication

Definitions

  • the present invention pertains to the field of electronic payment systems, and in particular to cryptocurrency systems using a blockchain infrastructure to store and certify transaction information.
  • WO 2015/183497 Al entitled “Cryptocurrency virtual wallet system and method” describes a method in which an encrypted request to transfer a requested amount of cryptocurrency from a user address to a destination address is received.
  • the request includes a destination address, a requested amount, a user device encryption key, and biometric data.
  • a partially signed transaction to transfer a requested amount of cryptocurrency from the user address to the destination address is also received.
  • the partially signed transaction is cryptographically signed and a multi-signed transaction is broadcast to a cryptocurrency network to transfer the requested amount of cryptocurrency from the user address to the destination address.
  • US patent application publication no. US 2015/0120569 Al entitled “Virtual currency address security” discloses a network device configured to generate a first public-private key pair.
  • the network device is configured to receive, over an electronic network, public keys of two or more second public-private key pairs.
  • the network device is configured to generate a digital currency address using the public keys of the two or more second public-private key pairs and a public key of the first public- private key pair.
  • US patent application publication no. US 2015/332256 Al entitled “System and Method for Converting Cryptocurrency to Virtual Assets Whose Value is Substantiated by a Reserve of Asset” discloses a computer-based system converting cryptocurrency into a virtual asset.
  • the system includes a user account database server
  • the system also includes a cryptocurrency account server configured to receive, from a networked device of a user, a transfer of crypto currency, from an external cryptocurrency account. In response to receipt of such a transfer, the cryptocurrency account server is configured to update the data pertaining to the obligations of the system to the user.
  • the system also includes a user interface server configured to receive a request from the user for
  • the method comprising: connecting the smart card to a smart card terminal so as to allow an exchange of data between the smart card and the smart card terminal; sending a command pertaining to the financial transaction from the smart card terminal to the smart card; using the smart card to obtain cryptographic data indicative of the holder's approval of the transaction; and sending a response comprising the cryptographic data from the smart card to the smart card terminal; using the cryptographic data to authenticate the transaction on the
  • cryptographic data comprises copying a part of the private key; and wherein the using of the cryptographic data comprises:
  • the command pertaining to the financial transaction preferably includes transaction data.
  • the present invention is based inter alia on the insight of the inventors that blockchain-based financial assets, such as Bitcoin, can only be expected to become as common as traditional monetary assets if there is a seamless transition between both worlds in the user's daily experience.
  • the present invention is further based on the insight of the inventors that such a seamless user experience can be obtained by using a smart card - already well known to end users in the form of debit cards or credit cards - as the user's virtual currency store, provided that the terminals and banking infrastructure involved in the transaction can treat the interaction with the cryptocurrency smart card in exactly the same way as they would a transaction with a regular debit card or credit card.
  • the existing infrastructure must not be burdened with the task of interfacing with the blockchain ledger.
  • This can be done by a new intermediary, a blockchain authentication infrastructure, provided that a way can be found to transfer a transaction signature linked to the card to the blockchain authentication infrastructure in a secure manner.
  • the smart card can approve the transaction in a single roundtrip messaging cycle between the backend and the smart card, avoiding the need for a second message exchange. Only a part of the private key stored on the smart card is copied to card reader, as a way for the card to signal the card holder's approval of the transaction. This facilitates the deployment of the method according the present invention on existing POS terminals utilizing a standard EMV transaction flow.
  • the private key is a secret for use in a t out of n secret sharing scheme, with t > 1 and t ⁇ n, the method further comprising:
  • cryptocurrency' s blockchain comprises: using the cryptographic data and the online transaction signatures to authenticate the transaction on the cryptocurrency' s blockchain.
  • the inventors have found that the required security can be obtained by relying on a t out of n secret sharing scheme, whereby the smart card' s private key is used to generate an offline signature that participates in said t out of n secret sharing scheme and the blockchain authentication infrastructure (in particular one or more approval authorities) provide the
  • t ⁇ n, and n-t private keys for use in the secret sharing scheme are kept by a trusted party.
  • the inventors have found that the risks traditionally associated with on-card value stores, namely the risk of loss or theft, leading to a loss of the stored asset (or loss of access thereto) may be alleviated in the case of cryptocurrencies by using t out of n secret sharing schemes, whereby a trusted party has access to one or more additional secrets that allow for the reconstitution of a group of t secrets when the secret stored on the smart card is lost.
  • the one or more additional key may for example be submitted to an application in order to ( co- ) sign a transaction moving assets to a new digital currency address.
  • the transaction data is sent to the smart card in a customized APDU command. It is an advantage of this embodiment that the communication can take place in a way that is backward compatible with the
  • the customized APDU command may for example be a
  • a method for recovering access to an account in a cryptocurrency which is designed to be accessed by means of a smart card
  • the method comprising: retrieving an alternate private key from a different carrier than the smart card, the alternate private key being another secret for use in the t out of n secret sharing scheme; submitting the alternate private key to a recovery application on a server having access to t-1 other keys for use in the secret sharing scheme; at the server, combining the alternate private key and the t-1 other keys, to authenticate a transfer of assets in the account to an alternate account accessible by the holder.
  • the inventors have found that the risks traditionally associated with on-card value stores, namely the risk of loss or theft, leading to a loss of the stored asset (or loss of access thereto) may be alleviated in the case of cryptocurrencies by using t out of n secret sharing schemes with t ⁇ n, whereby the holder is able to retrieve an additional secret from another source than the smart card, which allows for the reconstitution of a group of t secrets when the secret stored on the smart card is lost.
  • a smart card for use in the method as described above, the smart card comprising a non-volatile memory having stored therein a private key and a cardlet configured to manage a store of value, wherein the smart card is adapted to receive a command pertaining to a financial transaction from a smart card terminal and to provide cryptographic data indicative of a card holder' s approval of the transaction; wherein the cryptographic data comprises a part of the private key, adapted to be combinable with a
  • a smart card for use in the method as described above, the smart card comprising a non-volatile memory having stored therein a private key and a cardlet configured to manage a store of value, wherein the smart card is adapted to produce cryptographic transaction signatures over transaction data using the private key and to send a message comprising the transaction signature and blockchain metadata to a reader.
  • a blockchain authentication infrastructure for authenticating a financial transaction in a blockchain-based cryptocurrency, the blockchain authentication infrastructure being configured to:
  • the private key is a secret for use in a t out of n secret sharing scheme
  • the blockchain authentication infrastructure being further configured to:
  • the blockchain authentication infrastructure is further configured to receive the transaction data, the offline transaction signature, and/or the t-1 online transaction signatures as parts of ISO 8583 or ISO 20022 messages.
  • a computer program product comprising code means configured to cause a processor to perform an authentication of a financial transaction in a blockchain-based cryptocurrency, by executing following steps: receiving transaction data pertaining to the financial transaction; obtaining an offline transaction signature over transaction data, generated by means of a private key, the private key being partially transmitted to the processor for recombination with a locally stored complementary part; and using the offline signature to authenticate the transaction on the cryptocurrency' s blockchain.
  • the private key is a secret for use in a t out of n secret sharing scheme, the code means being further
  • a mobile device application comprising code means configured to cause the mobile device to conduct a financial transaction in a blockchain-based cryptocurrency, by executing following steps: connecting with a smart card so as to allow an exchange of data with the smart card; sending a command pertaining to the financial transaction to the smart card; obtaining a response comprising cryptographic data from the smart card; and sending the response to a blockchain authentication infrastructure; wherein the command and the response are formatted as binary APDU commands and comprise blockchain metadata.
  • the command pertaining to the financial transaction preferably includes transaction data.
  • FIG. 1 schematically represents an embodiment of the smart card according to the present invention
  • Figure 2 schematically represents elements of an embodiment of the transaction authentication method according to the present invention
  • Figure 3 presents a flow chart of a general embodiment of the transaction authentication method according to the present invention .
  • FIG. 5 presents a flow chart of a second variant of the transaction authentication method of Figure 3 (according to the invention) ;
  • Figure 1 schematically represents an embodiment of the smart card according to the present invention.
  • the smart card preferably has a credit card form factor (ID-1) . It may have the look and be provided with the functionality of a typical modern banking card (e.g. a debit card or a credit card, optionally with an electronic wallet function) . Thus, the smart card may be provided with, for example, one or more of a magnetic stripe, a signature panel, embossed text (e.g., indicating the card number, cardholder name, expiry date, and the like) , printed text (e.g. a Card Verification Code), printed images (e.g. service logos, such as "VISA” , “VISA electron”, “MasterCard”, “Maestro”, and the like; a photograph of the cardholder; ... ) , anti- counterfeiting elements (e.g. a hologram, security printing, fluorescence, ... )
  • ID-1 credit card form factor
  • the card comprises a Secure Element (SE) , which is typically implemented as an integrated circuit that communicates with a card reader via externally exposed electrodes (such as those
  • additional cryptocurrency-related functions that characterize the present invention may be implemented in an additional integrated circuit (the "cryptocurrency IC") , connected to the Secure
  • the cryptocurrency IC has access to the exposed
  • the smart card is adapted for use in the transaction
  • the smart card comprises, as part of the cryptocurrency IC, a non-volatile memory having stored therein a private key and a cardlet configured to manage a store of value.
  • the smart card is adapted to receive a command pertaining to a financial transaction from a smart card terminal and to provide cryptographic data indicative of a card holder's approval of the transaction; wherein the cryptographic data comprises a part of the private key, adapted to be combinable with a separately stored complementary part of the private key to obtain the private key.
  • the smart card is adapted to produce
  • cryptographic transaction signatures over transaction data using the private key and to send a message comprising blockchain metadata (in particular, the transaction signature) to a reader.
  • FIG. 1 schematically represents elements of an embodiment of the transaction authentication method according to the present invention.
  • the smart card according to the present invention cooperates, as an offline signing device, with an online
  • the online hot wallet is "online” in the sense that it resides on a computing platform that is connected to a network such as the Internet, whereas the offline signing device can only communicate with the remaining infrastructure by means of a card reader as described above.
  • the online hot wat wallet is “online” in the sense that it resides on a computing platform that is connected to a network such as the Internet, whereas the offline signing device can only communicate with the remaining infrastructure by means of a card reader as described above.
  • the online hot wat wallet is “online” in the sense that it resides on a computing platform that is connected to a network such as the Internet, whereas the offline signing device can only communicate with the remaining infrastructure by means of a card reader as described above.
  • the online hot wat wallet is “online” in the sense that it resides on a computing platform that is connected to a network such as the Internet
  • a third key is stored in an offline backup wallet. Examples of a
  • FIG 3 presents a flow chart of a general embodiment of the transaction authentication method according to the present invention.
  • the method authenticates a financial transaction in a blockchain-based cryptocurrency by means of a smart card.
  • the smart card comprises a private key, which is a secret for use in a t out of n secret sharing scheme, with t > 1 and t ⁇ n, for authenticating a holder of an account in the cryptocurrency.
  • the method comprises connecting 1010 the smart card to a smart card terminal so as to allow an exchange of data between the smart card and the smart card terminal.
  • the smart card terminal may be a traditional point-of-sale terminal (POS terminal) , an automated teller machine (ATM) , an end user PC equipped with a smart card reader (with a contact-based or contactless card interface) and appropriate software, an end user mobile device (e.g., a smart phone) with a smart card reader (typically a contactless card interface, such as NFC) and an appropriate app, or any other type of equipment configured to exchange information with a smart card.
  • POS terminal point-of-sale terminal
  • ATM automated teller machine
  • ATM automated teller machine
  • an end user PC equipped with a smart card reader (with a contact-based or contactless card interface) and appropriate software an end user mobile device (e.g., a smart phone) with a smart card reader (typically a contactless card interface, such as NFC) and an appropriate app, or
  • a command (e.g. a customized 'SIGN' command) , optionally comprising transaction data pertaining to the financial transaction, is sent 1020 from the smart card terminal to the smart card.
  • the transaction data is sent to the smart card in an ISO-8583 'Generate AC command.
  • the smart card is used to obtain 1030 cryptographic data
  • a response comprising the cryptographic data is sent 1040 from the smart card to the smart card terminal, whence it can be relayed to the banking infrastructure for further processing.
  • the transaction signature is preferably sent from the smart card to the smart card terminal as a response to a proprietary APDU command ( ⁇ SIGN' ) .
  • the transaction data is also sent 1050 to t-1 approval authorities holding respective private keys for use in the secret sharing scheme.
  • a private key is used to cryptographically produce 1060 an online transaction signature over the transaction data; this approval may be conditional upon successful verification of one or more transaction approval criteria, such as the availability of sufficient funds in the card holder's account.
  • a trusted party keeps the remaining n-t private keys for use in the secret sharing scheme.
  • the trusted party may for example be the card holder, a person or entity designated by the card holder, the card issuer, etc. It is essential that the card holder, and only the card holder, is able to retrieve the remaining private key in case the smart card gets lost or stolen, in order to recover the assets that are represented by the smart card.
  • Figure 4 presents a flow chart of a first variant of the
  • the obtaining 1030 of the cryptographic data comprises using the private key to cryptographically produce an offline transaction signature over the transaction data in the smart card.
  • the offline signature is used to authenticate the transaction on the cryptocurrency' s blockchain.
  • the cryptographic data and the online transaction signatures are used 1070 together by the blockchain authentication infrastructure in that it combines the offline signature and the online signature (s) to authenticate the transaction on the cryptocurrency' s blockchain, in accordance with the t out of n scheme .
  • Figure 5 presents a flow chart of a second variant of the
  • the obtaining 1030 of the cryptographic data comprises copying a part of the private key stored in the smart card, and sending this part back the smart card terminal for further relaying to the blockchain authentication infrastructure.
  • the cryptographic data - i.e., the part of the smart card's private key - is combined by the blockchain authentication infrastructure with a separately stored complementary part of the private key to obtain the private key.
  • the private key thus reconstituted is used to cryptographically produce an offline transaction signature over the transaction data 1045 outside the smart card.
  • the offline signature is used to authenticate the transaction on the cryptocurrency' s blockchain.
  • the offline signature and the online signatures are combined to authenticate the transaction on the cryptocurrency' s blockchain, in accordance with the t out of n scheme.
  • FIG. 6 presents a flow chart of an embodiment of the secret recovery method according to the present invention.
  • the purpose is to recover access to an account in a cryptocurrency which is designed to be accessed by means of a smart card, for example in the event of loss or theft of the smart card.
  • the smart card comprises a private key, which is a secret for use in a t out of n secret sharing scheme, with t > 1 and t ⁇ n, for authenticating the holder of the account.
  • the method comprises retrieving 2010 an alternate private key from a different carrier than the smart card, the alternate private key being another secret for use in the t out of n secret sharing scheme.
  • This alternate key may be under the care of the card holder, the card issuer, or of a trusted third party. It may be stored electronically (e.g. on an optical disc or in a portable semiconductor-based memory, such as a USB stick) as a digital signature file or as a printable image representing the key (for example in pdf or jpg format), or in a "hard-copy" form (e.g.
  • the alternate private key is submitted 2020 to a recovery
  • FIG. 7 presents a flow chart of the method performed by an embodiment of the authentication back-end according to the present invention.
  • the back-end also referred to herein as the blockchain authentication infrastructure, is designed for authenticating a financial transaction in a blockchain-based cryptocurrency .
  • It is configured to receive 3045 transaction data pertaining to the financial transaction and to obtain the necessary
  • cryptographic signatures (the offline signature and t-1 online signatures) which can be combined to authenticate the transaction on the cryptocurrency' s blockchain, in accordance with the t out of n scheme.
  • the blockchain authentication infrastructure has to obtain 3055 an offline transaction signature over transaction data, generated by means of a private key being a secret for use in a t out of n secret sharing scheme, which key is stored in the smart card.
  • the offline signature is either generated by the smart card and subsequently transmitted via the smart card terminal to the blockchain authentication infrastructure, or it is generated by the blockchain
  • the blockchain authentication infrastructure is preferably configured to receive the transaction data 3045 , the offline transaction signature 3055, and/or the t-1 online transaction signatures 3060 as parts of ISO 8583 messages.
  • the blockchain authentication infrastructure may be implemented in dedicated hardware or on a general computing platform programmed with appropriate software.
  • the present invention therefore also pertains to a computer program product comprising code means configured to cause a processor to perform an authentication of a financial transaction in a blockchain-based cryptocurrency, by executing the steps described above with reference to Figure 7.
  • the smart card terminal may take the form of a mobile device, such as a smart a phone, with an appropriate card reading interface, such as an NFC interface.
  • a mobile device application also referred to as an "app" comprising code means configured to cause the mobile device to conduct a financial transaction in a
  • the command and the response are formatted as binary APDU commands and comprise blockchain metadata, which may include as the case may be transaction data, cryptographic signatures and/or shares of the applicable secret private key.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention pertains to a method for authenticating a transaction in a blockchain-based cryptocurrency using a smart card comprising a private key, which is a secret for use in a secret sharing scheme, for authenticating a holder of an account in the cryptocurrency. It comprises: connecting the smart card to a terminal to exchange data; sending a command to the smart card; using the smart card to obtain cryptographic data indicative of the holder's approval of the transaction; and sending a response comprising the cryptographic data to the terminal; and using the cryptographic data to authenticate the transaction on the cryptocurrency's blockchain. Obtaining said cryptographic data comprises copying a part of said private key, to be combined with a separately stored complementary part of the private key to produce an offline transaction signature over the transaction data outside the smart card.

Description

Method for authenticating a financial transaction in a blockchain- based cryptocurrency, smart card, and blockchain authentication infrastructure Field of the Invention
The present invention pertains to the field of electronic payment systems, and in particular to cryptocurrency systems using a blockchain infrastructure to store and certify transaction information.
Background
International patent application publication no.
WO 2015/183497 Al , entitled "Cryptocurrency virtual wallet system and method", describes a method in which an encrypted request to transfer a requested amount of cryptocurrency from a user address to a destination address is received. The request includes a destination address, a requested amount, a user device encryption key, and biometric data. A partially signed transaction to transfer a requested amount of cryptocurrency from the user address to the destination address is also received. The partially signed transaction is cryptographically signed and a multi-signed transaction is broadcast to a cryptocurrency network to transfer the requested amount of cryptocurrency from the user address to the destination address.
US patent application publication no. US 2015/0120569 Al, entitled "Virtual currency address security", discloses a network device configured to generate a first public-private key pair. The network device is configured to receive, over an electronic network, public keys of two or more second public-private key pairs. The network device is configured to generate a digital currency address using the public keys of the two or more second public-private key pairs and a public key of the first public- private key pair. US patent application publication no. US 2015/332256 Al , entitled "System and Method for Converting Cryptocurrency to Virtual Assets Whose Value is Substantiated by a Reserve of Asset", discloses a computer-based system converting cryptocurrency into a virtual asset. The system includes a user account database server
configured to store data of a plurality of user accounts. The stored data pertains to each user account and indicates an accounting of obligations of the system to the user. The system also includes a cryptocurrency account server configured to receive, from a networked device of a user, a transfer of crypto currency, from an external cryptocurrency account. In response to receipt of such a transfer, the cryptocurrency account server is configured to update the data pertaining to the obligations of the system to the user. The system also includes a user interface server configured to receive a request from the user for
conversion of cryptocurrency to an asset. In response to receipt of the request, the system updates the data pertaining to the user account of the user. International patent application no. WO 2015/175854 A2, entitled "System and method for digital currency storage, payment and credit", discloses a system and method for the secure online storage of digital currency or crypto-currency assets, and the secure use of stored online digital currency assets for financial payment transactions and credit lending transactions in either digital currency or fiat currency. It includes various methods for the encryption and secure online storage of a digital currency wallet using spliced / paired design architecture, and various methods for the integration of secure digital currency online wallets with online banking platforms, debit card devices, credit card devices, credit lending networks, merchant payment processors and credit card associations. It also relates to the use of spliced / paired design architecture for non-financial
applications that improve the online storage security of other types of data files and document files that are not related to digital currency or financial transactions. It is a disadvantage of the known systems that they require an infrastructure that is separate from existing debit card and credit card infrastructures, and that they present the end user with a noticeably different usage protocol, which could hinder the adoption of the system by users that are accustomed to the existing debit card and credit card experience and adverse to change .
Summary
It is an object of embodiments of the present invention to at least partially overcome the drawbacks of the prior art.
According to an aspect of the present invention, there is provided a method for authenticating a financial transaction in a
blockchain-based cryptocurrency by means of a smart card
comprising a private key for authenticating a holder of an account in the cryptocurrency, the method comprising: connecting the smart card to a smart card terminal so as to allow an exchange of data between the smart card and the smart card terminal; sending a command pertaining to the financial transaction from the smart card terminal to the smart card; using the smart card to obtain cryptographic data indicative of the holder's approval of the transaction; and sending a response comprising the cryptographic data from the smart card to the smart card terminal; using the cryptographic data to authenticate the transaction on the
cryptocurrency' s blockchain; wherein the obtaining of the
cryptographic data comprises copying a part of the private key; and wherein the using of the cryptographic data comprises:
combining the cryptographic data with a separately stored
complementary part of the private key to obtain the private key; using the private key to cryptographically produce an offline transaction signature over the transaction data outside the smart card; and using the offline signature to authenticate the
transaction on the cryptocurrency' s blockchain. The command pertaining to the financial transaction preferably includes transaction data. The present invention is based inter alia on the insight of the inventors that blockchain-based financial assets, such as Bitcoin, can only be expected to become as common as traditional monetary assets if there is a seamless transition between both worlds in the user's daily experience. The present invention is further based on the insight of the inventors that such a seamless user experience can be obtained by using a smart card - already well known to end users in the form of debit cards or credit cards - as the user's virtual currency store, provided that the terminals and banking infrastructure involved in the transaction can treat the interaction with the cryptocurrency smart card in exactly the same way as they would a transaction with a regular debit card or credit card. In particular, the existing infrastructure must not be burdened with the task of interfacing with the blockchain ledger. This can be done by a new intermediary, a blockchain authentication infrastructure, provided that a way can be found to transfer a transaction signature linked to the card to the blockchain authentication infrastructure in a secure manner. It is an advantage of the invention that the smart card can approve the transaction in a single roundtrip messaging cycle between the backend and the smart card, avoiding the need for a second message exchange. Only a part of the private key stored on the smart card is copied to card reader, as a way for the card to signal the card holder's approval of the transaction. This facilitates the deployment of the method according the present invention on existing POS terminals utilizing a standard EMV transaction flow.
In an embodiment of the method according to the present invention, the private key is a secret for use in a t out of n secret sharing scheme, with t > 1 and t ≤ n, the method further comprising:
sending the transaction data to t-1 approval authorities holding respective private keys for use in the secret sharing scheme; and at each of the approval authorities, using the respective private key to cryptographically produce a respective online transaction signature over the transaction data upon verification of a transaction approval criterion; wherein the using of the cryptographic data to authenticate the transaction on the
cryptocurrency' s blockchain comprises: using the cryptographic data and the online transaction signatures to authenticate the transaction on the cryptocurrency' s blockchain.
The inventors have found that the required security can be obtained by relying on a t out of n secret sharing scheme, whereby the smart card' s private key is used to generate an offline signature that participates in said t out of n secret sharing scheme and the blockchain authentication infrastructure (in particular one or more approval authorities) provide the
additionally required t-1 online signatures, upon verification of any relevant conditions (e.g., account balance) . In that
architecture, the interception of the cryptographic data
originating from the smart card by an attacker would not give this attacker access to the smart card holder's cryptocurrency assets.
In an embodiment of the method according to the present invention, t < n, and n-t private keys for use in the secret sharing scheme are kept by a trusted party.
The inventors have found that the risks traditionally associated with on-card value stores, namely the risk of loss or theft, leading to a loss of the stored asset (or loss of access thereto) may be alleviated in the case of cryptocurrencies by using t out of n secret sharing schemes, whereby a trusted party has access to one or more additional secrets that allow for the reconstitution of a group of t secrets when the secret stored on the smart card is lost. The one or more additional key may for example be submitted to an application in order to ( co- ) sign a transaction moving assets to a new digital currency address.
In an embodiment of the method according to the present invention, the transaction data is sent to the smart card in a customized APDU command. It is an advantage of this embodiment that the communication can take place in a way that is backward compatible with the
standardized format of a smart card application protocol data unit (APDU) . The customized APDU command may for example be a
proprietary 'SIGN' command APDU with INS = 0x40.
According to an aspect of the present invention, there is provided a method for recovering access to an account in a cryptocurrency which is designed to be accessed by means of a smart card
comprising a private key, the private key being a secret for use in a t out of n secret sharing scheme, with t > 1 and t < n, for authenticating a holder of the account, the method comprising: retrieving an alternate private key from a different carrier than the smart card, the alternate private key being another secret for use in the t out of n secret sharing scheme; submitting the alternate private key to a recovery application on a server having access to t-1 other keys for use in the secret sharing scheme; at the server, combining the alternate private key and the t-1 other keys, to authenticate a transfer of assets in the account to an alternate account accessible by the holder.
The inventors have found that the risks traditionally associated with on-card value stores, namely the risk of loss or theft, leading to a loss of the stored asset (or loss of access thereto) may be alleviated in the case of cryptocurrencies by using t out of n secret sharing schemes with t < n, whereby the holder is able to retrieve an additional secret from another source than the smart card, which allows for the reconstitution of a group of t secrets when the secret stored on the smart card is lost.
According to an aspect of the present invention, there is provided a smart card for use in the method as described above, the smart card comprising a non-volatile memory having stored therein a private key and a cardlet configured to manage a store of value, wherein the smart card is adapted to receive a command pertaining to a financial transaction from a smart card terminal and to provide cryptographic data indicative of a card holder' s approval of the transaction; wherein the cryptographic data comprises a part of the private key, adapted to be combinable with a
separately stored complementary part of the private key to obtain the private key.
According to an aspect of the present invention, there is provided a smart card for use in the method as described above, the smart card comprising a non-volatile memory having stored therein a private key and a cardlet configured to manage a store of value, wherein the smart card is adapted to produce cryptographic transaction signatures over transaction data using the private key and to send a message comprising the transaction signature and blockchain metadata to a reader.
According to an aspect of the present invention, there is provided a blockchain authentication infrastructure for authenticating a financial transaction in a blockchain-based cryptocurrency, the blockchain authentication infrastructure being configured to:
receive transaction data pertaining to the financial transaction; obtain an offline transaction signature over transaction data, generated by means of a private key, the private key being partially transmitted to the blockchain authentication
infrastructure for recombination with a locally stored
complementary part; and use the offline signature to authenticate the transaction on the cryptocurrency' s blockchain.
In an embodiment of the blockchain authentication infrastructure according to the present invention, the private key is a secret for use in a t out of n secret sharing scheme, the blockchain authentication infrastructure being further configured to:
generate or receive t-1 online transaction signatures over the transaction data; and combine the offline transaction signature and the online transaction signatures to authenticate the
transaction on the cryptocurrency' s blockchain.
In an embodiment, the blockchain authentication infrastructure according to the present invention is further configured to receive the transaction data, the offline transaction signature, and/or the t-1 online transaction signatures as parts of ISO 8583 or ISO 20022 messages.
According to an aspect of the present invention, there is provided a computer program product comprising code means configured to cause a processor to perform an authentication of a financial transaction in a blockchain-based cryptocurrency, by executing following steps: receiving transaction data pertaining to the financial transaction; obtaining an offline transaction signature over transaction data, generated by means of a private key, the private key being partially transmitted to the processor for recombination with a locally stored complementary part; and using the offline signature to authenticate the transaction on the cryptocurrency' s blockchain.
In an embodiment of the computer program product according to the present invention, the private key is a secret for use in a t out of n secret sharing scheme, the code means being further
configured to cause a processor to execute following steps:
generating or receiving t-1 online transaction signatures over the transaction data; and combining the offline transaction signature and the online transaction signatures to authenticate the
transaction on the cryptocurrency' s blockchain.
According to an aspect of the present invention, there is provided a mobile device application comprising code means configured to cause the mobile device to conduct a financial transaction in a blockchain-based cryptocurrency, by executing following steps: connecting with a smart card so as to allow an exchange of data with the smart card; sending a command pertaining to the financial transaction to the smart card; obtaining a response comprising cryptographic data from the smart card; and sending the response to a blockchain authentication infrastructure; wherein the command and the response are formatted as binary APDU commands and comprise blockchain metadata. The command pertaining to the financial transaction preferably includes transaction data. The technical effects and advantages of embodiments of the smart card, the blockchain authentication infrastructure, the computer program product, and the mobile device application according to the present invention correspond, mutatis mutandis, to those of the corresponding embodiments of the methods according to the present invention.
Brief Description of the Drawings
These and other technical effects and advantages of embodiments of the present invention will now be described with reference to the accompanying drawings, in which:
- Figure 1 schematically represents an embodiment of the smart card according to the present invention;
Figure 2 schematically represents elements of an embodiment of the transaction authentication method according to the present invention;
Figure 3 presents a flow chart of a general embodiment of the transaction authentication method according to the present invention ;
- Figure 4 presents a flow chart of a first variant of the
transaction authentication method of Figure 3 (not according to the invention) ;
- Figure 5 presents a flow chart of a second variant of the transaction authentication method of Figure 3 (according to the invention) ;
- Figure 6 presents a flow chart of an embodiment of the secret recovery method according to the present invention; and - Figure 7 presents a flow chart of the method performed by an embodiment of the authentication back-end according to the present invention. Throughout the figures, like reference numerals are used for like elements .
Description of Embodiments Figure 1 schematically represents an embodiment of the smart card according to the present invention.
The smart card preferably has a credit card form factor (ID-1) . It may have the look and be provided with the functionality of a typical modern banking card (e.g. a debit card or a credit card, optionally with an electronic wallet function) . Thus, the smart card may be provided with, for example, one or more of a magnetic stripe, a signature panel, embossed text (e.g., indicating the card number, cardholder name, expiry date, and the like) , printed text (e.g. a Card Verification Code), printed images (e.g. service logos, such as "VISA" , "VISA electron", "MasterCard", "Maestro", and the like; a photograph of the cardholder; ... ) , anti- counterfeiting elements (e.g. a hologram, security printing, fluorescence, ... )
The card comprises a Secure Element (SE) , which is typically implemented as an integrated circuit that communicates with a card reader via externally exposed electrodes (such as those
standardized in ISO 7816) or via a contactless interface (such as the ones standardized in ISO 14443 A/B and ISO18092) . The
additional cryptocurrency-related functions that characterize the present invention may be implemented in an additional integrated circuit (the "cryptocurrency IC") , connected to the Secure
Element, or they may be directly implemented in the Secure
Element, if the Secure Element hardware is suitable for it.
Through its connection with or the integration in the Secure Element, the cryptocurrency IC has access to the exposed
electrodes or the contactless interface.
The smart card is adapted for use in the transaction
authentication method that will be described in more detail below. For this purpose, the smart card comprises, as part of the cryptocurrency IC, a non-volatile memory having stored therein a private key and a cardlet configured to manage a store of value. In one variant, the smart card is adapted to receive a command pertaining to a financial transaction from a smart card terminal and to provide cryptographic data indicative of a card holder's approval of the transaction; wherein the cryptographic data comprises a part of the private key, adapted to be combinable with a separately stored complementary part of the private key to obtain the private key.
In another variant, the smart card is adapted to produce
cryptographic transaction signatures over transaction data using the private key and to send a message comprising blockchain metadata (in particular, the transaction signature) to a reader.
Figure 2 schematically represents elements of an embodiment of the transaction authentication method according to the present invention. The smart card according to the present invention cooperates, as an offline signing device, with an online
counterpart, indicated in the Figure as the "online hot wallet".
The online hot wallet is "online" in the sense that it resides on a computing platform that is connected to a network such as the Internet, whereas the offline signing device can only communicate with the remaining infrastructure by means of a card reader as described above. In particular, the online hot wat wallet
preferably has high-bandwidth connectivity with the relevant blockchain-based peer-to-peer network (e.g., for Bitcoin, this is the public Internet) . The online hot wallet and the offline signing device each have a private key (designated as Key 1 and Key 2, respectively, in Figure 2) , which are used to sign transaction data in a t out of n secret sharing scheme (in this case, t = 2 and n = 3) . A third key is stored in an offline backup wallet. Examples of a
multisignature functionality are known in the art. One known scheme is Shamir's Secret Sharing Scheme (ssss) , as described in A. Shamir, "How to share a secret", Communications of the ACM, vol. 22 (1979), issue 11, 612-613. In Bitcoin, the Bitcoin P2SH multisig protocol may be used.
Figure 3 presents a flow chart of a general embodiment of the transaction authentication method according to the present invention. The method authenticates a financial transaction in a blockchain-based cryptocurrency by means of a smart card. The smart card comprises a private key, which is a secret for use in a t out of n secret sharing scheme, with t > 1 and t ≤ n, for authenticating a holder of an account in the cryptocurrency.
The method comprises connecting 1010 the smart card to a smart card terminal so as to allow an exchange of data between the smart card and the smart card terminal. The smart card terminal may be a traditional point-of-sale terminal (POS terminal) , an automated teller machine (ATM) , an end user PC equipped with a smart card reader (with a contact-based or contactless card interface) and appropriate software, an end user mobile device (e.g., a smart phone) with a smart card reader (typically a contactless card interface, such as NFC) and an appropriate app, or any other type of equipment configured to exchange information with a smart card.
Once the connection is established, a command (e.g. a customized 'SIGN' command) , optionally comprising transaction data pertaining to the financial transaction, is sent 1020 from the smart card terminal to the smart card. Preferably, the transaction data is sent to the smart card in an ISO-8583 'Generate AC command. The smart card is used to obtain 1030 cryptographic data
indicative of the holder' s approval of the transaction, which approval may for example be assessed by requesting and verifying a PIN code, by a press on an "OK" button, by performing a
fingerprint recognition, or the like.
A response comprising the cryptographic data is sent 1040 from the smart card to the smart card terminal, whence it can be relayed to the banking infrastructure for further processing. The transaction signature is preferably sent from the smart card to the smart card terminal as a response to a proprietary APDU command ( ^SIGN' ) .
The transaction data is also sent 1050 to t-1 approval authorities holding respective private keys for use in the secret sharing scheme. In the simplest case, where t = 2, there will only be a single approval authority, which may be part of a blockchain authentication infrastructure as will be described below, or which may be a separate server. At the or each approval authority, a private key is used to cryptographically produce 1060 an online transaction signature over the transaction data; this approval may be conditional upon successful verification of one or more transaction approval criteria, such as the availability of sufficient funds in the card holder's account.
Finally, the cryptographic data and the online transaction signatures are used 1070, by the blockchain authentication infrastructure, to authenticate the transaction on the
cryptocurrency' s blockchain.
Preferably, t < n, and a trusted party keeps the remaining n-t private keys for use in the secret sharing scheme. In the case where t = 2 and n = 3, there will only be a single remaining private key. The trusted party may for example be the card holder, a person or entity designated by the card holder, the card issuer, etc. It is essential that the card holder, and only the card holder, is able to retrieve the remaining private key in case the smart card gets lost or stolen, in order to recover the assets that are represented by the smart card.
Figure 4 presents a flow chart of a first variant of the
transaction authentication method of Figure 3 (not according the invention) .
In this variant, the obtaining 1030 of the cryptographic data comprises using the private key to cryptographically produce an offline transaction signature over the transaction data in the smart card. Subsequently, the offline signature is used to authenticate the transaction on the cryptocurrency' s blockchain. Optionally, the cryptographic data and the online transaction signatures are used 1070 together by the blockchain authentication infrastructure in that it combines the offline signature and the online signature (s) to authenticate the transaction on the cryptocurrency' s blockchain, in accordance with the t out of n scheme .
Figure 5 presents a flow chart of a second variant of the
transaction authentication method of Figure 3 (according to the invention) .
For existing POS terminals, for backward compatibility reasons, a simplified secret sharing scheme is desired because there is typically no opportunity to have two round-trip communications between the back-end and the smart card. Accordingly, in this variant, the obtaining 1030 of the cryptographic data comprises copying a part of the private key stored in the smart card, and sending this part back the smart card terminal for further relaying to the blockchain authentication infrastructure. The cryptographic data - i.e., the part of the smart card's private key - is combined by the blockchain authentication infrastructure with a separately stored complementary part of the private key to obtain the private key. The private key thus reconstituted is used to cryptographically produce an offline transaction signature over the transaction data 1045 outside the smart card. Subsequently, the offline signature is used to authenticate the transaction on the cryptocurrency' s blockchain. Optionally, the offline signature and the online signatures are combined to authenticate the transaction on the cryptocurrency' s blockchain, in accordance with the t out of n scheme.
Figure 6 presents a flow chart of an embodiment of the secret recovery method according to the present invention. The purpose is to recover access to an account in a cryptocurrency which is designed to be accessed by means of a smart card, for example in the event of loss or theft of the smart card. The smart card comprises a private key, which is a secret for use in a t out of n secret sharing scheme, with t > 1 and t < n, for authenticating the holder of the account.
The method comprises retrieving 2010 an alternate private key from a different carrier than the smart card, the alternate private key being another secret for use in the t out of n secret sharing scheme. This alternate key may be under the care of the card holder, the card issuer, or of a trusted third party. It may be stored electronically (e.g. on an optical disc or in a portable semiconductor-based memory, such as a USB stick) as a digital signature file or as a printable image representing the key (for example in pdf or jpg format), or in a "hard-copy" form (e.g.
printed on a paper as a string of characters or a graphical code, such as a QR-code) .
The alternate private key is submitted 2020 to a recovery
application on a server having access to t-1 other keys for use in the secret sharing scheme. At the server, the alternate private key and the t-1 other keys are combined 2030, so as to arrive at the required t signatures to authenticate access to the assets. This access is then used to transfer the assets in the account to an alternate account accessible by the holder, for example a new account created for that purpose, thus removing the possibility for the finder or thief of the smart card to access the assets that were in the original account. Figure 7 presents a flow chart of the method performed by an embodiment of the authentication back-end according to the present invention. The back-end, also referred to herein as the blockchain authentication infrastructure, is designed for authenticating a financial transaction in a blockchain-based cryptocurrency .
It is configured to receive 3045 transaction data pertaining to the financial transaction and to obtain the necessary
cryptographic signatures (the offline signature and t-1 online signatures) which can be combined to authenticate the transaction on the cryptocurrency' s blockchain, in accordance with the t out of n scheme.
The blockchain authentication infrastructure has to obtain 3055 an offline transaction signature over transaction data, generated by means of a private key being a secret for use in a t out of n secret sharing scheme, which key is stored in the smart card.
According to the variants described above, the offline signature is either generated by the smart card and subsequently transmitted via the smart card terminal to the blockchain authentication infrastructure, or it is generated by the blockchain
authentication infrastructure by means of a private key that is reconstituted from a locally stored part of the key and a part that is transmitted by the smart card via the smart card terminal.
In addition, the blockchain authentication infrastructure
generates or receives from appropriate approval servers 3060 t-1 online transaction signatures over the transaction data.
When the offline signature and the t-1 online signatures are collected, they are combined 3070 to authenticate the transaction to the blockchain.
The blockchain authentication infrastructure is preferably configured to receive the transaction data 3045 , the offline transaction signature 3055, and/or the t-1 online transaction signatures 3060 as parts of ISO 8583 messages.
The blockchain authentication infrastructure may be implemented in dedicated hardware or on a general computing platform programmed with appropriate software. The present invention therefore also pertains to a computer program product comprising code means configured to cause a processor to perform an authentication of a financial transaction in a blockchain-based cryptocurrency, by executing the steps described above with reference to Figure 7.
As described above, the smart card terminal may take the form of a mobile device, such as a smart a phone, with an appropriate card reading interface, such as an NFC interface. The present invention therefore also applies to a mobile device application, also referred to as an "app", comprising code means configured to cause the mobile device to conduct a financial transaction in a
blockchain-based cryptocurrency, by executing following steps:
- connecting 1010 with a smart card so as to allow an exchange of data with the smart card;
- sending 1020 a command pertaining to the financial
transaction (preferably comprising the transaction data) to the smart card;
- obtaining 1040 a response comprising cryptographic data from the smart card; and
- sending the response to a blockchain authentication
infrastructure, for further processing as described above.
The command and the response are formatted as binary APDU commands and comprise blockchain metadata, which may include as the case may be transaction data, cryptographic signatures and/or shares of the applicable secret private key.
While the invention has been described hereinabove with reference to specific embodiments, this is done to clarify and not to limit the invention, the scope of which is determined by the
accompanying claims .

Claims

Claims
1. A method for authenticating a financial transaction in a blockchain-based cryptocurrency by means of a smart card
comprising a private key for authenticating a holder of an account in said cryptocurrency, the method comprising:
- connecting (1010) said smart card to a smart card terminal so as to allow an exchange of data between said smart card and said smart card terminal;
- sending (1020) a command pertaining to said financial
transaction from said smart card terminal to said smart card;
- using said smart card to obtain (1030) cryptographic data indicative of said holder's approval of said transaction;
- sending (1040) a response comprising said cryptographic data from said smart card to said smart card terminal; and
- using (1070) said cryptographic data to authenticate said transaction on said cryptocurrency' s blockchain;
wherein said obtaining (1030) of said cryptographic data comprises copying a part of said private key; and
wherein said using (1070) of said cryptographic data comprises:
- combining said cryptographic data with a separately stored complementary part of said private key to obtain said private key;
- using said private key to cryptographically produce an
offline transaction signature over said transaction data outside said smart card (1045); and
- using said offline signature to authenticate said transaction on said cryptocurrency' s blockchain.
2. The method according to claim 1,
wherein said private key is a secret for use in a t out of n secret sharing scheme, with t > 1 and t ≤ n,
the method further comprising:
- sending (1050) said transaction data to t-1 approval
authorities holding respective private keys for use in said secret sharing scheme; and - at each of said approval authorities, using said respective private key to cryptographically produce (1060) a respective online transaction signature over said transaction data upon verification of a transaction approval criterion;
wherein said using (1070) of said cryptographic data to
authenticate said transaction on said cryptocurrency' s blockchain comprises :
- using (1070) said cryptographic data and said online
transaction signatures to authenticate said transaction on said cryptocurrency' s blockchain.
3. The method according to claim 2, wherein n-t private keys for use in said secret sharing scheme are kept by a trusted party.
4. The method according to any of the preceding claims, wherein said transaction data is sent to said smart card in a customized APDU command.
5. A method for recovering access to an account in a
cryptocurrency which is designed to be accessed by means of a smart card comprising a private key, said private key being a secret for use in a t out of n secret sharing scheme, with t > 1 and t < n, for authenticating a holder of said account, the method comprising :
- retrieving (2010) an alternate private key from a different carrier than said smart card, said alternate private key being another secret for use in said t out of n secret sharing scheme;
- submitting (2020) said alternate private key to a recovery application on a server having access to t-1 other keys for use in said secret sharing scheme;
- at said server, combining (2030) said alternate private key and said t-1 other keys, to authenticate a transfer of assets in said account to an alternate account accessible by said holder.
6. A smart card for use in the method of any of the preceding claims, said smart card comprising a non-volatile memory having stored therein a private key and a cardlet configured to manage a store of value, wherein said smart card is adapted to receive a command pertaining to a financial transaction from a smart card terminal and to provide cryptographic data indicative of a card holder' s approval of said transaction; wherein said cryptographic data comprises a part of said private key, adapted to be
combinable with a separately stored complementary part of said private key to obtain said private key.
7. A smart card for use in the method of any of the preceding claims, said smart card comprising a non-volatile memory having stored therein a private key and a cardlet configured to manage a store of value, wherein said smart card is adapted to produce cryptographic transaction signatures over transaction data using said private key and to send a message comprising said transaction signature and blockchain metadata to a reader.
8. A blockchain authentication infrastructure for authenticating a financial transaction in a blockchain-based cryptocurrency, said blockchain authentication infrastructure being configured to:
- receive (3045) transaction data pertaining to said financial transaction;
- obtain (3055) an offline transaction signature over
transaction data, generated by means of a private key, said private key being partially transmitted to said blockchain authentication infrastructure for recombination with a locally stored complementary part; and
- use said offline signature to authenticate said transaction on said cryptocurrency' s blockchain.
9. The blockchain authentication infrastructure according to claim 8, wherein said private key is a secret for use in a t out of n secret sharing scheme, said blockchain authentication
infrastructure being further configured to:
- generate or receive (3060) t-1 online transaction signatures over said transaction data; and - combine (3070) said offline transaction signature and said online transaction signatures to authenticate said
transaction on said cryptocurrency' s blockchain.
10. The blockchain authentication infrastructure according to claim 9, further configured to receive said transaction data (3045), said offline transaction signature (3055), and/or said t-1 online transaction signatures (3060) as parts of ISO 8583 or ISO 20022 messages.
11. A computer program product comprising code means configured to cause a processor to perform an authentication of a financial transaction in a blockchain-based cryptocurrency, by executing following steps:
- receiving (3045) transaction data pertaining to said
financial transaction;
- obtaining (3055) an offline transaction signature over
transaction data, generated by means of a private key, said private key being partially transmitted to said processor for recombination with a locally stored complementary part; and
- using said offline signature to authenticate said transaction on said cryptocurrency' s blockchain
12. The computer program product according to claim 11, wherein said private key is a secret for use in a t out of n secret sharing scheme, said code means being further configured to cause a processor to execute following steps:
- generating or receiving (3060) t-1 online transaction
signatures over the transaction data; and
- combining (3070) said offline transaction signature and said online transaction signatures to authenticate said
transaction on said cryptocurrency' s blockchain.
13. A mobile device application comprising code means configured to cause said mobile device to conduct a financial transaction in a blockchain-based cryptocurrency, by executing following steps: - connecting (1010) with a smart card so as to allow an exchange of data with said smart card;
- sending (1020) a command pertaining to said financial transaction to said smart card;
- obtaining (1040) a response comprising cryptographic data from said smart card; and
- sending said response to a blockchain authentication
infrastructure;
wherein said command and said response are formatted as binary APDU commands and comprise blockchain metadata.
PCT/EP2018/070517 2017-07-27 2018-07-27 Method for authenticating a financial transaction in a blockchain-based cryptocurrency, smart card, and blockchain authentication infrastructure WO2019020824A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP18752695.9A EP3659088A1 (en) 2017-07-27 2018-07-27 Method for authenticating a financial transaction in a blockchain-based cryptocurrency, smart card, and blockchain authentication infrastructure

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BEBE2017/5532 2017-07-27
BE2017/5532A BE1025438B1 (en) 2017-07-27 2017-07-27 METHOD FOR AUTHENTICATING A FINANCIAL TRANSACTION IN A BLOCKCHAIN BASED CRYPTOCURRENCY, SMARTCARD AND BLOCKCHAIN AUTHENTICATION INFRASTRUCTURE

Publications (1)

Publication Number Publication Date
WO2019020824A1 true WO2019020824A1 (en) 2019-01-31

Family

ID=60164529

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/070517 WO2019020824A1 (en) 2017-07-27 2018-07-27 Method for authenticating a financial transaction in a blockchain-based cryptocurrency, smart card, and blockchain authentication infrastructure

Country Status (3)

Country Link
EP (1) EP3659088A1 (en)
BE (1) BE1025438B1 (en)
WO (1) WO2019020824A1 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109886662A (en) * 2019-02-18 2019-06-14 北京正合链通科技有限公司 Block chain wallet application method and system, terminal and computer readable storage medium
CN110213058A (en) * 2019-06-05 2019-09-06 北京清大智信科技有限公司 A kind of block chain all-in-one machine for realizing data cochain
CN110287739A (en) * 2019-06-17 2019-09-27 西安纸贵互联网科技有限公司 Data safety control method and system based on hardware private keys memory technology
CN110401534A (en) * 2019-09-04 2019-11-01 朱子腾 Account system based on no coin block chain
CN110417557A (en) * 2019-08-02 2019-11-05 中国工商银行股份有限公司 Intelligent terminal peripheral data method of controlling security and device
CN111127016A (en) * 2019-12-26 2020-05-08 卓尔智联(武汉)研究院有限公司 Offline evidence distribution method and device, computer equipment and storage medium
WO2020108813A1 (en) 2018-11-30 2020-06-04 Winrich Hoseit Nfc communication system and nfc carrier unit
CN111523879A (en) * 2019-12-23 2020-08-11 杜晓楠 Digital asset safety isolation trusteeship system and method
CN112200550A (en) * 2020-09-23 2021-01-08 周海婷 Offline payment verification method based on digital finance and block chain platform
WO2021074750A1 (en) * 2019-10-16 2021-04-22 Centbee (Pty) Ltd Systems and methods for improved electronic transfer of resources via a blockchain
JP2021068032A (en) * 2019-10-18 2021-04-30 真敬 森下 Management device, management program, management method, terminal device, and management system
US20210374718A1 (en) * 2018-09-04 2021-12-02 Sony Corporation Ic card, processing method, and information processing system
CN115175170A (en) * 2022-06-30 2022-10-11 中国联合网络通信集团有限公司 USIM data autonomous uplink realization method, terminal, USIM and system
WO2022253424A1 (en) * 2021-06-02 2022-12-08 FATIH, Selahattin Transaction system for cryptographic financial assets stored decentrally in a computer network
EP4133686A4 (en) * 2020-04-06 2024-01-10 Mastercard Asia Pacific Pte Ltd Method and system for use of an emv card in a multi-signature wallet for cryptocurrency transactions

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5825880A (en) * 1994-01-13 1998-10-20 Sudia; Frank W. Multi-step digital signature method and system
US20150120569A1 (en) 2013-10-31 2015-04-30 Bitgo, Inc. Virtual currency address security
US20150287026A1 (en) * 2014-04-02 2015-10-08 Modernity Financial Holdings, Ltd. Data analytic and security mechanism for implementing a hot wallet service
WO2015175854A2 (en) 2014-05-15 2015-11-19 Cryptyk, Inc. (Trading As Bitsavr Inc.) System and method for digital currency storage, payment and credit
US20150332256A1 (en) 2014-05-15 2015-11-19 Bitreserve, LTD System and Method for Converting Cryptocurrency to Virtual Assets Whose Value is Substantiated by a Reserve of Assets
WO2015183497A1 (en) 2014-05-06 2015-12-03 Case Wallet, Inc. Cryptocurrency virtual wallet system and method
US20160162897A1 (en) * 2014-12-03 2016-06-09 The Filing Cabinet, LLC System and method for user authentication using crypto-currency transactions as access tokens
US20160253663A1 (en) * 2015-02-27 2016-09-01 Adam Clark Transaction signing utilizing asymmetric cryptography
US20160261411A1 (en) * 2012-11-28 2016-09-08 Hoverkey Ltd. Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
WO2016156954A1 (en) * 2015-03-27 2016-10-06 Black Gold Coin, Inc. Systems and methods for personal identification and verification

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5825880A (en) * 1994-01-13 1998-10-20 Sudia; Frank W. Multi-step digital signature method and system
US20160261411A1 (en) * 2012-11-28 2016-09-08 Hoverkey Ltd. Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
US20150120569A1 (en) 2013-10-31 2015-04-30 Bitgo, Inc. Virtual currency address security
US20150287026A1 (en) * 2014-04-02 2015-10-08 Modernity Financial Holdings, Ltd. Data analytic and security mechanism for implementing a hot wallet service
WO2015183497A1 (en) 2014-05-06 2015-12-03 Case Wallet, Inc. Cryptocurrency virtual wallet system and method
WO2015175854A2 (en) 2014-05-15 2015-11-19 Cryptyk, Inc. (Trading As Bitsavr Inc.) System and method for digital currency storage, payment and credit
US20150332256A1 (en) 2014-05-15 2015-11-19 Bitreserve, LTD System and Method for Converting Cryptocurrency to Virtual Assets Whose Value is Substantiated by a Reserve of Assets
US20160162897A1 (en) * 2014-12-03 2016-06-09 The Filing Cabinet, LLC System and method for user authentication using crypto-currency transactions as access tokens
US20160253663A1 (en) * 2015-02-27 2016-09-01 Adam Clark Transaction signing utilizing asymmetric cryptography
WO2016156954A1 (en) * 2015-03-27 2016-10-06 Black Gold Coin, Inc. Systems and methods for personal identification and verification

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
A. SHAMIR: "How to share a secret", COMMUNICATIONS OF THE ACM, vol. 22, no. 11, 1979, pages 612 - 613, XP000565227, DOI: doi:10.1145/359168.359176

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210374718A1 (en) * 2018-09-04 2021-12-02 Sony Corporation Ic card, processing method, and information processing system
WO2020108813A1 (en) 2018-11-30 2020-06-04 Winrich Hoseit Nfc communication system and nfc carrier unit
CN109886662A (en) * 2019-02-18 2019-06-14 北京正合链通科技有限公司 Block chain wallet application method and system, terminal and computer readable storage medium
CN110213058A (en) * 2019-06-05 2019-09-06 北京清大智信科技有限公司 A kind of block chain all-in-one machine for realizing data cochain
CN110287739B (en) * 2019-06-17 2020-12-29 西安纸贵互联网科技有限公司 Data security management method and system based on hardware private key storage technology
CN110287739A (en) * 2019-06-17 2019-09-27 西安纸贵互联网科技有限公司 Data safety control method and system based on hardware private keys memory technology
CN110417557A (en) * 2019-08-02 2019-11-05 中国工商银行股份有限公司 Intelligent terminal peripheral data method of controlling security and device
CN110401534A (en) * 2019-09-04 2019-11-01 朱子腾 Account system based on no coin block chain
WO2021074750A1 (en) * 2019-10-16 2021-04-22 Centbee (Pty) Ltd Systems and methods for improved electronic transfer of resources via a blockchain
JP2021068032A (en) * 2019-10-18 2021-04-30 真敬 森下 Management device, management program, management method, terminal device, and management system
JP7075917B2 (en) 2019-10-18 2022-05-26 真敬 森下 Management device, management program, management method, terminal device, and management system
CN111523879A (en) * 2019-12-23 2020-08-11 杜晓楠 Digital asset safety isolation trusteeship system and method
CN111523879B (en) * 2019-12-23 2023-06-06 杜晓楠 Digital asset security isolation hosting system and method
CN111127016A (en) * 2019-12-26 2020-05-08 卓尔智联(武汉)研究院有限公司 Offline evidence distribution method and device, computer equipment and storage medium
CN111127016B (en) * 2019-12-26 2022-08-02 卓尔智联(武汉)研究院有限公司 Offline evidence distribution method and device, computer equipment and storage medium
EP4133686A4 (en) * 2020-04-06 2024-01-10 Mastercard Asia Pacific Pte Ltd Method and system for use of an emv card in a multi-signature wallet for cryptocurrency transactions
CN112200550B (en) * 2020-09-23 2021-05-11 北京联银通科技有限公司 Offline payment verification method based on digital finance and block chain platform
CN112200550A (en) * 2020-09-23 2021-01-08 周海婷 Offline payment verification method based on digital finance and block chain platform
WO2022253424A1 (en) * 2021-06-02 2022-12-08 FATIH, Selahattin Transaction system for cryptographic financial assets stored decentrally in a computer network
CN115175170A (en) * 2022-06-30 2022-10-11 中国联合网络通信集团有限公司 USIM data autonomous uplink realization method, terminal, USIM and system
CN115175170B (en) * 2022-06-30 2023-06-02 中国联合网络通信集团有限公司 USIM data autonomous uplink implementation method, terminal, USIM and system

Also Published As

Publication number Publication date
EP3659088A1 (en) 2020-06-03
BE1025438B1 (en) 2019-02-27
BE1025438A1 (en) 2019-02-20

Similar Documents

Publication Publication Date Title
WO2019020824A1 (en) Method for authenticating a financial transaction in a blockchain-based cryptocurrency, smart card, and blockchain authentication infrastructure
JP7442552B2 (en) Dynamic off-chain digital currency transaction processing
CN110612546B (en) Method and apparatus for digital asset account management
US11736296B2 (en) Biometric verification process using certification token
TW591459B (en) Enabling use of smart cards by consumer devices for Internet commerce
US20220311779A1 (en) Binding cryptogram with protocol characteristics
US20160171480A1 (en) Methods and systems for transferring electronic money
CN109716373B (en) Cryptographically authenticated and tokenized transactions
EP2040228A1 (en) System, method and device for enabling secure and user-friendly interaction
EP4186205A1 (en) Offline interaction system and method
CN113015992B (en) Cloud token provisioning of multiple tokens
CN103400267B (en) System and method for generating currency file, security device, transaction system and method
CN113196704A (en) Techniques for securely performing offline authentication
AU2023201327B2 (en) Techniques for secure channel communications
CN111062717B (en) Data transfer processing method, device and computer readable storage medium
US20220291979A1 (en) Mobile application integration
WO2020081788A1 (en) Method and system for processing data with diverse protocols
TWM603166U (en) Financial transaction device and system with non-contact authentication function
US20240054460A1 (en) Devices, systems, and methods for public/private key authentication
KR102395870B1 (en) A payment terminal apparatus for providing payment services using a distributed management network of encryption key based on block chains
WO2023172261A1 (en) Cryptographic key store on card
WO2024072915A1 (en) Native cryptocurrency payment system
CN117355856A (en) User authentication using digital tags
CN114793455A (en) System and method for improving electronic transfer of resources via a blockchain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18752695

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2018752695

Country of ref document: EP

Effective date: 20200227