WO2021118942A9 - Distributed terminals network management, systems, devices, interfaces and workflows - Google Patents
Distributed terminals network management, systems, devices, interfaces and workflows Download PDFInfo
- Publication number
- WO2021118942A9 WO2021118942A9 PCT/US2020/063677 US2020063677W WO2021118942A9 WO 2021118942 A9 WO2021118942 A9 WO 2021118942A9 US 2020063677 W US2020063677 W US 2020063677W WO 2021118942 A9 WO2021118942 A9 WO 2021118942A9
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- terminals
- virtual currency
- transaction
- currency
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
Definitions
- Terminals relate generally to terminals, and more specifically, to security and management of a distributed set or network of terminals using methods such as, for example, operator controls/graphical user interfaces (GUIs), biometric authentication, and/or decentralized learning.
- GUIs graphical user interfaces
- Terminals may, in some examples, be hardware terminals, clients, vending machines, or kiosks.
- Distributed terminal networks may become prevalent. Accordingly, there may be a growing need for efficient and secure distributed terminal systems, such as to protect against emerging security risks.
- Current systems and methods do not possess, in some examples, a structure or configuration that provides quick or robust security. Current systems and methods are therefore not quick or adaptive. For example, current systems and methods do not provide a hardware-service configuration and workflow that allows for quick and robust deployment of security features, reinstatement and storage of machine states, etc. Further, current systems and methods are not easily updated and new advancements in security are not easily leveraged or implemented.
- Embodiments include a method, system, and computer program product for controlling operations at distributed terminals.
- a computer implemented method may include a graphical user interface (GUI) and operator console management system for a distributed terminal network.
- the terminals may be hardware terminals, kiosks, or clients.
- a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals based on an operator configuration.
- Security scores may be determined by a provider, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted.
- the factors may incorporate operator settings or preferences.
- the factors include one or more facial recognition factors.
- the one or more facial recognition factors may be used for biometric authentication.
- the provider may use the security scores to determine user privileges or permissions for the operations.
- the provider may deliver instructions or messages to the terminals based on the determinations.
- Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of the actions of the methods.
- Some examples of the advantages of the presented technology include speed, efficiency, and security over present systems.
- modifications to the protocols to adapt to emerging needs can be rapidly implemented and deployed to some or all of the distributed network.
- the presented technology allows for operator tailoring of security preferences and protocols.
- FIG. l is a diagram of a general network environment that can be used with terminals, hardware terminals, kiosks, nodes, or clients.
- FIG. 2A is a diagram of a general network environment that can be used with terminals, hardware terminals, kiosks, nodes, or clients, serviced by a software service vendor.
- FIG 2B is a diagram of a network architecture environment that can be used with terminals, hardware terminals, kiosks, nodes, or clients, serviced by, for example, a software service vendor.
- FIG. 2C is a diagram of a network architecture environment that can be used with terminals, hardware terminals, kiosks, nodes, or clients, serviced by, for example, more than one software service vendor.
- FIG. 3 is a diagram of a hardware terminal.
- FIG. 4A is another diagram of a hardware terminal.
- Fig. 4B is a diagram illustrating GUI options/selections on a multi-use terminal.
- Fig. 4C is a decision tree showing various workflows triggered based on user selections.
- Fig. 4D shows a logic diagram relating workflows and toggling between workflows.
- FIG. 5 is a flowchart showing a general transfer process
- FIG. 6 is a flowchart showing a detailed view of a input process
- FIG. 7 is a flowchart showing a detailed view of a output process
- FIG. 8A is a flowchart showing a general view of a score analysis process
- FIG. 8B is a flowchart showing a general view of a verification process
- FIG. 9A is a flowchart showing an input process.
- FIG. 9B is a flowchart showing an output process.
- FIG. 9C is a flowchart showing an input process connected with a terminal machine state.
- FIG. 9D is a flowchart showing an output process connected with a terminal machine state.
- FIG. 9E is a diagram showing a map comprising terminals near a customer’s location.
- FIG 9F shows an example distributed network terminal environment.
- Fig. to is a diagram showing a decentralized learning network.
- API Application Programming Interface CNN- Convolutional Neural Network FL - Federated Learning
- HTTP/HTTPS Hyper Text Transfer Protocol/ Hyper Text Transfer Protocol Secure
- VPN Virtual Private Network
- API technologies provide routines, protocols, and tools for building software applications and specifies how software components should interact.
- Cloud computing is a model that promotes ubiquitous, on-demand network access to shared computing. Fog computing
- Horizontal system level architecture that distributes computing, storage, control and networking functions closer to the users along a cloud-to-thing continuum.
- Public and private keys are created in pairs for each entity involved in a transmission and encrypt and decrypt information during the initial part of the transmission so that only the sender and recipient of the transmission can decrypt and read the information.
- Public key is available to everyone while the private key is known only to the creator of the keys.
- a point-of-sale may be any interface, device, node, or location that allows for a transaction to occur.
- a POS may be a device, such as a mobile phone, computer, ATM kiosk or terminal.
- a cloud network of points-of-sale, nodes, devices, or terminals may be provided.
- Each POS may be capable of providing, interacting with, or transacting funds, such as fiat or cash, and virtual currency.
- a virtual currency POS or terminal may be a hardware terminal that allows for the purchase, sale, or exchange of funds or fiat currency for cryptocurrency.
- An operator may purchase and/or provide POS or terminals at selected locations to allow customer access.
- the virtual currency POS may be additionally capable of transactions that do not require or use virtual currency.
- member POS or terminals in a cloud network may interact with software services provided by a vendor, for example.
- the terminals may include special software and/or hardware capabilities to allow interaction with the vendor services.
- the POS or terminals may include special software and/or hardware capabilities to allow virtual currency transactions.
- a POS or terminal may or may not be configured to possess a static IP address.
- a static IP address may be whitelisted, for example, by software services of the vendor to perform particular actions, make particular requests, etc.
- the vendor may partially, or entirely, block IP addresses that are not whitelisted, or known, etc.
- the vendor may provide full, limited, or restricted privileges to IP addresses that are whitelisted, or known, etc.
- SSH privileges for vendor servers and the like may be blocked or restricted for ah IP addresses except a selected set of known IP addresses.
- POS or terminal peripherals maybe controlled, for example, via javascript using ActiveX controls, or using compiled code to transmit messages directly over serial hardware connections.
- a software service may be delivered, or provided by, a third party service, or vendor.
- the third party service for example, may be a software service of a vendor.
- the software service may be hosted at a vendor-owned location, a third party location, or a proxy location, for example.
- Software services may utilize any combination of the below components, for example.
- Transport Layer Security/Secure Sockets Layer TLS/SSL
- Transport Layer Security/Secure Sockets Layer (TLS/SSL) connections make use of public and private keys among parties when establishing a connection and secure almost all transmissions over the internet or computer networks, including emails, web browsing, logins, and financial transactions, ensuring that ah data that passes between a web server and a browser remains private and secure.
- TLS/SSL Transport Layer Security/Secure Sockets Layer
- X.509 certificates are digital certificates administered by certificate authorities that use the X.509 PKI standard to verify that a public key belongs to the user, computer, or service identity in the certificate and are used worldwide across public and private sectors.
- X.509 attribute certificates can encode attributes (such as name, date of birth, address, and unique identifier number), are attached cryptographically to the X.509 certificate, and are administered by attribute certificate authorities.
- HTTP and HTTPS will be used interchangeably and that use of either term includes either alternative.
- REST Representational state transfer
- VPN Virtual Private Network
- a VPN may establish a secure and private tunnel from a network, terminal, or device, for example to another network element such as a vendor service, for example.
- a security group rules may be defined that dictate the allowed inbound and/or outbound traffic to a server, for example.
- a security rule may specify to allow SSH access, from a particular IP address, on a particular port or port range, and using a particular protocol, such as TCP.
- VPC Virtual Private Cloud
- a VPC allows isolation of shared cloud resources, for example.
- private IP subnets may be assigned to a VPC user that is accompanied by a VPN function or access that secures, by means of authentication and encryption, the user’s VPC resources.
- One element of a software service may be a processing queue.
- the queue may be processed in a first-in-first-out (FIFO) or last-in-first-out (LIFO) order.
- the queue may collect several processes to be carried out.
- a software service may be hosted on elastic server architecture, in one example.
- computing resources may be automatically increased or decreased to meet computing needs.
- Computing thresholds may be preset or configured. When a threshold is exceeded for example, additional computing resources may be allocated.
- a software service may be hosted using serverless architecture.
- serverless architecture computing resources are allocated as necessary on a per-request basis. After the request is processed, the computing resources are unallocated, or returned.
- Various data structures may be used in conjunction with the software services.
- various data structures maybe used alone, or in combination, to store customer data/metadata, transaction data, etc.
- Some example data structures include arrays, stacks, queues, linked lists, trees, graphs, tries, and hash tables.
- a third party vendor or provider may provide virtual currency processing software services.
- Software may be installed on terminals or via backend/cloud servers, or both.
- a “plurality’ refers to “one or more” of an element and does not impose any requirement for more than one element.
- a virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes.
- cryptocurrency can refer to any virtual or digital currency/asset, and vice versa.
- virtual currencies include, but are not limited to, Bitcoin, Litecoin, Ethereum, and Bitcoin Cash, and Ripple.
- Virtual currencies and/or cryptocurrencies have been introduced in recent years.
- One advantage of the use of virtual currency is that many third parties may be eliminated. This allows for elimination of some third party service fees, for example.
- Virtual currency does not require a holding bank. Therefore, it is possible for a software provider to orchestrate the transfer of virtual currencies between two other parties via messaging instructions. Therefore, the software provider is not required to handle, possess, or act as the custodian of actual funds.
- Various services may be pipelined, and executed in conjunction, in a non-blocking manner, for example.
- FIG. l is a diagram of a general network environment that can be used with terminals or points-of-sale capable of virtual currency and/or other transactions.
- One or more terminals may be in communication through a network 102 with a backend service, 103a or 103b, hosted by a vendor or software service provider, for example.
- the one or more terminals may send requests 104 through the network 102 to the service 103a or 103b.
- the service may determine a response 105 using information and data from a datastore 106, for example.
- the response 105 may be sent to the terminal instructing certain actions, for example.
- the backend service may be in further communication with third party services, 107a or 107b, for example.
- the terminals or points-of-sale may be hardware terminals capable of any transaction.
- the terminals may be one or a combination of, for example, ATMs, virtual currency ATMs such as Bitcoin ATMs, product terminals capable of vending or dispensing a product.
- the product may be a cannabis or cannabis-containing product, tobacco or tobacco-containing product.
- the products may be regulated in some form.
- the legal age of purchase of the product may be 18 years or greater in a sale location.
- a terminal may be a dispensing product that can accept cash or virtual currency for the purchase.
- FIG. 2A is a diagram of a general network environment that can be used with terminals or points-of-sale capable of virtual currency and/or other transactions serviced by a software service vendor.
- Various terminals (201a, 201b, 201c) may be operated or serviced by an operator 202, for example.
- Various other terminals (203a, 203b, 203c) may be operated or serviced by another operator 204, for example.
- the terminals may be in communication through a network with one or more software services provided by one or more vendors or software service providers (205), for example.
- the vendor may provide various software services hosted on one or more servers (2o6a-2o6g).
- the software services maybe hosted together, or separately, for example.
- the software services may reference or use data from one or more datastores (207a-207d), for example.
- FIG 2B is a diagram of a network architecture environment that can be used with client nodes, terminals or points-of-sale capable of virtual currency and/or other transactions serviced by, for example, a software service vendor.
- a client node, terminal, or point-of-sale 230 may access the software services of a vendor through a secure connection such as a VPN 232a.
- the terminal/point-of-sale and the VPN may each possess a static IP address or a dynamic IP address.
- the software service assets may be secured, for example behind a firewall or within a VPC 233. Connections to some or all of the services or microservices in the VPC may be configured to allow or disallow traffic from particular IP addresses or IP address ranges. For example, some services in the VPC may only allow inbound traffic from the IP address of the VPN service 232a.
- the software services may be core software services and may include any number of microservices (22ta-22td). Services and microservices may be segregated on different servers or may be devised in a shared server tenancy architecture. Each service or microservice may be balanced between one or more servers (234a-234d) via a load balancer 235 and may access one or more corresponding databases 236. Each service or microservice, for example 221a, may also be in communication with other services or microservices, for example 22ib-22td, that are part of the system or VPC. Each service or microservice server may be devised in an elastic infrastructure with access to storage infrastructure such as database infrastructure 236.
- a service or microservice server resource may automatically scale up, or allocated, upon increased demand for server resources beyond a certain threshold.
- a service or microservice server resource may automatically scale down, or unallocated, upon decreased demand for server resources at a certain threshold.
- the servers for services and microservices may be segregated, or allocated, into different availability zones or failover regions.
- the software services may prepare and process requests and responses to and from third party services (237a-237c).
- An administrator 231 may access the software services through a secure connection such as a VPN 232b.
- the administrator machine(s) and the VPN may each possess a static IP address or a dynamic IP address.
- the software service assets may be secured, for example behind a firewall or within a VPC 233. Connections to some or all of the services or microservices in the VPC may be configured to allow or disallow traffic from particular IP addresses or IP address ranges. For example, some services in the VPC may only allow inbound traffic from the IP address of the VPN service 232b.
- FIG. 2C is a diagram of a network architecture environment that can be used with terminals, hardware terminals, kiosks, nodes, or clients, serviced by, for example, more than one software service vendor or provider.
- more than one software service or other service provider (241a, 241b) may provide software or other services to operators (243a, 243b) and terminals hosted or managed by those operators (244a, 244b hosted/managed by 243a; and 244c, 244d hosted/managed by 243b).
- operators 243a, 243b
- terminals hosted or managed by those operators (244a, 244b hosted/managed by 243a; and 244c, 244d hosted/managed by 243b).
- a split multi-service and multi-hosting environment is devised. It will be understood that more than two software service providers may provide services as above in other embodiments without departing from the scope of this disclosure.
- the software service providers may provide different roles and/or services. Depending on the selection, action, or operation requested by a customer at a terminal, for example, a particular software service by a particular provider may be triggered, called, or summoned. For example, a particular type of operation or request at a terminal may be routed to a particular service provider. Thus, in some examples, a particular request or operation may make use of one service provider while another request or operation may make use of another service provider. For example, a customer may visit a terminal and request a virtual currency transaction, for which the associated requests/operations maybe routed using a particular channel to a particular software service provider.
- the channel may be pre-configured via, for example, instructions included at the terminal in one or more files for handling virtual currency transaction requests/operations.
- One example channel maybe a browser or application capable of sending/receiving HTTP/HTTPS requests/responses. It will be understood that any network connection or communication channel may be used to communicate with a software service provider.
- Each software service provider may be contacted in one or more of various network methods.
- a first software service provider is contacted using a network connection such as internet connections, ethernet network connections, wireless network connections such as satellite or cellular network connection using, for example, 3G/4G LTE data connections, or Wi-Fi connections.
- Terminals (244a-244d) may then be outfitted with software or software portions as described herein, wherein the software or software portions orchestrate request routing to the appropriate software service provider to handle a particular type of request.
- a first software service provider maybe utilized to provide handling and/or processing of some or all of a virtual currency transaction.
- a second software service provider maybe utilized to provide handling and/or processing of some or ah of a transaction that does not utilize virtual currency, such as an ATM cash deposit to, or withdrawal from, bank transaction, or a check deposit or cashing bank transaction.
- virtual currency such as an ATM cash deposit to, or withdrawal from, bank transaction, or a check deposit or cashing bank transaction.
- the first and second software service providers may be the same entity wherein different requests as above may be routed to different processing software portions of the same software service provider.
- a customer may visit a terminal 244a of a first operator 243a, for example.
- the terminal may be a combination terminal as described herein, which is capable of providing ATM cash transactions, for example, that do not utilize virtual currency, and also capable of providing virtual currency transactions.
- a customer may be presented with two options, for example, as two buttons in a GUI, for example. The two options may correspond to each of the two different types of transactions described above. Each option or button may trigger a different software portion to be executed.
- ATM cash transactions may require the use of, or communication with, bank networks 245.
- a software service provider may be an ATM host processor 241b that handles this communication with the bank networks 245 and/or the customer’s associated bank account.
- the software service provider in this instance, may contact the customer’s bank based on the customer’s debit or EMV card.
- the software service provider may establish communication with the customer’s bank to determine, for example, authentication factors, funds availability, etc.
- a transaction may be authorized or not authorized.
- the software service provider in this instance, may then deliver a message to the terminal communicating whether the transaction is, or is not, authorized, or possible based on funds, etc.
- communication with such a software service provider may be pre-configured or configured at a terminal by identifying an IP address of the software service provider.
- Network connection or communication with the software service provider then maybe established, for example, using SSL and/or TLS connections.
- virtual currency transactions may not require the use of, or communication with, bank networks. Instead, a virtual currency transaction may require, for example, an communication with an API accessing and/or handling virtual currency wallet transactions 246. In such a case, a software service provider 241a may provide such an access/handling service.
- the software service provider 241a may, as described herein, perform security verification steps such as authentication, background checks, and AML/KYC checks.
- the software service provider may, as described herein, also determine funds availability in a customer’s or operator’s virtual currency wallet, for example.
- the software service provider in this instance, may then deliver a message to the terminal communicating whether the transaction is, or is not, authorized, or possible based on funds, etc.
- sufficient funds may not be available in a customer’s or operator’s virtual currency wallet, for example.
- a customer has requested the purchase of a virtual currency or cryptocurrency in exchange for cash deposited, and funds are not available in a virtual currency wallet associated with the terminal or operator, a request may be made by the terminal, the operator, or a software service provider, etc., to purchase cryptocurrency or virtual currency from an exchange to meet or fulfill the customer’s request.
- the purchase may, for example, be used to replenish or fund the associated operator’s virtual currency wallet for example.
- a purchase to meet or fulfill the customer’s request may be executed from a third party, such as a liquidity provider that possesses cryptocurrency or virtual currency funds.
- blockchain network confirmations for example a selected number of confirmations, may be used to determine or verify that cryptocurrency funds are available in a virtual currency wallet such as one belonging to a user, customer, operator, software service provider, etc.
- one or more redemption codes may be provided, on a receipt, for example, that may be used at a terminal to retrieve funds, for example cash funds.
- communication with such a software service provider may be pre-configured or configured at a terminal by identifying an IP address or URL/API endpoint of the software service provider.
- Network connection or communication with the software service provider then may be established, for example, using SSL, TLS, and/or other secured and/or encrypted connections through a browser application on the terminal, for example.
- a combination of capabilities may be used.
- one or more bank networks and communication with an API accessing and/or handling virtual currency wallet transactions may be used for some transaction types.
- a customer or user’s bank account may be used to fund a purchase of a virtual currency or cryptocurrency.
- a user may be prompted, requested, or given the opportunity or option to provide a credit card, or a debit card connected to the user’s bank account, for example, to fund the purchase of a virtual currency or cryptocurrency.
- cash from the user’s bank account may then be debited and utilized to allow the purchase of cryptocurrency.
- an ATM or combination ATM/virtual currency terminal may contact one or more bank networks to carry out or facilitate the cash transfer from the customer or user’s bank account to a bank account of an operator or owner of the terminal, for example.
- the transfer may be to a provider or software service provider involved with the transaction.
- a fee maybe deducted, handled, and/or delivered to various parties, including, for example, software service providers, terminal operators, etc.
- Virtual / digital currency wallet services for various currencies may be integrated with a software service application in communication with one or more terminals.
- Such services may include creation of wallets including, for example, multi-signature wallets, wallet balance listing/querying, transaction listing/querying, transaction creation and/or signing, transaction monitoring, transaction notifications, secure user authentication, multi-user workflows for use in enterprise environments, policies, spending limits, etc.
- Multi-signature wallets require the cooperation of multiple parties to approve a transaction by requiring signing and/or keys from each party.
- a third party or software service provider may handle virtual currency transactions between customers and/or operators of terminals when a customer requests a transaction at a terminal.
- a customer may request to purchase or sell virtual currency in exchange for cash, for example, at a terminal.
- virtual currency may need to be sent or received to/from a customer.
- virtual currency may need to be sent or received to/from an operator of a terminal.
- a request by a customer at a terminal may be communicated to a software service provider.
- the software service provider may formulate or prepare, using the request information and/or parameters, for example, an appropriate request to a virtual / digital currency wallet service.
- Such a request may be a web request, such as an HTTP/HTTPS request, for example.
- a virtual / digital currency wallet service may orchestrate a transaction between wallets of the customer and operator, for example. Furthermore, a virtual / digital currency wallet service may orchestrate a transaction between wallets of the operator and software service, for example. A transaction between wallets of the operator and software service may be used to settle fees for service, for example.
- a software service provider may also handle keeping one or more virtual/digital currency wallets such as those described herein funded or maintaining funds above a threshold amount.
- a notification or alert may be configured that requests wallet replenishment when funds in a wallet fall below a particular threshold. Similar to the funds transfers described above, a software service may request the purchase of an appropriate virtual or digital currency from an exchange. Payment may be delivered directly, or through the software service provider, to the exchange.
- wallet funds may be maintained at its current funding level or at a particular selected funds level during and/or after each transaction, for example.
- a transaction may request an operator to deliver virtual or digital currency from an operator wallet to a customer wallet.
- one Bitcoin may be transacted from operator to customer.
- one Bitcoin may be replenished in the operator wallet from an exchange.
- the replenishment may be carried out before, after, or simultaneously with the transfer of funds from the operator wallet to the customer wallet.
- Replenishment may be carried out by transferring funds from, for example, an operator account with an exchange using, for example, an API call to the exchange for a withdrawal.
- This transaction replenishment allows a steady state of funds to be maintained in the operator wallet, for example.
- a fee for various services may also be included in the replenishment calculation.
- a o.t Bitcoin fee may be included in the withdrawal from the exchange.
- l.i Bitcoin may be withdrawn to account for the fee.
- an operator maybe allowed to enter credentials and/or authentication or access information in, for example, an operator GUI and/or account portal, that allows a software service provider to access the credentials and/or information to orchestrate transactions.
- the operator GUI or account portal may be as described in other embodiments or examples provided herein.
- credentials and/or authentication or access information may include one or more of any of API keys, wallet credentials, access tokens, passwords or passphrases, wallet identifiers, account identifiers, or other identifying information, etc.
- a customer or user of the terminal may wish to create a paper wallet on-the-fly.
- a paper wallet including a private key and a public key may be generated.
- the paper wallet may then be printed to a receipt, for example, which may be used by the customer to manage funds.
- a single transaction can be created that possess multiple inputs and/or multiple outputs. This allows “batching” transactions together.
- the two transactions may be batched into one transaction with 1.0 BTC as its input and two 0.5 BTC outputs.
- the transaction fees maybe reduced instead to one transaction fee.
- transactions or transaction requests from one or more users or customers may be aggregated and or batched. For example, transactions within a particular time range or timeframe may be batched together.
- transactions may be handled and/or temporarily handled by a service provider such as a software service and/or liquidity provider.
- a service or liquidity provider may provide credit for one or more transactions until batching criteria are met, such as a certain number of transactions and/or volume of transactions are aggregated for batching, handling, and/or settling.
- batching protocols may be based on network activity, such as activity and load determined on the Bitcoin network. In one example, as load on the network is determined as increased and/or beyond a certain threshold, wherein, for example, fees are increasing, batching protocols maybe activated. In one example, the batching protocols may scale up or be proportionally increased when network load is increased.
- Sensors, peripherals, software or hardware components, and/or local devices of terminals may allow one or more connections with various other software and/or hardware components in the terminal, and therefore allow communication between the various components.
- a browser application of a terminal may be allowed to be in communication with various software and/or hardware components in the terminal. This allows the browser and/or other components to handle and/or communicate activities of, for example, terminal hardware sensors and peripheral devices.
- a cash cassette for a bill dispenser or bill acceptor removal or replacement event can be communicated to a browser application using, for example, an event stream connected with the cash dispenser cash cassette or bill acceptor cash cassette.
- the browser may possess capabilities to communicate HTTP(S) requests/responses involving events then regarding, for example, the cash dispenser, bill acceptor, or their respective cash cassettes, of a terminal.
- Terminals including, for example, ATMs, may possess a maintenance mode or other capability to allow special terminal functions. Some examples of such functions include cash restocking, emptying, etc. Entering a maintenance mode can be accomplished by allowing entry of a special PIN or code, for example, using a terminal’s user interface.
- such an above PIN or code may be set or defined using, for example, operator GUI or account systems as described herein.
- Entry of maintenance mode using the terminal user interface may trigger API calls and/ or messaging instructions with a backend service(s) and/or bank network.
- a cash cassette for a bill dispenser or bill acceptor removal or replacement event, a restocking event with details of the restocking, etc. can be communicated to the services or bank networks.
- event listeners may be configured or defined to respond to event stream events from sensors or peripherals of a terminal, for example.
- cash dispenser, bill acceptor, or respective cash cassette, handling event listeners and/or handler functions may be configured or defined as browser functions using, for example, JavaScript. JavaScript functions maybe loaded in a webpage running on a terminal using a browser.
- An event stream may be created or opened between the browser and, for example, a cash dispenser, bill acceptor, or their respective cash cassettes of the terminal.
- a cash dispenser, bill acceptor, or a respective cash cassette, event is published to the event stream between the component and the browser, a respective JavaScript event handler may be called.
- a CashDispenserCassetteUninstahed or BillAcceptorCassetteUninstalled function, or the like may be called or triggered. In some cases, this can avoid an operator or maintenance person from manually interacting with the user interface, for example.
- a maintenance person may forget to enter appropriate commands or processes at a user interface that reflect his or her actions at the terminal. For example, a maintenance person may forget to enter that a cassette was emptied after it has been emptied. This can result in accounting errors. In another example, a maintenance person may forget a PIN or code. In these cases, desired API calls and/or functions may still be made or executed without the need of the correct actions from maintenance personnel.
- a CashDispenserCassetteUninstahed or BillAcceptorCassetteUninstalled function, or the like may be called or triggered which may include API calls to one or more backend services and/or networks such as methods that should be carried out when the cassette has been emptied.
- a CashDispenserCassetteUninstahed or BillAcceptorCassetteUninstalled function may be called or triggered which may include API calls to one or more backend services and/or networks such as methods that should be carried out when the cassette has been emptied.
- CashDispenserCassetteUninstahed or BillAcceptorCassetteUninstalled function, or the like may be called or triggered which send or publish a command or message to take pictures or video with a camera at the terminal that is also in communication with the browser. This can allow for auditing during such events.
- event streams which may be concurrent, may be opened or created between various elements. This allows multiple device connections or streams, and the accessing or various software and/or hardware components to each other. Thus, commands maybe pushed to one hardware device or peripheral, for example, from multiple sources. In one example, this allows for accessing of a hardware device or peripheral of a terminal from a virtual currency application operating using a browser of the terminal and ATM software of the terminal.
- a terminal may enable both ATM transactions and virtual currency transactions.
- a user may be allowed to perform ATM operations and/or virtual currency operations.
- a user may operate in an ATM context or a virtual currency context.
- a user may be able to switch between these contexts.
- a global state variable or flag may be created and or set.
- the variable may be reset to the current context or state each time the user switches, or requests to switch, between contexts.
- the system can track or monitor in which context the user is operating during each transaction, operation, or request.
- the methods and systems herein allow for accurate and efficient bank notes state tracking and monitoring in terminals such as, for example, ATMs, virtual currency kiosks/terminals, and or combinations thereof. That is, an efficient accounting of the bank notes content in each terminal is maintained, leveraged, and exploited.
- a backend system or software service may maintain a database of bank notes content for one or more terminals at any given point in time.
- the content may be updated based on particular events communicated through, for example, HTTP(S) requests/messages from a terminal browser as previously described, in one example.
- a U.S. based terminal maybe stocked with U.S. currency bank notes including various denominations.
- a terminal may be stocked with 25 of each of $5, $10, $20, and $100 bills.
- a database may map variables to each type of bill and track the quantity of each.
- the database may include other relevant variables, such as events at the terminal modifying the content, the date/time of the events, percentage full for a terminal’s cash cassette. In an example such as an emptying event triggered at the terminal, the database may be updated to reflect a new state wherein all the bill quantities are zero.
- information as to the database state before emptying may be relayed to the terminal that was emptied.
- This may be in the form of an HTTP(S) payload for example.
- this may be a JSON payload.
- the payload may include the specifics of the database or terminal bank notes state before emptying for auditing or accounting purposes.
- the data may be printed to a receipt at the terminal.
- a receipt may show the denominations and quantities of each bill that was present when the cassette was emptied, along with the percentage full the cassette was when it was emptied, a date and/or timestamp, etc.
- the receipt may include custom information which an operator or owner, for example, of the terminal may wish to include, such as account numbers, other account data, compliance information, etc.
- custom information may be provided using an operator GUI or account portal as described herein.
- an operator may be allowed to upload an image, such as a JPEG image, using a GUI in an account portal. The image may then be printed to, or included in, an area on the receipt.
- FIG. 3 is a diagram illustrating an example embodiment of a hardware terminal point-of-sale used in FIG. 1. More specifically, a hardware terminal may include camera 301, screen 302, barcode or QR code reader 303, keypad 304, bill acceptor 305, card reader 306, and bill dispenser 307.
- FIG. 4A is another diagram illustrating another example embodiment of a hardware terminal point-of-sale used in FIG. 1. More specifically, the hardware terminal may include one or more of each of a camera 401, screen 402, card reader 403, keypad 404, fingerprint reader 405, bill dispenser 406, card reader 407, bill acceptor 408, bill validator, electronic cash vault, thermal or other printer, processor, and a memory.
- Each terminal may be capable of one-way exchange transactions between virtual currency and fiat currency, two-way exchange transactions between virtual currency and fiat currency, transactions utilizing virtual currency, fiat currency transactions, and/or transactions that do not utilize virtual currency.
- transactions that do not or need not utilize virtual currency may include check deposits, check cashing, cash withdrawal from bank accounts, cash deposit to bank accounts, domestic or international money transfers, bill payment, etc.
- the memory may store at least one application, wherein the at least one application is an internet browser application, for example, and/or a set of one or more files.
- the set of one or more application files may include include, for example,
- transaction processing instructions for processing virtual currency transactions comprising, at least instructions to determine or calculate transaction limits, parameters, and/or fees, and/or instructions to encode an output;
- transaction processing instructions for processing fiat currency transactions or other transactions that do not utilize or require virtual currency, for example, the transaction processing instructions comprising, at least instructions to determine or calculate transaction limits, parameters, and/or fees, and/or instructions to encode an output;
- image processing instructions for processing image data comprising, at least instructions to determine or calculate facial geometry parameters, and/or instructions to encode image or video data;
- Fig. 4B is a diagram illustrating GUI options/selections on a multi-use terminal.
- a terminal may display using, for example, a GUI or screen 411, such as a touch screen as described herein, to display multiple options 412 and 413 to a user, visitor, or customer, for example.
- a GUI or screen 411 such as a touch screen as described herein
- the options 412 and 413 may trigger different functionalities of the terminal.
- the different functionalities may utilize different software, for example, or different parts of a software.
- one option 412 may be for cash or fiat ATM transactions that do not utilize virtual currency. This may require communication with and/or the use of bank networks.
- one option 413 may be for virtual currency transactions that utilize virtual currency. This may not require communication with and/or the use of bank networks. Instead, for example, this maybe accomplished through communication with and/or use of virtual currency APIs and/or software services such as wallet APIs, for example. Therefore, different workflows may be triggered by the user selections.
- Fig. 4C is a decision tree showing various workflows triggered based on user selections.
- a terminal may display 421 using, for example, a GUI or screen, such as a touch screen as described herein, to display multiple options and to a user, visitor, or customer, for example.
- a GUI or screen such as a touch screen as described herein
- a user may select 422 for cash or fiat ATM transactions that do not utilize virtual currency. This may require communication with and/or the use of bank networks and trigger processes for doing so 423.
- a user may select 424 for virtual currency transactions that utilize virtual currency. . This may not require communication with and/or the use of bank networks, and, instead, for example, this maybe accomplished through communication with and/or use of virtual currency APIs and/or software services such as wallet APIs, for example, and trigger processes for doing so 423.
- Fig. 4D shows a logic diagram relating workflows and toggling between workflows.
- a user may select for cash or fiat ATM transactions that do not utilize virtual currency. This may require communication with and/or the use of bank networks and trigger processes for doing so, such as in the cash transaction process (43ta-43ie).
- a user may select for virtual currency transactions that utilize virtual currency. This may not require communication with and/or the use of bank networks, and, instead, for example, this maybe accomplished through communication with and/or use of virtual currency APIs and/or software services such as wallet APIs, such as in the virtual currency transaction process (432a-432e).
- a user may abort, switch, or toggle 43 if to a different workflow process associated with a different option or terminal use. For example, a user may wish to switch at any point from a cash or fiat ATM transaction that does not utilize virtual currency to a transaction that does utilize a virtual currency. The user will then be exited from the workflow process for the cash transaction in 43ia-43te and guided or forwarded to a virtual currency transaction workflow process (432a-432e). This will trigger the software functionality associated with virtual currency transactions.
- a user may wish to abort, switch, or toggle 432f from the virtual currency transaction workflow to execute a cash or fiat ATM transaction that does not utilize virtual currency.
- the user will then be guided or forwarded to the cash transaction workflow process such as shown in 43ia-43te.
- bank networks need to be used.
- virtual currency transactions may use wallets and services to record and/or execute transactions using the blockchain and allowing the transfer of virtual currency.
- the virtual currency transactions can be accomplished using, for example, a browser interfacing with a software/web service provider. Since the ATM may include a browser application, the virtual currency transactions maybe executed using the ATM’s browser application and/or HTTP/HTTPS requests, prepared by the browser, for example.
- cash or fiat ATM transactions that do not utilize virtual currency may be executed using a particular application, program, or portion of software, while virtual currency transactions utilize another particular application, program, or portion of software.
- These particular applications, programs, or portions of software maybe independent, co-localized, and/or combined.
- Each application, program, or portion of software may, in one example, share the use of terminal or ATM peripherals, or hardware elements, such as cash dispensers, receipt printers, etc.
- a terminal or device such as an ATM may be initialized to a default state.
- the default state may be for performing cash or fiat ATM transactions that do not utilize virtual currency.
- Another example state may be for performing transactions that do utilize virtual currency.
- the former can be referred to as an “ATM context” and the latter can be referred to as a “BTM context.” Therefore, the particular application, program, or portion of software associated with the ATM context will be delegated control, priority, primacy, or authority of the hardware and/or peripherals, and their events, in one default state example.
- communication between the particular application, program, or portion of software associated with the ATM context and the hardware and/or peripherals, and their events maybe established.
- communication between the particular application, program, or portion of software associated with the BTM context may also be established, but, for example, may defer authority to the particular application, program, or portion of software associated with the ATM context. That is, the BTM context may be subordinate to the ATM context. In another embodiment, communication between the particular application, program, or portion of software associated with the BTM context may not be established during initialization.
- a listener may be used to determine when events occur at hardware and/or peripherals of the terminal. During an ATM context state, these events will be referred to and/or handled by the particular application, program, or portion of software associated with the ATM context.
- the context of the terminal may be changed. For example, an ATM context may be changed to a BTM context, to permit virtual currency transaction functionalities.
- the particular application, program, or portion of software associated with the BTM context will be delegated control, priority, primacy, or authority of the hardware and/or peripherals, and their events.
- Communication between the particular application, program, or portion of software associated with the BTM context and the hardware and/or peripherals, and their events, may also be established, if not already established during initialization.
- a listener may be used to determine when events occur at hardware and/or peripherals of the terminal. During a BTM context state, these events will be referred to and/or handled by the particular application, program, or portion of software associated with the BTM context.
- Fig. 5 is a flowchart showing a general funds transfer process using virtual currency.
- a user/customer visits a terminal and/or point of sale (POS) which received/accepts a deposit 501.
- the POS may execute steps to confirm the deposit 502.
- the POS may count the funds that have been received and user selections providing specifics, configurations, and/or settings for the transaction.
- the settings may include, for example, user’s phone number, recipient’s phone number, amount of time to make the funds available to the recipient for withdrawal before expiration, etc.
- the user selections may be stored in a database, for example 503.
- a hold period 504 may begin.
- the funds are kept in or at the POS and remain in possession of the POS operator.
- During the hold period it may be the case that no withdrawal request is made before the expiration of 505, for example, a user-selected expiration as set forth above.
- a withdrawal request maybe received before the expiration 506.
- the withdrawal request may be at any terminal and/ or point-of-sale that is part of a system or network of terminals and/or points-of-sale, for example. Therefore, the withdrawal request may be made in any country. The country may be the same or different from the deposit POS country.
- a withdrawal request triggers the funds transfer and disbursement processes.
- the withdrawal terminal and/or POS and location will be identified 507.
- the country 516 of the withdrawal POS maybe different from a country 517 of the deposit POS. Therefore, an exchange rate may be associated with the withdrawal POS that is different than an exchange rate associated with the deposit POS.
- the withdrawal request may be authenticated 513.
- the withdrawing user may provide and confirm ownership of a phone number that is associated with a deposit.
- available funds may be calculated and disbursed 514.
- Calculation of the disbursement funds may include several variables. For example, exchange rates at the originating country and resulting country may be taken into account. Additionally, service fees of the operators and vendors may be taken into account.
- a funds transfer process may leverage or utilize a virtual currency.
- An exchange rate at an originating country may be calculated along with operator and/or vendor fees 508.
- the funds calculated may be exchanged for virtual currency in a virtual currency wallet 509.
- the virtual currency wallet may be a wallet associated with the deposit POS or the operator of the deposit POS, for example.
- the virtual currency may then be transferred to a virtual currency wallet associated with the target/withdrawal POS or operator of the withdrawal POS 510.
- the transfer may occur across a country-line 515, for example.
- An exchange rate of the country of the withdrawal POS may be calculated along with operator and/or vendor fees 511.
- the virtual currency in the target virtual currency wallet may be exchanged for funds at the target POS 512.
- Example Embodiments Various embodiments are described for example purposes. The embodiments, or elements of the embodiments, may be used or practiced in combination with one another.
- a customer may, for example, deposit U.S. dollars at a terminal in the United States in exchange for a cryptocurrency such as Bitcoin to be deposited into the customer’s cryptocurrency wallet.
- a customer may withdraw U.S. dollars at a terminal in the United States in exchange for a cryptocurrency such as Bitcoin to be withdrawn from the customer’s cryptocurrency wallet.
- a customer may wish to deposit U.S. dollars at a terminal in the United States to send funds to another customer at another terminal in another location in the United States for withdrawal.
- a third party or provider may facilitate the transfer.
- the third party may be a software service, for example.
- the third party may instruct to accept funds received at the deposit terminal.
- the third party or provider may then instruct the transfer of cryptocurrency from a virtual currency wallet associated with the deposit terminal to a virtual currency wallet associated with a withdrawal terminal.
- the third party or provider may then instruct the remittance of funds at the withdrawal terminal.
- a customer may wish to deposit U.S. dollars at a terminal in the United States to send funds to another customer in another location outside of the United States for withdrawal.
- a third party or provider may facilitate the transfer.
- the third party may be a software service, for example.
- the third party may instruct to accept funds received at the deposit terminal in, for example, the United States, where the funds are U.S. dollars.
- the third party or provider may then instruct the transfer of an amount of cryptocurrency based on the local exchange rate from a virtual currency wallet associated with the deposit terminal to a virtual currency wallet associated with a withdrawal terminal where the withdrawal terminal is in another country, for example, Mexico.
- the third party or provider may then instruct the remittance of funds at the withdrawal terminal based on the local exchange rate.
- a customer may visit a terminal in one country.
- One embodiment of the deposit process is described further below.
- FIG. 6 is a flowchart showing a detailed view of the deposit process.
- a customer/user may be authenticated 601. For example, a user may provide/scan an ID document such as a driver’s license, provide and verify a phone number/PIN, etc. A phone may be verified, for example, by a PIN sent to the phone number by SMS after the phone number is entered at a terminal, for example. The user may be prompted to enter/verify the phone number by entering the received PIN.
- an ID document such as a driver’s license
- a phone may be verified, for example, by a PIN sent to the phone number by SMS after the phone number is entered at a terminal, for example.
- the user may be prompted to enter/verify the phone number by entering the received PIN.
- Other data or metadata may be gathered and used for verification/ authentication 602, such as biometric verification.
- a camera at a terminal or POS may provide image or video data of the user’s face. This may trigger a facial recognition process, a KYC/AML (Know Your Customer/ Anti-Money Laundering) process, and/or a trust/risk analysis process 607. These processes may be carried out in conjunction in a non-blocking manner, or sequentially . These processes may be executed at the POS, at a proxy, and/or as a backend process. These processes may be provided by the vendor, operator, and/or a third party, and in any combination thereof.
- the customer/user may make various selections 603 associated with a deposit providing specifics, configurations, and/or settings for the transaction.
- the settings may include, for example, user’s phone number, recipient’s phone number, creation of a redemption code, amount of time to make the funds available to the recipient for withdrawal before expiration, etc.
- the customer/user may then deposit funds at the terminal or POS 604.
- the POS may execute steps to confirm the deposit is complete 605. For example, the POS may count the funds that have been received and user selections providing specifics, configurations, and/or settings for the transaction.
- FIG. 7 is a flowchart showing a detailed view of the withdrawal process.
- a withdrawal request may be received during a hold period.
- the withdrawal request may be at any terminal and/or point-of-sale that is part of a system or network of terminals and/or points-of-sale, for example. Therefore, the withdrawal request may be made in any country.
- the country may be the same or different from the deposit POS country.
- the customer may deposit virtual currency to the vendor and the funds are converted to funds during the holding period to avoid or minimize realization of exchange rate fluctuations or volatility.
- the customer may deposit virtual currency to the vendor and the funds are not converted to funds during the holding period.
- a withdrawal request triggers the funds transfer and disbursement processes.
- the withdrawal terminal and/or POS and location will be identified as set forth above.
- the withdrawal request may be authenticated as set forth above.
- the withdrawing user may provide and confirm ownership of a phone number that is associated with a deposit.
- the customer may be identified 701 and a withdrawal request may be sent to a vendor 702.
- the request may include specifications associated with the customer, etc. 703.
- Other data or metadata may be gathered and used for verification/ authentication, such as biometric verification.
- a camera at a terminal or POS may provide image or video data of the withdrawing user’s face. This may trigger a facial recognition process, a KYC/AML (Know Your Customer/ Anti-Money Laundering) process, and/or a trust/risk analysis process.
- KYC/AML Know Your Customer/ Anti-Money Laundering
- a trust/risk analysis process may be carried out in conjunction in a non-blocking manner, or sequentially. These processes may be executed at the POS, at a proxy, and/ or as a backend process. These processes may be provided by the vendor, operator, and/or a third party, and in any combination thereof.
- the withdrawal may be denied 710.
- the withdrawal may be permitted, and a virtual currency exchange process (709, 711) may be initiated, and a funds disbursement process (705, 706, 707, 708) may be initiated.
- funds may be calculated and disbursed.
- a withdrawal limit may be determined 705 based on factors such as the amount deposited, operator and vendor fees 706, exchange rate parameters 706, etc.
- a response from the vendor service may be sent to the operator 707 including, for example, the calculation of limits of funds allowed for withdrawal.
- the terminal or POS may permit a withdrawal 708.
- a trust and/or risk analysis may be carried out, optionally, for example, for the authentication/verification of a depositing or withdrawing user.
- the analysis may be carried out in parallel with the customer’s deposit, or may be carried out before allowing a particular step of the customer’s deposit to be completed, for example.
- the analysis may be required to be completed before accepting funds or a deposit from the user.
- funds or a deposit may be accepted while the analysis is performed.
- a trust and/or risk analysis maybe carried out in parallel with a customer’s withdrawal, or may be carried out before allowing a particular step of the customer’s withdrawal to be completed, for example.
- the analysis may be required to be completed before dispensing funds or funds to the user.
- funds or funds may be dispensed while the analysis is performed.
- the data and metadata for trust/risk analysis processing maybe delivered to a third party service provider, or vendor.
- the third party service for example, may be a software service of a vendor, as set forth above.
- the software service may be hosted at a vendor-owned location, a third party location, or a proxy location, for example.
- the data and/or metadata maybe sent to a processing queue of the software service.
- the queue may be processed in a first-in-first-out (FIFO) or last-in-first-out (LIFO) order.
- the queue may collect several processes to be carried out.
- the processes may, for example, be similar trust/risk analysis processes from various POS locations, or different processes.
- the service may be hosted on elastic server architecture, in one example, as set forth above.
- the service may be hosted using serverless architecture, as set forth above.
- a trust score may be computed, established, stored, and/or updated for a user.
- the trust score may be used to increase or decrease, for example, user capabilities or privileges at a point of sale node or terminal. For example, in one embodiment, a trust score exceeding a threshold score may allow or unlock for the user a higher transaction limit privilege.
- a trust score when a trust score does not exceed a certain minimum threshold, additional actions or inputs may be required of a user at a point of sale node or terminal. For example, a user may be required or requested to provide additional identification, scan an ATM card, or provide a biometric input if a trust score does not exceed a certain minimum threshold. It will be recognized that any input or requirement that can affect a trust score may be required or requested.
- a trust score when a trust score does not exceed a certain minimum threshold, a user transaction or other request may be denied.
- a trust score may incorporate, or take into account, any number of factors, wherein each factor may be assigned a weight.
- a weighted factor for example the product of a factor and a respective weight, may provide a trust factor.
- a trust score may be a sum of various trust factors. It will be understood that any of a trust score, factor, or weight, may be positive, zero, or negative.
- One factor may be a facial verification or recognition factor.
- a user’s facial image data or video data may be gathered at a point of sale node or terminal, or any other computing device, such as a user’s mobile device.
- One or more parameters of the image or video data may be stored.
- the entire image or video data may be stored.
- facial recognition may be performed based on a video sequence or one or more video frames of a user’s face gathered at a node or terminal, or any other computing device, such as a user’s mobile device, for example. In one embodiment, facial recognition may be performed based on an image of a user’s face gathered at a node or terminal, or any other computing device, such as a user’s mobile device, for example.
- the facial data may be processed on the client side at the node or terminal, at a proxy, on the server side, or any combination of such locations thereof, wherein various steps or portions of processing may be performed at each location.
- Facial verification or recognition It will be understood that any facial recognition algorithm, or combinations or hybrids thereof, might be used.
- a facial verification method may be used to compare a user’s face with one or more datasets.
- a dataset may be, for example, a training dataset, a model dataset, a stored dataset of previous or known users, or a stored criminal or blacklist dataset.
- One or more datasets may be selected as training datasets and/or models and one or more cost functions may be defined.
- a cost function may be a Kullback-Leibler divergence, or difference, from a selected dataset or model.
- An optimization problem may be defined.
- One factor may be a user geolocation factor.
- a geolocation factor may be gathered as associated with a user.
- a user may share a mobile device geolocation with a service.
- a request for geolocation maybe sent to a user mobile device, for example.
- a user geolocation may be compared with a point of sale location A factor may be determined based on the proximity of the two geolocations.
- One factor may be a point of sale geolocation factor.
- a geolocation factor maybe gathered as associated with a point of sale.
- an IP address that is connected with, or used by, a point of sale may be associated with a geolocation.
- a point of sale geolocation may be compared with a user geolocation.
- a factor may be determined based on the proximity of the two geolocations.
- One factor may be an ATM card verification factor.
- An ATM card may be issued to a user of a cryptocurrency terminal.
- the card may include a chip, barcode, account number, and/or magnetic strip.
- the ATM card may be read by a cryptocurrency terminal for verification.
- a factor may be associated with a ATM -verified user.
- One factor may be an age of account factor.
- An account age may be determined. For example, a creation may be determined.
- a factor may be associated with the account age.
- One factor may be a previous incident factor.
- a list of incidents may be associated with an account and stored.
- An incident may be a suspicious event that has been flagged. For example, an incident may include exceeding a threshold number of failed logins within a certain window of time, of a time period of a predefined length.
- a factor may be associated with each incident.
- a factor may be associated with a threshold number of incidents.
- One factor may be a metadata factor.
- One factor maybe a PIN verification factor.
- One factor may be a mobile device PIN verification factor.
- One factor may be a biometric factor, such as a fingerprint, finger scan, or palm scan.
- One factor may be a distance from a last transaction location probability factor.
- One factor may be a credit card verification factor.
- One factor may be an ID card verification factor.
- One factor may be a QR code verification factor.
- One factor may be a mobile device bluetooth verification factor.
- One factor may be a security pattern verification factor.
- One factor may be a geographic criminal activity factor.
- One factor may be a transaction anomaly factor.
- Transaction data for a user or group of users may produce a probability distribution. For example, transaction amounts may follow a normal, or Gaussian, distribution for a particular location, or across many locations, wherein a particular mean transaction amount is determined. Thus, a transaction amount may deviate from a mean by some portion or multiple of a standard deviation. Larger deviations may be more anomalous then.
- a larger standard deviation may be associated with a particular factor, which may be a negative factor. Addition of a negative factor in a trust score may penalize the trust score.
- One factor may be a transaction location anomaly factor.
- Transaction location data for a user or group of users may produce a probability distribution. For example, transaction locations may follow a normal, or Gaussian, distribution for a particular location, or across many locations, wherein a particular mean transaction location is determined.
- a transaction location may deviate from a mean by some portion or multiple of a standard deviation. Larger deviations may be more anomalous then.
- a larger standard deviation may be associated with a particular factor, which may be a negative factor. Addition of a negative factor in a trust score may penalize the trust score.
- a trust score may be calculated by including one or more weighted factors.
- a trust score (TS) based on a factor (f,) at a weight (w,), and a factor (f 2 ) at a weight (w 2 ):
- Trust Score Distribution Trust scores amongst a certain set, subset, portion, or group of users may form a probability distribution. For example, trust scores may follow a normal, or Gaussian, distribution for a group of users, wherein a particular mean trust score is determined.
- a user’s computed or determined trust score may deviate from a mean by some portion or multiple of a standard deviation. Larger deviations may be more anomalous then.
- a larger standard deviation may be associated with a less trustworthy user.
- a threshold standard deviation or portion of a standard deviation may be defined.
- a comparison or relationship between a user’s trust score and a threshold standard deviation from a mean trust score may be established.
- User privileges at a point of sale, or in or for a user account, may be determined according to whether the user’s trust score exceeds the threshold.
- information or metadata about users may increase over time. For example, a new user may complete a cryptocurrency transaction with certain characteristics such as location, time, transaction amount, etc., and, over time, that user will complete additional transactions with their own characteristics- some characteristics may be the same, or similar, to those characteristics of the earlier transactions. These transaction data or characteristics may be stored.
- the information or metadata surrounding the user increases over time as additional data surrounding transactions are aggregated.
- a running, or aggregate, trust score may be associated with a user.
- a prior, or posterior, trust score may exist for a user prior to a transaction. After a transaction the prior trust score may be updated.
- FIG. 8A is a flowchart showing a general view of a risk analysis process.
- a user may initiate a transaction request 801. Upon doing so, a user may provide, or be prompted to provide credentials for a virtual currency wallet 802. For example, a user may enter a wallet address manually, or scan a barcode or other address representation at a point of sale.
- the point of sale may be a terminal, for example.
- the terminal may wait for a response 803 from a vendor or third party service.
- the service may be a risk analysis service, for example, that provides a risk score for a given address. After the risk score is received 804, the terminal may allow the transaction to proceed or move forward 805.
- the address and/or user data maybe forwarded a vendor or third party service 806.
- the service may be a risk analysis service, for example, that provides a risk score for a given address.
- the service may perform a risk analysis 807 and calculate a risk score 808.
- the risk score may be provided, in response, back to the point of sale.
- FIG. 8B is a flowchart showing a general view of a verification process.
- a user validation event such as whitelisting for some capabilities may be desired.
- whitelisting for some capabilities
- operators of terminals may desire a setting wherein users requesting transactions beyond a certain dollar amount may be required additional verifications or whitelist status, such as photo ID verification completed, before the transaction may be allowed to proceed.
- whitelist status may be labeled “VIP,” for example.
- Users or customers may or may not have already completed a photo ID verification step, or “VIP” verification step, for example, before requesting a large transaction 810, for example.
- the user at the terminal maybe directed to or shown an interim UI, or holding/waiting page UI 811, while the user profile may be queried or checked to determine whether the whitelist or “VIP” verification step has already been completed by the user 813-814.
- the terminal on the client-side maybe in communication with a software service provider 818, for example as provided herein, on a server-side.
- a user verification query maybe communicated to the software service provider, which may, for example, check a user or customer status in a database.
- the GUI at the terminal may display different UIs in the next step. For example, if it is determined 818 the user’s account has already completed a photo ID verification step, or “VIP” verification step, then the next UI displayed may be the next for the transaction to proceed 815, after a message or response is sent to the terminal from the software service provider indicating such 820.
- the next UI may be, for example, a request to complete a photo ID verification step, or “VIP” verification step 816.
- an SMS maybe sent to the user’s phone alone with, for example, a URL or link to a registration web page for completion of registration of verification using off site registration capabilities by the software service provider 821 and/or a message or response is sent to the terminal from the software service provider indicating such 819.
- the user at the terminal may be directed to a waiting page (811, 816), for example.
- the waiting page may be a UI that displays text and/or content specified by the operator of the terminal, which may, for example, be specified in an operator GUI as described herein.
- the waiting page and/or state may utilize or initialize a process to determine when the user verification has been completed. For example, a polling or long polling process may be started, an open web socket maybe used, a new web socket maybe opened or established, or Server-Sent events (SSE), HTTP/2 push, or other data stream methods/protocols that listen for a user verification complete event maybe used.
- a polling or long polling process may be started, an open web socket maybe used, a new web socket maybe opened or established, or Server-Sent events (SSE), HTTP/2 push, or other data stream methods/protocols that listen for a user verification complete event maybe used.
- SSE Server-Sent events
- long polling may be used to persist or hold a client or terminal connection open until data such as a user verified event becomes available or until a timeout threshold is reached. Such polling may be repeated or continued until a user verified event is received at the terminal, for example.
- full-duplex persistent WebSocket(s) may be used to determine or identify such an event as a user verified event.
- the URL or link to the registration web page and the web page itself may be created and/or hosted by, for example, the operator, third party, or the software service provider of the terminal. If the registration web page is not hosted by the software service provider of the terminal, the operator or third party hosting the page, for example, may send an API request to the software service provider of the terminal when or after the user submits the registration information to notify the software service provider that the registration is submitted and/or the user has been verified 822. The service provider may then communicate a message or response to the terminal 817.
- the registration web page may be a form requesting any of the account information described herein.
- a user account may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, image of a photo ID, and/or any other data from an identification document associated with the account.
- identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, image of a photo ID, and/or any other data from an identification document associated with the account.
- the user may need to submit an image of a photo ID such as a driver’s license.
- the image may be received in any form, for example, JPEG, PNG, etc.
- the image data may be sent to the host of the web registration form by, for example, HTTP/HTTPS request such as in an AJAX request.
- the image data may be a base64 data string stored/delivered via, for example, a JSON string included in the request.
- the host may process the data to verify the user.
- the data including, for example, the image data
- the data may be forwarded, by the host, to a service provider, which then determines that the registration or verification is complete 822. In another example, this determination can be made within the service provider system if the service provider is also the host of the web page, for example.
- the service provider may be a software service provider that may be a third party software service provider.
- data may be forwarded from the host, operator, or vendor to a third party software service provider in the form of an HTTP(S) request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned.
- HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE.
- the HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP(S) status codes may be used to indicate success and failure.
- An HTTP(S) request to an API endpoint may require authentication.
- the API may conform to a Representational State Transfer (REST) style.
- REST Representational State Transfer
- an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor.
- Keys may be included in HTTP(S) headers, for example, for every HTTP(S) request. Keys may be in the form of a string, such as a base04 encoded string, for example.
- a timestamp may be included in HTTP(S) headers for HTTP(S) requests to an API endpoint.
- a Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
- An HTTP(S) request to an API endpoint may include a payload.
- the request and payload may be formatted as any HTTP(S) request.
- a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
- the payload may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, photo ID image data such as the raw image or base64 data representation of the image, and/or any other data from an identification document associated with the account.
- the payload may be formatted in HTML, XML, JSON, or another format.
- the service provider may return, to the host, operator, or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the account (819, 820). For example, o, 1, or 2 may be returned to indicate not verified, verified, or partially verified. In another example, o or 1 may be returned to indicate not matched, or matched to a dataset, such as a criminal dataset.
- the result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored.
- the result may include a payload formatted in HTML, XML, JSON, or another format.
- JSON response payload can include elements such as whether an ID element, such as address, name, and/or date of birth are verified, partially verified, or not verified, and/or elements such as associated risk scores calculated for each element, or a combination of elements:
- such a payload could include:
- a request for a verification may be made to a third party service provider, wherein a verification is based on the specifics of the image data.
- the third party may, for example, apply a facial recognition to data matching process to compare the photo ID with a dataset of images, such as against a criminal image dataset.
- the host may forward notification to the software service provider that the user is verified or not verified. This may, again be in the form of an API request/payload such as described previously.
- the user may be allowed to proceed with the transaction 815.
- this may be accomplished by changing a status or flag associated with the user account in a user database operated or managed by the terminal software service provider, for example.
- the software service provider may, for example, communicate the change to the host and/or the terminal 820.
- a user verification complete event may be delivered to the terminal using the data stream protocols described previously.
- the polling or web socket may then catch, identify, or determine the user verification complete event 817.
- the UI at the terminal may then allow the user to proceed with the transaction by taking the user to a next transaction step 815, for example.
- FIG. 9A is a flowchart showing a customer funds deposit process.
- a customer may visit a point of sale 901, which may be, for example, a hardware terminal such as an automated teller machine capable of one or both of cash and virtual currency transactions.
- the point of sale may display selection options such as “Deposit” and “Withdrawal”, current prices of various virtual currencies and/or customer selections such as transaction ranges 902.
- ranges for a cash to virtual currency such as Bitcoin, for example
- deposit transactions may be displayed.
- a range of $0-$500 maybe displayed, wherein a user can opt to deposit up to $500 cash into a virtual currency wallet.
- the customer may select a range 903.
- the customer may be prompted to enter a phone number, for example his/her mobile phone number 904.
- a KYC/AML (“know-your-customer” or “anti-money laundering”) verification analysis maybe performed 908.
- a user account may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account.
- the data may be forwarded, by a core service provider or vendor, to a service provider.
- the service provider may be a software service provider that may be a third party software service provider.
- data may be forwarded from the core service provider or vendor to a third party software service provider in the form of an HTTP request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned.
- HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE.
- the HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP status codes may be used to indicate success and failure.
- An HTTP request to an API endpoint may require authentication.
- the API may conform to a Representational State Transfer (REST) style.
- REST Representational State Transfer
- an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor.
- Keys may be included in HTTP headers, for example, for every HTTP request. Keys may be in the form of a string, such as a base04 encoded string, for example.
- a timestamp may be included in HTTP headers for HTTP requests to an API endpoint.
- a Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
- An HTTP request to an API endpoint may include a payload.
- the request and payload may be formatted as any HTTP request.
- a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
- the payload may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account.
- the payload may be formatted in HTML, XML, JSON, or another format.
- the service provider may return, to the core service provider or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the account. For example, o, 1, or 2 may be returned to indicate no match, partial match, or match.
- the result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored.
- the result may include a payload formatted in HTML, XML, JSON, or another format.
- JSON response payload can include elements such as whether an ID element, such as address, name, and/or date of birth are verified, partially verified, or not verified, and/or elements such as associated risk scores calculated for each element, or a combination of elements:
- such a payload could include:
- a request for a verification may be made to a third party service provider, wherein a verification or risk score is based on the specifics of fund contributors to a queried address.
- a risk score may be, for example, a numeral ranging from o to to, wherein o or l correspond to little, low, or no risk, and 9 or to correspond to high risk.
- a risk score may be a floating point value such as o.ooi or 4.58.
- a request for a risk score may be made to a third party service provider, wherein the risk score is based on the specifics of recipients of funds from a queried address.
- a risk analysis may be skipped. For example, if a risk analysis for the account was requested within the previous week and the associated account was cleared, trusted, and/or otherwise determined to be low risk, based on a query of the aforementioned stored results and/or date/time, then a risk analysis may be skipped.
- the customer may be allowed to select a virtual currency from a set of virtual currency 909. For example, the customer may select “Bitcoin” from a set comprising “Bitcoin”, “Litecoin”, “Ethereum”, etc.
- a virtual currency wallet address maybe gathered 910. For example, a user may scan a QR code for a virtual currency wallet shown on a mobile device. In other examples, a user may manually enter a virtual currency wallet address, or a virtual currency wallet address may be created.
- the virtual currency wallet address may be used to perform a risk analysis 911.
- a KYC/AML (“know-your-customer” or “anti-money laundering”) verification analysis may also be performed 908.
- a user account may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account.
- the data may be forwarded, by a core service provider or vendor, to a service provider.
- the service provider may be a software service provider that may be a third party software service provider.
- data may be forwarded from the core service provider or vendor to a third party software service provider in the form of an HTTP request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned.
- HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE.
- the HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP status codes may be used to indicate success and failure.
- An HTTP request to an API endpoint may require authentication.
- the API may conform to a Representational State Transfer (REST) style.
- REST Representational State Transfer
- an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor.
- Keys may be included in HTTP headers, for example, for every HTTP request. Keys may be in the form of a string, such as a base64 encoded string, for example.
- a timestamp may be included in HTTP headers for HTTP requests to an API endpoint.
- a Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
- An HTTP request to an API endpoint may include a payload.
- the request and payload may be formatted as any HTTP request.
- a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
- the payload may include elements such as a type of analysis performed, an asset type, an address or transaction hash, a type of analysis, and a customer reference or ID.
- JSON request payload can include:
- the service provider may return, to the core service provider or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the account.
- the result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored.
- JSON response payload can include:
- a request for a verification may be made to a third party service provider, wherein a verification or risk score is based on the specifics of fund contributors to a queried address.
- a risk score may be, for example, a numeral ranging from o to 10, wherein o or 1 correspond to little, low, or no risk, and 9 or 10 correspond to high risk.
- a risk score may be a floating point value such as 0.001 or 4.58.
- a request for a risk score may be made to a third party service provider, wherein the risk score is based on the specifics of recipients of funds from a queried address.
- FIG. 9B is a flowchart showing a customer funds withdrawal process.
- a customer may visit a point of sale 921, which may be, for example, a hardware terminal such as an automated teller machine capable of one or both of cash and virtual currency transactions.
- the point of sale may display selection options such as “Deposit” and “Withdrawal”, current prices of various virtual currencies and/or customer selections such as transaction ranges 922.
- the customer may select “Withdrawal” 923.
- the customer maybe prompted to enter a phone number, for example his/her mobile phone number 924.
- a KYC/AML (“know-your-customer” or “anti-money laundering”) verification analysis may be performed 928.
- a user account may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account.
- the data may be forwarded, by a core service provider or vendor, to a service provider.
- the service provider may be a software service provider that may be a third party software service provider.
- data may be forwarded from the core service provider or vendor to a third party software service provider in the form of an HTTP request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned.
- HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE.
- the HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP status codes may be used to indicate success and failure.
- An HTTP request to an API endpoint may require authentication.
- the API may conform to a Representational State Transfer (REST) style.
- REST Representational State Transfer
- an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor.
- Keys may be included in HTTP headers, for example, for every HTTP request. Keys may be in the form of a string, such as a base04 encoded string, for example.
- a timestamp may be included in HTTP headers for HTTP requests to an API endpoint.
- a Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
- An HTTP request to an API endpoint may include a payload.
- the request and payload may be formatted as any HTTP request.
- a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
- the payload may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account.
- identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account.
- the service provider may return, to the core service provider or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the account. For example, o, 1, or 2 may be returned to indicate no match, partial match, or match.
- the result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored.
- the result may include a payload formatted in HTML, XML, JSON, or another format.
- such a payload could include:
- a request for a verification may be made to a third party service provider, wherein a verification or risk score is based on the specifics of fund contributors to a queried address.
- a risk score may be, for example, a numeral ranging from o to 10, wherein o or 1 correspond to little, low, or no risk, and 9 or 10 correspond to high risk.
- a risk score may be a floating point value such as 0.001 or 4.58.
- a request for a risk score may be made to a third party service provider, wherein the risk score is based on the specifics of recipients of funds from a queried address.
- a risk analysis may be skipped. For example, if a risk analysis for the account was requested within the previous week and the associated account was cleared, trusted, and/or otherwise determined to be low risk, based on a query of the aforementioned stored results and/or date/time, then a risk analysis may be skipped.
- the customer may be allowed to select a virtual currency from a set of virtual currency 929. For example, the customer may select “Bitcoin” from a set comprising “Bitcoin”, “Litecoin”, “Ethereum”, etc.
- ranges for a cash to virtual currency such as Bitcoin, for example
- the customer may select a range 930.
- a range of $o-$so may be displayed, wherein a user can opt to withdraw up to $50 cash from a virtual currency wallet.
- a virtual currency wallet address may be displayed, for example as a QR code 931.
- the wallet address may represent a wallet address associated with the operator of the point of sale.
- a user may scan the QR code for the virtual currency wallet shown 932 to send funds from his/her virtual currency wallet. Once the funds have been sent to the operator or point of sale virtual currency wallet, corresponding cash funds may be dispensed 933.
- the cash funds may calculated be less any fees, for example.
- the virtual currency wallet transaction or sender address may be used to perform a KYC/AML (“know-your-customer” or “anti-money laundering”) risk analysis 934.
- the data may be forwarded, by a core service provider or vendor, to a service provider.
- the service provider may be a software service provider that may be a third party software service provider.
- data may be forwarded from the core service provider or vendor to a third party software service provider in the form of an HTTP request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned.
- HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE.
- the HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP status codes may be used to indicate success and failure.
- An HTTP request to an API endpoint may require authentication.
- the API may conform to a Representational State Transfer (REST) style.
- REST Representational State Transfer
- an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor.
- Keys may be included in HTTP headers, for example, for every HTTP request. Keys may be in the form of a string, such as a base04 encoded string, for example.
- a timestamp may be included in HTTP headers for HTTP requests to an API endpoint.
- a Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
- An HTTP request to an API endpoint may include a payload.
- the request and payload may be formatted as any HTTP request.
- a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
- the payload may include elements such as a type of analysis performed, an asset type, an address or transaction hash, a type of analysis, and a customer reference or ID.
- JSON request payload can include:
- the service provider may return, to the core service provider or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the account.
- the result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored.
- JSON response payload can include:
- a request for a verification may be made to a third party service provider, wherein a verification or risk score is based on the specifics of fund contributors to a queried address.
- a risk score may be, for example, a numeral ranging from o to to, wherein o or r correspond to little, low, or no risk, and 9 or to correspond to high risk.
- a risk score may be a floating point value such as o.oor or4.58.
- a request for a risk score may be made to a third party service provider, wherein the risk score is based on the specifics of recipients of funds from a queried address.
- the virtual currency wallet address and transaction details may be stored by a software service provider. In one example, this risk analysis may be performed after the withdrawal. In one example, if the account is deemed high risk, the account may be flagged or placed in a “hold” or “pending approval” state, or similar.
- a progessive, interactive interview is presented to the customer via a terminal or point of sale display, using, for example, a series of one or more graphical user interfaces (GUIs) in a browser element.
- GUIs graphical user interfaces
- data may be stored at the terminal or point of sale, at least temporarily reflecting customer selections.
- cookies may be stored in association with the customer/transaction in a user session, using, for example, JavaScript.
- the cookies may then be utilized to prepare or produce a payload for transmission, for example, a JSON encoded data element.
- a payload/ JSON encoded data element maybe prepared without the use of cookies.
- the JSON encoded data element may comprise multiple elements reflecting the customer selections and/or request along with information such as identifying information of the terminal or point of sale at which the request is being prepared and timestamps. Additionally, API keys and/or API secret keys may be included with the payload data element.
- a stored machine state is updated. This can be maintained in various network locations, for example, near the edge or at a central server location. Caches at the client terminal or point of sale, or in the network path or at the central server may be used to store a machine state, for example.
- a customer approaches a terminal or point of sale.
- the customer may select a transaction type, for example, “Buy Virtual Currency,” and selects type of virtual currency, for example, “Bitcoin,” in a GUI display of the terminal or point of sale.
- a transaction type for example, “Buy Virtual Currency”
- type of virtual currency for example, “Bitcoin”
- the machine state stored in a database, datastore, or internet of things model, for example.
- the machine state may be incrementally updated with each secure request associated with a user selection, to build a string or payload, for example.
- Each request may be filtered at the service provider side, where security measures may be in place. For example, code injection requests may be logged along with the origin. Further, the origin may be blocked from making further requests until the request is reviewed and cleared.
- the request specifications may be aggregated into a complete payload to make a complete request.
- the complete aggregate payload may be used to deliver a complete request to the vendor or software service provider.
- FIG. 9C is a flowchart showing a customer funds deposit and virtual currency purchase process connected with a virtual currency machine state.
- a user or customer may visit a terminal which may be a virtual currency terminal, for example.
- the customer may be presented with a series of user interfaces in an interview to allow for ascertaining the customer’s specifications for a transaction request.
- the customer interview corresponds to 955-959, for example.
- a machine state corresponds to 954a-954d, for example.
- the machine state may be stored in any location between the client and the cloud service. For example, the machine state may be stored or cached locally at the terminal, near the edge or fog layer, or at a central server.
- queries/requests (952a-952e) and updates (953a-953e) maybe made between the terminal and a software service.
- the queries and updates may handle and/or update a machine state (954a-954d) associated with the terminal .
- data elements 954a-954d could include other parameters. Additionally, such data elements could include, for example, API keys and/or secret keys.
- a customer may select to purchase a virtual currency 955 in exchange for cash via a cash deposit at the terminal.
- An initial state for the terminal may be empty or null, for example.
- the initial state maybe requested 952a before or during the customer’s initial selection 955, for example and communicated from a software service provider via a secure session via a VPN.
- the query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal.
- a JSON data element may be created or prepared by the software service provider.
- the data element may be encrypted and delivered to the terminal.
- an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN.
- the update may include the delta or changes to the initial or current machine state.
- the update may be communicated to the software service provider as an encrypted payload.
- a JSON data element may be created or prepared at the terminal.
- the data element may be encrypted and delivered to the software service provider 953a.
- the software service provider may decrypt the payload to reveal a decrypted payload 954a and update the machine state for the terminal, for example by updating a database or datastore.
- the current machine state may be queried or requested 952b before or during the customer’s next selection 956, for example and communicated from a software service provider via a secure session via a VPN.
- the query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal.
- a JSON data element may be created or prepared by the software service provider.
- the data element may be encrypted and delivered to the terminal.
- the customer may select a virtual currency 956 to buy in exchange for cash via a cash deposit at the terminal.
- an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN.
- the update may include the delta or changes to the initial or current machine state.
- the update may be communicated to the software service provider as an encrypted payload 953b.
- a JSON data element may be created or prepared at the terminal.
- the data element may be encrypted and delivered to the software service provider.
- the software service provider may decrypt the payload 953b and update the machine state for the terminal, for example by updating a database or datastore.
- the current machine state may be queried or requested 952c before or during the customer’s next selection 957, for example, and communicated from a software service provider via a secure session via a VPN.
- the query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal.
- a JSON data element may be created or prepared by the software service provider.
- the data element may be encrypted and delivered to the terminal.
- the customer may select a virtual currency amount 957 to buy 1 Bitcoin (BTC).
- BTC 1 Bitcoin
- an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN.
- the update may include the delta or changes to the initial or current machine state.
- the update may be communicated to the software service provider as an encrypted payload 953c.
- a JSON data element may be created or prepared at the terminal.
- the data element may be encrypted and delivered to the software service provider.
- the software service provider may decrypt the payload to reveal a decrypted payload 954c and update the machine state for the terminal, for example by updating a database or datastore.
- the current machine state may be queried or requested 952d before or during the customer’s next selection or action 958, for example, and communicated from a software service provider via a secure session via a VPN.
- the query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal.
- a JSON data element may be created or prepared by the software service provider.
- the data element may be encrypted and delivered to the terminal.
- the customer may enter a virtual currency wallet address 958.
- an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN.
- the update may include the delta or changes to the initial or current machine state.
- the update may be communicated to the software service provider as an encrypted payload 953d.
- a JSON data element may be created or prepared at the terminal.
- the data element may be encrypted and delivered to the software service provider.
- the software service provider may decrypt the payload to reveal a decrypted payload 954d and update the machine state for the terminal, for example by updating a database or datastore.
- the current machine state may be queried or requested 952e before or during the customer’s next selection or action 959, for example, and communicated from a software service provider via a secure session via a VPN.
- the query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal.
- a JSON data element may be created or prepared by the software service provider.
- the data element may be encrypted and delivered to the terminal.
- the customer may deposit cash 959.
- an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN.
- the update may include the delta or changes to the initial or current machine state.
- the update may be communicated to the software service provider as an encrypted payload 953e.
- a JSON data element may be created or prepared at the terminal.
- the data element may be encrypted and delivered to the software service provider.
- the software service provider may decrypt the payload to reveal a decrypted payload and update the machine state for the terminal, for example by updating a database or datastore.
- FIG. 9D is a flowchart showing a customer funds withdrawal and virtual currency sale process connected with a virtual currency machine state.
- a user or customer may visit a terminal which may be a virtual currency terminal, for example.
- the customer may be presented with a series of user interfaces in an interview to allow for ascertaining the customer’s specifications for a transaction request.
- the customer interview corresponds to 965-969, for example.
- a machine state corresponds to 904a-904d, for example.
- the machine state may be stored in any location between the client and the cloud service. For example, the machine state may be stored or cached locally at the terminal, near the edge or fog layer, or at a central server.
- queries/requests (902a-902e) and updates (903a-903e) may be made between the terminal and a software service.
- the queries and updates may handle and/or update a machine state (904a-904d) associated with the terminal .
- data elements 904a-904d could include other parameters. Additionally, such data elements could include, for example, API keys and/or secret keys.
- a customer may select to sell a virtual currency 965 in exchange for cash via a cash withdrawal at the terminal.
- An initial state for the terminal may be empty or null, for example.
- the initial state may be requested 962a before or during the customer’s initial selection 965, for example and communicated from a software service provider via a secure session via a VPN.
- the query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal.
- a JSON data element may be created or prepared by the software service provider.
- the data element may be encrypted and delivered to the terminal.
- an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN.
- the update may include the delta or changes to the initial or current machine state.
- the update may be communicated to the software service provider as an encrypted payload.
- a JSON data element may be created or prepared at the terminal.
- the data element may be encrypted and delivered to the software service provider 963a.
- the software service provider may decrypt the payload to reveal a decrypted payload 964a and update the machine state for the terminal, for example by updating a database or datastore.
- the current machine state may be queried or requested 962b before or during the customer’s next selection 966, for example and communicated from a software service provider via a secure session via a VPN.
- the query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal.
- a JSON data element may be created or prepared by the software service provider.
- the data element may be encrypted and delivered to the terminal.
- the customer may select a virtual currency 966 to sell in exchange for cash via a cash withdrawal at the terminal.
- an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN.
- the update may include the delta or changes to the initial or current machine state.
- the update may be communicated to the software service provider as an encrypted payload 963b.
- a JSON data element may be created or prepared at the terminal.
- the data element may be encrypted and delivered to the software service provider.
- the software service provider may decrypt the payload 963b and update the machine state for the terminal, for example by updating a database or datastore.
- the current machine state may be queried or requested 962c before or during the customer’s next selection 967, for example, and communicated from a software service provider via a secure session via a VPN.
- the query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal.
- a JSON data element may be created or prepared by the software service provider.
- the data element may be encrypted and delivered to the terminal.
- the customer may select a virtual currency amount 967 to sell 1 Bitcoin (BTC).
- BTC 1 Bitcoin
- an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN.
- the update may include the delta or changes to the initial or current machine state.
- the update may be communicated to the software service provider as an encrypted payload 963c.
- a JSON data element may be created or prepared at the terminal.
- the data element may be encrypted and delivered to the software service provider.
- the software service provider may decrypt the payload to reveal a decrypted payload 964c and update the machine state for the terminal, for example by updating a database or datastore.
- the current machine state may be queried or requested 902d before or during the customer’s next selection or action 968, for example, and communicated from a software service provider via a secure session via a VPN.
- the query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal.
- a JSON data element may be created or prepared by the software service provider.
- the data element may be encrypted and delivered to the terminal.
- the customer may enter a virtual currency wallet address 968.
- an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN.
- the update may include the delta or changes to the initial or current machine state.
- the update may be communicated to the software service provider as an encrypted payload 963d.
- a JSON data element may be created or prepared at the terminal.
- the data element may be encrypted and delivered to the software service provider.
- the software service provider may decrypt the payload to reveal a decrypted payload 904d and update the machine state for the terminal, for example by updating a database or datastore.
- the current machine state may be queried or requested 902e before or during the customer’s next selection or action 969, for example, and communicated from a software service provider via a secure session via a VPN.
- the query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal.
- a JSON data element may be created or prepared by the software service provider.
- the data element may be encrypted and delivered to the terminal.
- the customer may withdraw cash 969.
- an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN.
- the update may include the delta or changes to the initial or current machine state.
- the update may be communicated to the software service provider as an encrypted payload 903e.
- a JSON data element may be created or prepared at the terminal.
- the data element may be encrypted and delivered to the software service provider.
- the software service provider may decrypt the payload to reveal a decrypted payload and update the machine state for the terminal, for example by updating a database or datastore.
- an operator or vendor is allowed to select various settings to customize a security protocol. Any individual setting, or combination of settings, may be used together to provide a factor or various factors.
- a. One setting may be a minimum purchase amount setting.
- One setting may be a maximum purchase setting.
- One setting may be a customer identification requirement.
- a customer identification requirement may be comprised of one or more of the following, for example: i. SMS Verification ii. Fingerprint iii. Part of a social security number, for example, the last four digits iv. Photo ID v. Face photo vi. Barcode or Magnetic Stripe Scan of government ID vii. First name viii. Last name ix. Address x. Date of birth xi. A third party trust or risk score xii. A bank card d. A 24-hour customer volume limit e. A minimum customer age
- Owner-operators may ‘link’ different customers or users together with a common unique identifier “UUID”. For example, when two or more customer profiles are ‘linked’ through a unique identifier, the customers’ available purchasing power for buying and selling on the owner-operator’s machines is inclusive of the daily volume done across all the linked profiles.
- Customer A and Customer B are linked to a custom unique identifier.
- Owner-operator may also automatically freeze transactions for customers who have been “linked” together as a UUID because it is suspected they are sharing financial information. Such a feature permits the owner-operator to have complete control over who is using their terminals or kiosks, by freezing transactions associated with specific customers, whereby no virtual currency will be sent thus allowing for additional due diligence to be gathered before allowing a transaction to be completed.
- the system and method also may allow the ability to detect when a customer’s virtual currency wallet address has been shared between multiple customers.
- the software automatically cross-references this address across all of the owner-operator’s transactions. If the address has already been used by a different customer whose profile is not already linked to the current customer through a common unique identifier, the current customer’s account may then placed in the ‘pending review’ state for manual review by the owner-operator, and the software alerts the owner-operator via a text message and email notification of the shared wallet address.
- the system and method may allow the ability to detect and flag when there is a mismatch between information submitted by a customer at different verification tiers. For instance, if a customer scans an ID that includes the name “Bob Smith” but then later submits a registration application with the name of “Johnny Appleseed” their account may be placed in the ‘pending review’ state for manual review by the owner-operator, and the system or software may alert the owner-operator via a text message and email notification of the customer identification mismatch.
- the system and method may allow the ability to manually set the volume limits for a given customer, regardless of where they may otherwise stand based on the information they’ve submitted and the owner-operator’s requirements. This allows owner-operators to effectively scale a customer’s purchasing power up or down based on perceived risk or enhanced due-diligence.
- the system and method may allow a terminal or kiosk owner-operator to set volume limits for a specific virtual currency wallet address in the event that a customer (or customers) is/are using said wallet to avoid normal KYC/AML detection.
- the system and method may require a terminal or kiosk customers to accept personal ownership of the wallet that they are using when transacting on the kiosk, which acts as a pre-emptive safeguard against unlawful money transmission, in addition to helping flag and prevent possible scam-related transactions where users are, under duress, told to send money to third parties.
- the system and method may permit a terminal or kiosk owner-operator to implement a standard procedure to freeze all new customer accounts depending on the customer’s age. For example, an owner-operator can set a rule for all his/her kiosks that all new customers under 18 who register an account will be frozen until reviewed and then approved by owner-operator.
- an operator of one or more terminals may set a threshold using a GUI for transaction volume at or after which one or more customer accounts will be frozen until the due diligence is completed. For example, a customer account may be frozen after a total of $50,000 volume has been transacted by the customer curing some or all of the customer account history. The customer may then be disallowed from performing further transactions until the due diligence is completed.
- alerts may be created for a customer.
- alerts may be created for customers whose accounts have been frozen as described above.
- SMS or email alerts may be created for customers.
- the alerts may be delivered to, for example, compliance officers or contacts. Operators may create such settings in an operator console for managing terminals and/or customers, for example, as described herein.
- an operator console for managing terminals and/or customers may include a GUI allowing for customers to be whitelisted.
- a GUI allowing for customers to be whitelisted.
- an operator may whitelist the customer account.
- the ability to whitelist may be permissioned- for example, the capability to whitelist may be set such that a compliance manager or higher operator account permission is needed to whitelist.
- the system and method may allow the ability to “blacklist” virtual currency wallet addresses and ID cards. This provides additional alerting to the owner-operator, as they receive an additional text message and email notification in the event that any customer enters a wallet address or scans an ID card that has been blacklisted by the owner-operator. Any customer submitting a blacklisted datapoint is automatically placed in the ‘pending review’ state for manual review by the owner-operator.
- the system and method may allow the ability for owner-operators to specify hours of operation for their terminals or kiosks. This ensures that the owner-operator is only providing exchange services through their kiosks between a set opening and closing time schedule. The kiosk becomes unavailable between the hours after closing and before opening time and customers are not able to transact.
- Face detection A face detection process may occur at a client terminal.
- a hardware camera may be used to gather user image or video data.
- a user’s face may be detected within the data, for example, by selecting image frames or frames within a video containing a detected face.
- a face detection may occur at a client terminal.
- a face may be identified and localized in an image or video data of a user. Coordinates of facial features may be determined and bounding boxes maybe defined for each feature or combination of features. Facial attributes and landmarks may be detected, and distances between features or landmarks may be determined. The scale and orientation of a detected face may be determined. A confidence score may be determined which provides a confidence level estimate of the face detection prediction or determination.
- a confidence score may be used to determine a next process.
- parts of such image or video data, or processed or preprocessed data may be forwarded to a core service provider or vendor, or further to a service provider, and face detection as above may be carried out by the service.
- a base64 encoded image or full image file may be communicated to the server from a client terminal.
- the service provider may be a software service provider that may be a third party software service provider.
- data may be forwarded from the core service provider or vendor to a third party software service provider in the form of an HTTP request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned.
- HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE.
- the HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP status codes may be used to indicate success and failure.
- An HTTP request to an API endpoint may require authentication.
- the API may conform to a Representational State Transfer (REST) style.
- REST Representational State Transfer
- an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor.
- Keys may be included in HTTP headers, for example, for every HTTP request. Keys may be in the form of a string, such as a base64 encoded string, for example.
- a timestamp may be included in HTTP headers for HTTP requests to an API endpoint.
- a Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
- An HTTP request to an API endpoint may include a payload.
- the request and payload may be formatted as any HTTP request.
- a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
- the payload may include, for example, a base64 encoded image version or a full image file.
- the service provider may return, to the core service provider or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the request. For example, o, t, or 2 may be returned to indicate no match, partial match, or match.
- the result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored.
- the result may include a payload formatted in HTML, XML, JSON, or another format.
- such a payload could include:
- a server side model may be trained using user data, such as image or video data.
- Image or video data may be forwarded to the server from a client terminal.
- parts of such data, or processed or preprocessed data may be forwarded to the server, for example a base64 encoded image or full image file may be communicated to the server from a client terminal.
- a decentralized learning model may be carried out on a client terminal device or server-side.
- An application on the terminal device may download a machine learning model, for example, in compressed form.
- a model may also be pre-installed on a client terminal.
- Such a model may be pre-trained on a selected dataset, for example, currently known users, or known criminals etc.
- Known users for example, may be those for which image, video, or face data already exists, associated with an account, and/or has been verified.
- Changes to the model, for example, addition of new user data, on a server may be downloaded to a terminal. This allows for less dependency on online connectivity.
- preprocessing and training of the model may be carried out at a terminal without needing to send data to a server, reducing overhead for the client and server.
- a server machine learning model may be retrained simply using delta values calculated at the client and sent to the server. This is additionally advantageous since the system can function offline. Round-trip to server and processing time is also reduced, creating a lower latency for the end user.
- Computation, storage, networking, decision making, and data management resources and applications may be placed or allocated at a server of, for example, a cloud service provider, or nearer the edge.
- resources may be allocated network elements, such as servers, cloudlets, or caches, closer to the end user at a client device may be utilized.
- fog computing may place resources closer to end users to reduce latency, for example.
- Some examples of the advantages of the presented technology include speed, efficiency, and security over present systems.
- transmission of data requiring heavier bandwidth, such as image or video may be reduced or eliminated, in some cases.
- privacy may be more preserved when such data items need not be transmitted through the network.
- a terminal device may be perform a facial recognition process for an end user, however, since the end user must be physically present at the geographic location of the device or terminal, the likelihood of the user revisiting the same device, or nearby devices, is increased. Therefore, maintaining data associated with the user’s facial recognition process closer to the geographic endpoint where it is performed provides a more relevant dataset and reduces the need for central server round trips, for example.
- Computational load is also decreased for each request. That is, rather than one large shared dataset, many datasets are effectively created and localized or hyper-localized.
- a hierarchy of computational resources is provided.
- a central server or software service may be provided as a first, top, or core layer, such as in a cloud layer.
- At least a second layer may be provided between the first layer and an edge layer of devices or terminal.
- the second layer may contain computational resources such as servers, proxies, or caches between the top layer elements and a subset of edge elements.
- Each of the network elements of the second layer may be then more closely associated with particular edge devices, wherein the edge elements may be with closer proximity to each other.
- the second elements may be more closely associated with particular geographic locales.
- various important or relevant features represented as numerical vectors are extracted from an image or video of a customer at the terminal or device.
- Extracted features may be compared to, for example, features of training images, which may be various images of the same face, for example, in a database.
- the database is queried in order to determine the nearest-neighbor feature for some or ah of each feature extracted at the terminal or device.
- An approximation nearest-neighbor search may be executed.
- the closest feature matched data may be selected, which may be geometrically verified. Accordingly, a threshold value may be determined above which a match is considered to be found. If it is determined that a match is not found at the terminal or device, a request may be forwarded to a cloud server, for example.
- the request may include the extracted features and/or image gathered.
- a model present at the terminal or device may be retrained using the features or feature data gathered.
- a geographic location of a device may be determined. From the geographic location, a subset of the model may be selected as the most relevant. The subset may be compared with the image to check for a hit. If there is not hit, a broader subset of the model, or the whole model, may be selected for comparison.
- various models may be stored, and a particular model may be selected according to one or more metrics. For example, a geographic location of a device may be used to determine a particular model. This model maybe delivered, installed, and/or updated on terminals or devices in geographic locale. For example, a particular model may be used for terminals or devices with an IP address in the United States, or in a region of the United States such as a southwest region.
- Models may be blended models, including selected model sets, for example, criminal data sets plus geographic user data sets.
- Fig. to is a diagram showing a decentralized learning network.
- Various network client devices such as mobile phones (1002a, t002f) or hardware terminals (i002b-t002e, t002g) as previously described may be connected through a cloud network 1001.
- the cloud network may include services provided by a software service provider.
- client devices I002a-t002g may each house or store local data and machine learning models. Changes to the local models may be calculated and updated, and the updates may be communicated to the service provider. The service provider may update a global model according to the updates received. Thereafter, the new global model or global updates may be distributed to the client devices. The process may be then repeated.
- a vendor or software service provider may provide software services for terminals operated by one or more operators. Each operator may own or operate one or more terminals.
- the terminals may be, for example, virtual currency transaction terminals, as above.
- the vendor or software service provider may provide account management tools to the operators, for example, the cloud-hosted account management websites or portals.
- a messaging service may be provided by a service provider.
- the service may be delivered via cloud services.
- cloud services may refer to software services and the like at any layer, including services closer to the edge, for example, such as in a fog computing environment, and in other examples, centralized services further from the edge.
- the service provider may make determinations regarding transaction requests.
- One advantage of such an environment is that it allows for centralized updating of the services and/or deployment of updates.
- cloud computing resources may be easily replicated and added or removed to meet demand, tailoring costs more precisely to meet demand.
- a virtual currency transaction in such an environment, several parties may be owed fees, such as licensing fees or service fees, during a transaction.
- fees such as licensing fees or service fees
- the current system allows for the easy and organized settlement of such fees.
- a central vendor may be owed a fee
- a terminal or point of sale operator may be owed a fee, etc.
- such fees may be settled using any currency, for example fiat or a virtual currency.
- the operator terminals or points of sale may be associated with a virtual currency wallet address.
- a transaction such as a purchase or sale of virtual currency in exchange for fiat currency may be carried out at a virtual currency terminal.
- a vendor may charge a fee of 1% of the transaction amount while the terminal owner and/or operator may have set a fee of 10% of the transaction amount.
- a virtual currency exchange may be queried at the time of the transaction to determine, for example, the exchange rate for the virtual currency.
- Bitcoin may be the virtual currency.
- a virtual currency exchange is queried and it is determined that the exchange rate for Bitcoin is $10,000, then a $1.00 fee would be equal to $i.oo/$to, 000.00 Bitcoin, or 0.0001 Bitcoin, for example.
- This fee value may be stored in a database or datastore, for example. The fee may be charged immediately, or at a later point in time.
- the fee may be charged by a software service provider or vendor making a request to withdraw funds from the terminal operator’s virtual currency wallet and deposit the funds into the vendor’s virtual currency wallet.
- a terminal when a transaction occurs, a terminal’s operator or owner may be owed a fee.
- the fee may be set or determined by the operator, using access to an account and through consoles as presented previously.
- the fees may be communicated to a core software service provider or vendor and updated in a database or datastore. The updated fees are used in the fee determinations and distributions.
- a transaction such as a purchase or sale of virtual currency in exchange for fiat currency may be carried out at a virtual currency terminal.
- a vendor may charge a fee of 1% of the transaction amount while the terminal owner and/or operator may have set a fee of 10% of the transaction amount.
- a virtual currency exchange may be queried at the time of the transaction to determine, for example, the exchange rate for the virtual currency.
- Bitcoin may be the virtual currency.
- a virtual currency exchange is queried and it is determined that the exchange rate for Bitcoin is $10,000, then a $100.00 transaction amount would be equal to $ioo.oo/$to, 000.00 Bitcoin, or 0.01 Bitcoin, for example.
- a virtual currency exchange is queried and it is determined that the exchange rate for Bitcoin is $10,000, then a $10.00 fee amount would be equal to $10.00/ $10,000.00 Bitcoin, or 0.001 Bitcoin, for example. Therefore, to purchase 0.01 Bitcoin, a customer may be required to deposit USD $110.00 at the given time.
- the operator fee may simply remain in the terminal as cash as profits. For the previous example, $10.00 remains in the terminal as cash profit.
- a customer may request a cash withdrawal, in the example above wherein 1 Bitcoin is priced at $10,000 and the operator fee is 10%, then the customer may send 1 Bitcoin to the operator wallet address in exchange for withdrawing $9,000 USD in cash.
- the operator may dispose of the 0.1 Bitcoin profit in any manner, such as by selling for cash, keeping the virtual currency, or a combination of the two.
- network terminals may track and communicate inventory levels within.
- an ATM may be capable of tracking the notes currently present in the machine. For example, an atomic count of the number of each $1, $5, $10, $20, , $50, $100, etc. bills may be continuously tracked and updated.
- this can be accomplished by tracking initial stocking of each type of bill and subsequent transactions wherein bills are dispensed. For example, if 50 units of $20 bills are stocked, initially, and a transaction releasing one unit $20 bill is executed, then the machine may track or communicate the delta or change.
- the software service provider may keep track of each atomic bill unit present in each machine or terminal in a network of machines or terminals in a database or data store, for example. When changes are made during each transaction, the database count may be updated. Therefore, terminals may send a payload to the software service provider identifying the bill units that were used to execute the transactions.
- the details of the transaction may be scripted by the software service provider, wherein the details and bill denominations to be used are determined by the software service provider.
- the software service provider communicates a payload to the respective terminal or machine, wherein the payload includes the bill denominations to be used for the transaction.
- a payload maybe, for example, a JSON payload.
- a master accounting of each bill in each terminal in a distributed terminal network is constantly maintained by the software service provider, and may show real-time, or near real-time, data.
- the updates may be entered, for example, by a terminal operator.
- a terminal may be capable of counting the notes or bills that have been restocked.
- the updates again, may be communicated to the software service provider.
- a payload such as a JSON payload
- a payload maybe communicated from an operator account console, for example, the console as described herein.
- a similar payload may be communicated directly from the terminal to the software service provider.
- a future state or projected state may be predicted or determined. For example, in a network of two terminals, terminal A and terminal B, where terminal A is on the west coast of the U.S., and terminal B is on the east coast of the U.S., a transaction state may be predicted. In one example, customer A on the west coast may send $100 in funds from terminal A (by depositing $100 at terminal A) to customer B on the east coast. Customer B may be directed or routed to terminal B as being the nearest terminal, for example. In this case, it may be projected that the withdrawal of $100 will be necessary at terminal B in the near future.
- the software service provider or system may predict this future need, and $100 in currency in terminal B may be reserved and/or locked.
- other customers may be restricted from withdrawing cash or currency from terminal B that would preclude the availability of the reserved $100.
- the withdrawal may be arranged with an expiration time period, for example. After such an expiration period, the reserved funds maybe unlocked or allowed to become available.
- historic data may be used to identify trends in inventory needs in each terminal. Responsive and adaptive actions may be taken, automatically, in response to the given trends. For example, future needs may be predicted, extrapolated, or calculated based on observed trends data. In one example, a data curve may be established such as a linear increase in need for a certain bill based on usage- for example, $20 notes maybe increasing in need. The system may incorporate this information to intelligently determine a future state, as described previously. Transactions and locking/limiting may be carried out accordingly.
- Recommendations may be provided to customers based on the inventory distribution and/or fee settings/state within the network.
- a customer may access an application via a mobile app, or other computing device, for example.
- the application may determine or predict the customer’s general or specific location by using any of, for example: a. a GPS determination/query b. a previous location or activity of the customer c. a previous setting set by the customer, operator, or software service provider d. a default setting e. manual entry f. metadata g. a last used machine and/or time frame User Routing
- recommendations may be may to direct, or route, the customer to locations meeting certain requirements or preferences.
- the customer may be directed to terminals that are nearest and can satisfy a transaction with particular requirements, such as sufficient funds available.
- particular requirements may be based on customer preferences, such as maximum desirable fee limits and/or not exceeding a certain distance from the customer’s location.
- a customer may be allowed to enter, modify, or search according to preferences.
- preferences may be set according to, for example, settings set in a user account management portal, default settings, or may be a search, filter, or selection made from within an application at the time of the customer’s use of the application.
- a map may be presented to the user or customer, for example.
- FIG. 9E is a diagram showing a map comprising terminals (white filled circles/dots) near a customer’s location (black filled circle/dot).
- an SMS be delivered to the customer to notify the customer that a withdrawal of funds is available, for example.
- the SMS may include a map element which displays the terminals selected based on the recommendations.
- the map may be embedded in an image in the SMS, in one embodiment.
- the map may be a web page, and the SMS may include a link to the webpage.
- Such a map may be a GUI wherein terminals are displayed as GUI icons or elements in their locations, and respective to the customer’s location, for example.
- the GUI icons or elements may be colored coded, shaded, or similarly pictographically differentiated alone with a key, for example, to show various classifications for the terminals meeting particular criteria.
- GUI icons or elements that operate at certain hours, such as 24-hour locations may be displayed in a particular color or in a certain distinguishable manner.
- GUI icons or elements that are capable of transaction a particular type of currency or virtual currency may be displayed in a particular color or in a certain distinguishable manner.
- FIG 9F shows an example distributed network terminal environment.
- a service provider 981 may provide a suite of software services 982, for example.
- the software services may include, for example, data management, account management, security management, and/or transaction management services.
- Operators (984a and 984b) may operate terminals or sets of terminals.
- Operator 984a operates terminals 985a, for example.
- Terminals such as 985a and 985b are in communication with the software services 982, through a network and/or VPN for example.
- Operators may access aspects of the software services through user portals, consoles, and/or web applications (983a and 983b), for example.
- operator consoles such as those described herein may include GUI elements, for example, that provide compliance and other management via web applications 983a, for example.
- operator 984a may design a security profile for all terminals, or a subset or selected group of terminals 985a. Operator 984a may implement some or all of the designed security profile by making given GUI selections for particular options consistent with the security profile.
- the security profile may be immediately updated and/ or propagated to the distributed terminals network.
- a selection can be instituted by modifying a security item stored in a database via the software services 982, for example.
- the security item maybe referred to during a customer transaction at a terminal. Therefore, the customer transaction workflow may be immediately modified.
- a compliance trigger may be set by operator 984a that requires a fingerprint verification. Upon this setting, the workflow at one or more associated terminals in 985a may be modified such that customers will then be routed through a fingerprint entry/scan interview.
- terminal side code for example, instructions stored in files at the terminal that queries the backend software service provider between GUi views at a terminal.
- a request can be via a JSON payload in an HTTP/HTTPS request, for example.
- the backend software service provider may check the values in the database or datastore regarding each security factor, setting, or selection. Based on the values, the software service provider may deliver a response including the page view corresponding to the setting value via a HTTP/HTTPS response in a JSON payload, for example, to the terminal. The next page or terminal view may render based on the response.
- a customer can be alternatively routed to a view based on backend settings that can be updated in real-time, or nearly real-time, to accomplish workflows according to operator-designed security profiles.
- This is advantageous since security requirements are constantly changing and/or evolving.
- the current invention allows for a responsive system to quickly and precisely meet these requirements. Further, the current invention allows for a high degree of customizability.
- operators 984a and 984b can provide different security profiles without sacrificing speed or precision.
- compliance settings might include, requiring entry of first and/or last name, date of birth, email, social security number, and/ or photo or scan of ID. Each selection may modify the workflow end-user/customer experience at each terminal that is in the affected group. These settings may also be gated or specified under particular conditions. For example, a stricter security profile may be designed for transactions greater than a specified amount.
- a system may be provided to allow users or customers to configure terminals during purchase, order, or request, for example.
- GUI graphical user interface
- the GUI may be one of numerous in a user, operator, or customer account portal as described herein. Since the user or operator may be logged into his/her account as described herein, an operator ID, customer ID, or user ID may be associated with the user. Thus, orders or purchases made in the account may cause a new terminal, machine, or client ID to be generated (for example, by the provider), which may, in turn, be automatically associated with the user/operator and/or user’s/operator’s account. The terminal may then be associated with the other user account portal capabilities described herein. In this way, the terminal or client is added to a distributed terminal network.
- the GUI may include numerous configuration elements and/or options.
- the elements may allow a user to select from a dropdown list, for example, from various terminal configuration options.
- a user interface element may be provided in such a GUI allowing selection of a terminal or machine type.
- an order may be placed for a kiosk, machine, or terminal.
- Each option may include and/ or pre-populate default selections in any of the other fields displayed, for example.
- the terminal may be available from, for example, a seller or provider.
- the seller or provider may also be a provider of software or other services for the terminal, as provided herein.
- the terminal may be one that can optionally include, make available, or enable, various software portions or programs. Such software portions or programs may be pre-installed on the terminal, scheduled for installation, made available from, for example, a cloud environment, downloaded to the terminal, or any combination of the aforementioned.
- particular software options may be set as included, installed, or enabled by default.
- a user interface element may be provided in such a GUI allowing selection of such software options as described above.
- such software may include virtual currency transaction instructions, programs, code, and/or capabilities.
- virtual currency software maybe included, installed, or enabled by default with the selection of the machine type “Satoshm” displayed.
- such software may include fiat or cash currency transaction instructions, programs, code, and/or capabilities .
- fiat or cash currency transactions do not utilize virtual currency (such as the selection “Include ATM software (S/W)” selection displayed in 982).
- the terminal may include virtual currency transactions software as default above, and where ATM software is selected, the terminal will be configured to allow, enable, or include software for both virtual currency transaction capabilities/functions and fiat/cash transactions (that do not utilize virtual currency) capabilities/functions.
- a user interface element may be provided in such a GUI allowing selection of a CPU type.
- a user interface element may be provided in such a GUI allowing selection of a lock type.
- a user interface element may be provided in such a GUI allowing selection of a key type.
- a user interface element may be provided in such a GUI allowing selection of a security belt.
- a user interface element may be provided in such a GUI allowing selection of a bill acceptor cassette.
- a user interface element may be provided in such a GUI allowing selection of a decal installation.
- a user interface element may be provided in such a GUI allowing selection/entry of a quantity of the selected terminal with the selected options. In one embodiment, a user interface element may be provided in such a GUI allowing selection/entry of a delivery and shipping options and/or details.
- a user interface element may be provided in such a GUI allowing selection/entry of additional order instructions and/or details.
- the selected configuration options may be intelligently linked to purchase order processing and/ or hardware production and delivery.
- particular selections may route orders to varying production lines, plants, or departments.
- User roles may be defined. In one example, operators may include several users for management of terminals. Users maybe assigned user roles, which can define access privileges to terminals and/or for subsets of terminals. The access privileges may limit the actions users in a user role group are permitted. For example, user console actions/tools may be limited or restricted.
- the Manager role is a full user, with access to all permissions.
- the Compliance Officer role has full access to customers, transactions, and compliance tools.
- the Customer Support role has read-only access to transactions and customers, with the ability to leave notes on both as well as send SMS messages to customers.
- the Accountant role has read only access to transactions as well as the ability to export transactional data.
- Groups Management In one aspect of the invention, realtime groups management is possible.
- An operator may assign various terminals to different groups.
- a software service provider may also assign settings for terminal groups, which may be, for example, higher level and immutable by the operator..
- Each group may be identified by a label or name assigned by the operator, for example. Configuration settings may then be selected, updated, and/or implemented and propagated to some or all of the groups simultaneously.
- an operator may purchase and/or manage a first set of terminals that include Terminal l, Terminal 2, Terminal 3, Terminal 4, and Terminal 5.
- the operator may log into his user account portal.
- the operator may then, for example, assign Terminals 1-3 into a group and add an identifier/label as Group A.
- the operator may, for example, assign Terminals 4-5 into a group and add an identifier /label as Group B.
- the operator may then select, create, or update one or more settings, for example, for a group of terminals at once. For example, the operator may select Group A and set a minimum of maximum purchase limit. This setting will be propagated to all terminals belonging to Group A. When a terminal is added to Group A after one or more settings have been created or set, the terminal added will inherit the current settings profile and/or state.
- a terminal may be assigned to a group but also specified to not inherit or share the group’s settings, or, in other words, specifically excluded from the group’s settings.
- a setting may be a configuration setting that may be enabled or disbaled to only be available at a service provider (such as a software service provider) level. If enabled as to be only accessible to the provider, then the operator may not have access or ability to change the setting.
- a service provider such as a software service provider
- Examples of such configuration settings may be a terminal capability or functionality, such as the capability to execute virtual currency transactions and/or the capability to execute transactions that do not require or utilize virtual currency, such as a bank withdrawal or deposit using, for example, an ATM card or biometric verification.
- settings described herein including those described in User Defined Security Protocols can be applied selectively in this way, security settings, compliance settings, KYC/AML settings, etc.
- Settings changes may manifest in numerous ways at terminals.
- a settings change may modify the workflow, content, or sequence of GUI elements presented to users or customers.
- the described embodiments provide an adaptive and more robust security environment. For example, several factors for customers at a terminal, for example, are determined and leveraged. The combination of factors creates a nexus of confidence (or lack thereof) around a user.
- connection interrupt between a hardware terminal has less impact on the security in the described embodiments.
- the machine state may be known or saved by the central service, and therefore it may be easily and securely restored, etc.
- the services are easily scalable and the security services are easily modified and quickly implemented system-wide. This is because changes may be simply implemented in the central software services which are immediately used by some or all nodes or terminals. Thus, hardware, terminal, or client side changes are minimized.
- a central service can easily leverage and implement services such as security services from third parties.
- New specialized services are constantly being created and made available, and easily connecting, interacting, and quickly implementing these services is highly advantageous. Since security often relies on quickly evolving against new threats, speed of implementation of new defenses is of great value and importance.
- federated facial recognition systems are additionally advantageous since some or all of the system can function offline. Round-trip to server and processing time is also reduced, creating a lower latency for the end user.
- Embodiments of the subject matter and the actions and operations described in this specification can be implemented in digital electronic circuitry, in tangibly-embodied computer software or firmware, in computer hardware, including the structures disclosed in this specification and their structural equivalents, or in combinations of one or more of them.
- Embodiments of the subject matter described in this specification can be implemented as one or more computer programs, e.g., one or more modules of computer program instructions, encoded on a computer program carrier, for execution by, or to control the operation of, data processing apparatus.
- the carrier may be a tangible non-transitory computer storage medium.
- the carrier may be an artificially-generated propagated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal, that is generated to encode information for transmission to suitable receiver apparatus for execution by a data processing apparatus.
- the computer storage medium can be or be part of a machine-readable storage device, a machine-readable storage substrate, a random or serial access memory device, or a combination of one or more of them.
- a computer storage medium is not a propagated signal.
- data processing apparatus encompasses all kinds of apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, or multiple processors or computers.
- Data processing apparatus can include special-purpose logic circuitry, e.g., an FPGA (field programmable gate array), an ASIC (application-specific integrated circuit) , or a GPU (graphics processing unit).
- the apparatus can also include, in addition to hardware, code that creates an execution environment for computer programs, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, or a combination of one or more of them.
- a computer program can be written in any form of programming language, including compiled or interpreted languages, or declarative or procedural languages; and it can be deployed on a system of one or more computers in any form, including as a stand-alone program, e.g., as an app, or as a module, component, engine, subroutine, or other unit suitable for executing in a computing environment, which environment may include one or more computers interconnected by a data communication network in one or more locations.
- a computer program may, but need not, correspond to a file in a file system.
- a computer program can be stored in a portion of a file that holds other programs or data, e.g., one or more scripts stored in a markup language document, in a single file dedicated to the program in question, or in multiple coordinated files, e.g., files that store one or more modules, sub-programs, or portions of code.
- the processes and logic flows described in this specification can be performed by one or more computers executing one or more computer programs to perform operations by operating on input data and generating output.
- the processes and logic flows can also be performed by special-purpose logic circuitry, e.g., an FPGA, an ASIC, or a GPU, or by a combination of special-purpose logic circuitry and one or more programmed computers.
- Computers suitable for the execution of a computer program can be based on general or special-purpose microprocessors or both, or any other kind of central processing unit.
- a central processing unit will receive instructions and data from a read-only memory or a random access memory or both.
- the essential elements of a computer are a central processing unit for executing instructions and one or more memory devices for storing instructions and data.
- the central processing unit and the memory can be supplemented by, or incorporated in, special-purpose logic circuitry.
- a computer will also include, or be operatively coupled to, one or more mass storage devices, and be configured to receive data from or transfer data to the mass storage devices.
- the mass storage devices can be, for example, magnetic, magneto-optical, or optical disks, or solid state drives.
- a computer need not have such devices.
- a computer can be embedded in another device, e.g., a mobile telephone, a personal digital assistant (PDA), a mobile audio or video player, a game console, a Global Positioning System (GPS) receiver, or a portable storage device, e.g., a universal serial bus (USB) flash drive, to name just a few.
- PDA personal digital assistant
- GPS Global Positioning System
- USB universal serial bus
- embodiments of the subject matter described in this specification can be implemented on one or more computers having, or configured to communicate with, a display device, e.g., a LCD (liquid crystal display) or organic light-emitting diode (OLED) monitor, a virtual-reality (VR) or augmented-reality (AR) display, touchscreen, etc., for displaying information to the user, and an input device by which the user can provide input to the computer, e.g., a keyboard and a pointing device, e.g., a mouse, a trackball or touchpad.
- a display device e.g., a LCD (liquid crystal display) or organic light-emitting diode (OLED) monitor, a virtual-reality (VR) or augmented-reality (AR) display, touchscreen, etc.
- VR virtual-reality
- AR augmented-reality
- a computer can interact with a user by sending documents to and receiving documents from a device that is used by the user; for example, by sending web pages to a web browser on a user’s device in response to requests received from the web browser, or by interacting with an app running on a user device, e.g., a smartphone or electronic tablet.
- a computer can interact with a user by sending text messages or other forms of message to a personal device, e.g., a smartphone that is running a messaging application, and receiving responsive messages from the user in return.
- a system of one or more computers is configured for or configured to perform particular operations or actions means that the system has installed on it software, firmware, hardware, or a combination of them that in operation cause the system to perform the operations or actions.
- That one or more computer programs is configured for or configured to perform particular operations or actions means that the one or more programs include instructions that, when executed by data processing apparatus, cause the apparatus to perform the operations or actions.
- That special-purpose logic circuitry is configured for or configured to perform particular operations or actions means that the circuitry has electronic logic that performs the operations or actions.
- Embodiments of the subject matter described in this specification can be implemented in a computing system that includes a back-end component, e.g., as a data server, or that includes a middleware component, e.g., an application server, or that includes a front-end component, e.g., a client computer having a graphical user interface, a web browser, or an app through which a user can interact with an implementation of the subject matter described in this specification, or any combination of one or more such back-end, middleware, or front-end components.
- the components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (LAN) and a wide area network (WAN), e.g., the Internet.
- LAN local area network
- WAN wide area network
- the computing system can include clients and servers.
- a client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
- a server transmits data, e.g., an HTML page, to a user device, e.g., for purposes of displaying data to and receiving user input from a user interacting with the device, which acts as a client.
- Data generated at the user device e.g., a result of the user interaction, can be received at the server from the device.
- Embodiment l is a method, the method comprising one or more of the following elements: a) managing or maintaining, by the software service provider, the distributed terminal network system, the distributed terminal network system comprising at least: i) one or more specialized servers providing a software service by the software service provider, wherein the one or more specialized servers are in communication, through a network, with at least: a distributed network of terminals, wherein: each terminal of the terminals comprises a hardware terminal, node, point of sale, kiosk, and/or client; each terminal is capable of one-way exchange transactions between virtual currency and fiat currency, two-way exchange transactions between virtual currency and fiat currency, transactions utilizing virtual currency, fiat currency transactions, and/or transactions that do no utilize virtual currency; wherein each point of sale or terminal comprises:
- LCD liquid crystal display
- (11) at least one processor; and/or
- At least one memory storing: a. at least one application, wherein the at least one application is an internet browser application; and/or b. a set of one or more files; i. wherein the set of one or more application files include, at least:
- transaction processing instructions for processing virtual currency transactions comprising, at least: 2. instructions to determine or calculate transaction limits, parameters, and/or fees; and/or
- fingerprint processing instructions for processing fingerprint entry data ii) at least one load balancer configured to route network traffic to the one or more specialized servers; iii) one or more processors; and/or iv) one or more data storage devices; b) creating a first operator account for a first operator, by the software service provider, wherein creating the first operator account comprises: i) creating, by the software service provider, a first operator account identifier for the first operator; ii) storing, by the software service provider, in association with the first operator account, the first operator account identifier in the one or more data storage devices; iii) associating, by the software service provider, login credentials with the first operator; and iv) storing, by the software service provider, the login credentials in the one or more data storage devices; c) associating a first set of terminals with the first operator, wherein associating the first set of terminals with the first operator comprises: i) storing first operator data, by the software service provider, in association with the first operator account,
- the configuration settings comprising: i) permissions to allow functionality for transactions that utilize virtual currency and/or permissions to allow functionality for transactions that do not utilize virtual currency; j) wherein the updating configuration settings comprises: i) enabling permissions to allow functionality for transactions that utilize virtual currency; and ii) enabling permissions to allow functionality for transactions that do not utilize virtual currency; k) in response to the updating configuration settings, permitting, the at least one of the terminals: i) functionality for transactions that utilize virtual currency, wherein functionality for transactions that utilize virtual currency comprises: i) displaying an option to request a transaction that utilizes virtual currency; ii) functionality for transactions that do not utilize virtual currency, wherein functionality for transactions that do not utilize virtual currency comprises: 1) displaying an option to request a transaction that does not utilize virtual currency; l) initializing the first software or software portion; m) delegating control of the peripherals to the first software or software portion; n) receiving a request for a
- Embodiment 2 is a method, the method comprising one or more of the following elements: a) providing a combination virtual currency and ATM hardware terminal capable of one-way exchange transactions between virtual currency and fiat currency, two-way exchange transactions between virtual currency and fiat currency, transactions utilizing virtual currency, fiat currency transactions, and/or transactions that do no utilize virtual currency, wherein the hardware terminals comprises or includes: i) a set of one or more processors; ii) at least one touchscreen or graphical user interface; iii) a set of one or more computer readable media or memories, the set of one or more computer readable media or memories storing:
- At least one application wherein the at least one application is an internet browser application;
- first transaction processing instructions for processing transactions that utilize or involve virtual currency comprising, at least:
- second transaction processing instructions for processing transactions that do not utilize or involve virtual currency, the second transaction processing instructions comprising, at least: (1) third instructions to determine or calculate transaction limits, parameters, and/or fees; and/or
- image processing instructions for processing image data comprising, at least:
- first workflow 1) providing a first workflow, wherein the first workflow allows one or more cash or fiat currency transactions and/or transactions that do no utilize virtual currency or cryptocurrency, wherein the first workflow comprises:
- the encrypted first payload is produced by encrypting a first payload, the first payload produced by the hardware terminal, and wherein the first payload comprises a phone number, the phone number received from the first visitor, user, or customer at the hardware terminal;
- the software service provider receiving a first third party response from at least one of the set of third party service providers; v) performing a third processing of the first option selection, wherein performing the third processing of the first option selection comprises:
- the encrypted sixth payload is produced by encrypting a sixth payload, the sixth payload produced by the hardware terminal, and wherein the sixth payload comprises at least one parameter associated with image or video data associated with the first visitor’s, user’s, or customer’s face;
- the encrypted sixth is payload communicated to the software service provider from the hardware terminal during the secure session using the secured connection; 4) identifying, by the software service provider, the IP address associated with the VPN;
- the encrypted seventh payload is produced by encrypting a seventh payload, the seventh payload produced by the software service provider, and wherein the seventh payload comprises at least a message to the hardware terminal to allow a completing of the operation;
- Embodiment 3 is a method, the method comprising one or more of the following elements: a) providing one or more clients or terminals in the distributed terminals network, wherein the one or more clients or terminals includes: i) a first terminal comprising a hardware terminal, wherein: ) the first terminal is a combination automated teller machine (ATM) and virtual currency ATM; ) wherein the first terminal comprises:
- ATM automated teller machine
- the set of one or more files comprise: a. transaction processing instructions for processing virtual currency transactions, the transaction processing instructions comprising, at least: i. instructions to determine or calculate at least one of a transaction limit, parameter, or fee; b. image processing instructions for processing image data; c. keypad entry processing instructions for processing keypad entry data; and d. barcode or QR code processing instructions for processing barcode or QR code entry data; ) wherein the first terminal is in communication, through a network communication interface, with at least:
- the first terminal is capable of one or more of: (a) one-way exchange transactions between virtual currency and fiat currency;
- one-way exchange transactions between virtual currency and fiat currency comprise, at least:
- two-way exchange transactions between virtual currency and fiat currency comprise, at least:
- GUIs graphical user interfaces
- the GUIs including at least: information associated with at least one of the one or more clients or terminals, wherein the information includes: an identifier label associated with each of the at least one of the one or more clients or terminals; configuration preferences for each of the at least one of the one or more clients or terminals, wherein the configuration settings include: security settings, wherein the security settings comprise at least one of: know your customer/ anti-money laundering (KYC/AML) configuration settings; fee settings; controls for each of the first set of terminals, wherein the controls include: reboot controls; receiving selections or updates made in the first operator account
- Embodiment 4 is a system comprising one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations or methods as in any of Embodiments 1-3.
- Embodiment 5 is a computer program carrier encoded with a computer program, the program comprising instructions that are operable, when executed by data processing apparatus, to cause the data processing apparatus to perform operations or methods as in any of Embodiments 1-3.
- Embodiment 6 is the computer storage carrier of embodiment 5 wherein the medium is a non-transitory computer storage medium or a propagated signal.
- An electronic document which for brevity will simply be referred to as a document, may, but need not, correspond to a file.
- a document may be stored in a portion of a file that holds other documents, in a single file dedicated to the document in question, or in multiple coordinated files.
- the term “database” refers broadly to refer to any collection of data: the data does not need to be structured in any particular way, or structured at all, and it can be stored on storage devices in one or more locations.
- the index database can include multiple collections of data, each of which may be organized and accessed differently.
- engine refers broadly to refer to a software-based system, subsystem, or process that is programmed to perform one or more specific functions. Generally, an engine will be implemented as one or more software modules or components, installed on one or more computers in one or more locations. In some cases, one or more computers will be dedicated to a particular engine; in other cases, multiple engines can be installed and running on the same computer or computers. As used in this specification, the term “engine” or “software engine” refers to a software implemented input/output system that provides an output that is different from the input. An engine can be an encoded block of functionality, such as a library, a platform, a software development kit (“SDK”), or an object.
- SDK software development kit
- Each engine can be implemented on any appropriate type of computing device, e.g., servers, mobile phones, tablet computers, notebook computers, music players, e-book readers, laptop or desktop computers, PDAs, smart phones, or other stationary or portable devices, that includes one or more processors and computer readable media. Additionally, two or more of the engines may be implemented on the same computing device, or on different computing devices.
Landscapes
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Engineering & Computer Science (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Distributed terminals network management, systems, devices, interfaces and workflows are described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals based on an operator configuration. Security scores may be determined by a provider, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The provider may use the security scores to determine user privileges or permissions for the operations. The provider may deliver instructions or messages to the terminals based on the determinations.
Description
Distributed Terminals Network Management, Systems, Devices, Interfaces and Workflows
TECHNICAL FIELD
This specification relates generally to terminals, and more specifically, to security and management of a distributed set or network of terminals using methods such as, for example, operator controls/graphical user interfaces (GUIs), biometric authentication, and/or decentralized learning. Terminals may, in some examples, be hardware terminals, clients, vending machines, or kiosks.
BACKGROUND
Distributed terminal networks may become prevalent. Accordingly, there may be a growing need for efficient and secure distributed terminal systems, such as to protect against emerging security risks. Current systems and methods do not possess, in some examples, a structure or configuration that provides quick or robust security. Current systems and methods are therefore not quick or adaptive. For example, current systems and methods do not provide a hardware-service configuration and workflow that allows for quick and robust deployment of security features, reinstatement and storage of machine states, etc. Further, current systems and methods are not easily updated and new advancements in security are not easily leveraged or implemented.
SUMMARY
Embodiments include a method, system, and computer program product for controlling operations at distributed terminals. In accordance with one or more embodiments, a computer implemented method may include a graphical user interface (GUI) and operator console management system for a distributed terminal network. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals based on an operator configuration. Security scores may be determined by a provider, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The provider may use the security scores to determine user privileges or permissions for the operations. The provider may deliver instructions or messages to the terminals based on the determinations.
Other embodiments of this aspect include corresponding computer systems, apparatus, and computer programs recorded on one or more computer storage devices, each configured to perform one or more of the actions of the methods.
The details of one or more embodiments of the subject matter of this specification are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the subject matter will become apparent from the description, the drawings, and the claims.
The subject matter described in this specification can be implemented in particular embodiments so as to realize one or more of the following advantages. Some examples of the advantages of the presented technology include speed, efficiency, and security over present systems. In one example, by carrying out given security protocols by a software service provider in the presented technology, modifications to the protocols to adapt to emerging needs can be rapidly implemented and deployed to some or all of the distributed network. In another example, the presented technology allows for operator tailoring of security preferences and protocols.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. l is a diagram of a general network environment that can be used with terminals, hardware terminals, kiosks, nodes, or clients.
FIG. 2A is a diagram of a general network environment that can be used with terminals, hardware terminals, kiosks, nodes, or clients, serviced by a software service vendor.
FIG 2B. is a diagram of a network architecture environment that can be used with terminals, hardware terminals, kiosks, nodes, or clients, serviced by, for example, a software service vendor.
FIG. 2C is a diagram of a network architecture environment that can be used with terminals, hardware terminals, kiosks, nodes, or clients, serviced by, for example, more than one software service vendor.
FIG. 3 is a diagram of a hardware terminal.
FIG. 4A is another diagram of a hardware terminal.
Fig. 4B is a diagram illustrating GUI options/selections on a multi-use terminal.
Fig. 4C is a decision tree showing various workflows triggered based on user selections.
Fig. 4D shows a logic diagram relating workflows and toggling between workflows.
FIG. 5 is a flowchart showing a general transfer process
FIG. 6 is a flowchart showing a detailed view of a input process
FIG. 7 is a flowchart showing a detailed view of a output process
FIG. 8A is a flowchart showing a general view of a score analysis process
FIG. 8B is a flowchart showing a general view of a verification process
FIG. 9A is a flowchart showing an input process.
FIG. 9B is a flowchart showing an output process.
FIG. 9C is a flowchart showing an input process connected with a terminal machine state. FIG. 9D is a flowchart showing an output process connected with a terminal machine state. FIG. 9E is a diagram showing a map comprising terminals near a customer’s location.
FIG 9F. shows an example distributed network terminal environment.
Fig. to is a diagram showing a decentralized learning network.
DETAILED DESCRIPTION
Distributed terminal networks are becoming more prevalent. Accordingly, there is a growing need for efficient and secure distributed terminal systems, such as to protect against emerging security risks.
Acronyms
API - Application Programming Interface CNN- Convolutional Neural Network FL - Federated Learning
HTTP/HTTPS - Hyper Text Transfer Protocol/ Hyper Text Transfer Protocol Secure
KYT - Know-Your-Transaction
ML - Machine Learning
P2P - Peer-to-Peer
POS - Point-of-Sale
REST - Representational State Transfer
TLS/SSL - Transport Layer Security/Secure Sockets Layer
VPC - Virtual Private Cloud
VPN - Virtual Private Network
Terminology
Application Programming Interface
API technologies provide routines, protocols, and tools for building software applications and specifies how software components should interact.
Cloud Computing
Cloud computing is a model that promotes ubiquitous, on-demand network access to shared computing. Fog computing
Horizontal system level architecture that distributes computing, storage, control and networking functions closer to the users along a cloud-to-thing continuum.
Public Keys and Private Keys
Public and private keys are created in pairs for each entity involved in a transmission and encrypt and decrypt information during the initial part of the transmission so that only the sender and recipient of the transmission can decrypt and read the information. Public key is available to everyone while the private key is known only to the creator of the keys.
Point-of-Sale
A point-of-sale (POS) may be any interface, device, node, or location that allows for a transaction to occur. For example, a POS may be a device, such as a mobile phone, computer, ATM kiosk or terminal.
Infrastructure
In one embodiment, a cloud network of points-of-sale, nodes, devices, or terminals may be provided. Each POS may be capable of providing, interacting with, or transacting funds, such as fiat or cash, and virtual currency.
A virtual currency POS or terminal may be a hardware terminal that allows for the purchase, sale, or exchange of funds or fiat currency for cryptocurrency. An operator may purchase and/or provide POS or terminals at selected locations to allow customer access. The virtual currency POS may be additionally capable of transactions that do not require or use virtual currency.
In one embodiment, member POS or terminals in a cloud network may interact with software services provided by a vendor, for example. The terminals may include special software and/or hardware capabilities to allow interaction with the vendor services. Additionally, the POS or terminals may include special software and/or hardware capabilities to allow virtual currency transactions.
A POS or terminal may or may not be configured to possess a static IP address. A static IP address may be whitelisted, for example, by software services of the vendor to perform particular actions, make particular requests, etc. The vendor may partially, or entirely, block IP addresses that are not whitelisted, or known, etc. The vendor may provide full, limited, or restricted privileges to IP addresses that are whitelisted, or known, etc. In one example, SSH privileges for vendor servers and the like may be blocked or restricted for ah IP addresses except a selected set of known IP addresses.
POS or terminal peripherals maybe controlled, for example, via javascript using ActiveX controls, or using compiled code to transmit messages directly over serial hardware connections.
Software Services
Described in this disclosure are various software services.
A software service may be delivered, or provided by, a third party service, or vendor. The third party service, for example, may be a software service of a vendor. The software service may be hosted at a vendor-owned location, a third party location, or a proxy location, for example.
Software services may utilize any combination of the below components, for example.
Transport Layer Security/Secure Sockets Layer (TLS/SSL)
Transport Layer Security/Secure Sockets Layer (TLS/SSL) connections make use of public and private keys among parties when establishing a connection and secure almost all transmissions over the internet or computer networks, including emails, web browsing, logins, and financial transactions, ensuring that ah data that passes between a web server and a browser remains private and secure.
X.509 certificates
X.509 certificates are digital certificates administered by certificate authorities that use the X.509 PKI standard to verify that a public key belongs to the user, computer, or service identity in the certificate and are used worldwide across public and private sectors.
X.509 attribute certificates
X.509 attribute certificates can encode attributes (such as name, date of birth, address, and unique identifier number), are attached cryptographically to the X.509 certificate, and are administered by attribute certificate authorities.
Hyper Text Transfer Protocol
It will be understood that the terms HTTP and HTTPS will be used interchangeably and that use of either term includes either alternative.
Representational State Transfer
Representational state transfer (REST) is a software architectural style that defines a set of constraints to be used for creating Web services. Web services that conform to the REST architectural style, called RESTful Web services, provide interoperability between computer systems on the Internet.
Virtual Private Networks
One element of a software service may be a Virtual Private Network ( VPN). A VPN may establish a secure and private tunnel from a network, terminal, or device, for example to another network element such as a vendor service, for example.
Security Groups
One element of a software service may be a security group. A security group, rules may be defined that dictate the allowed inbound and/or outbound traffic to a server, for example. For example, a security rule may specify to allow SSH access, from a particular IP address, on a particular port or port range, and using a particular protocol, such as TCP.
Virtual Private Cloud
One element of a software service may be a Virtual Private Cloud (VPC). A VPC allows isolation of shared cloud resources, for example. In one method, private IP subnets may be assigned to a VPC user that is accompanied by a VPN function or access that secures, by means of authentication and encryption, the user’s VPC resources.
Queues
One element of a software service may be a processing queue. For example, the queue may be processed in a first-in-first-out (FIFO) or last-in-first-out (LIFO) order. The queue may collect several processes to be carried out.
Server Architecture
A software service may be hosted on elastic server architecture, in one example. In an elastic architecture, computing resources may be automatically increased or decreased to meet computing needs. Computing thresholds may be preset or configured. When a threshold is exceeded for example, additional computing resources may be allocated.
Serverless Architecture
In another example, a software service may be hosted using serverless architecture. In a serverless architecture, computing resources are allocated as necessary on a per-request basis. After the request is processed, the computing resources are unallocated, or returned.
Data Structures
Various data structures may be used in conjunction with the software services. For example, various data structures maybe used alone, or in combination, to store customer data/metadata, transaction data, etc.
Some example data structures include arrays, stacks, queues, linked lists, trees, graphs, tries, and hash tables.
Software Services
A third party vendor or provider may provide virtual currency processing software services. Software may be installed on terminals or via backend/cloud servers, or both.
Other Terminology
Herein a “plurality’ refers to “one or more” of an element and does not impose any requirement for more than one element.
A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes.
It will be understood that cryptocurrency can refer to any virtual or digital currency/asset, and vice versa. Examples of virtual currencies include, but are not limited to, Bitcoin, Litecoin, Ethereum, and Bitcoin Cash, and Ripple.
Additionally, funds transfers between individuals or entities often rely on banks or agents as third parties to orchestrate the transfer. This requires the entities to hold accounts with the banks or otherwise do business with the agents.
Virtual currencies and/or cryptocurrencies have been introduced in recent years. One advantage of the use of virtual currency is that many third parties may be eliminated. This allows for elimination of some third party service fees, for example.
Virtual currency does not require a holding bank. Therefore, it is possible for a software provider to orchestrate the transfer of virtual currencies between two other parties via messaging instructions. Therefore, the software provider is not required to handle, possess, or act as the custodian of actual funds.
Various services may be pipelined, and executed in conjunction, in a non-blocking manner, for example.
FIG. l is a diagram of a general network environment that can be used with terminals or points-of-sale capable of virtual currency and/or other transactions. One or more terminals, iota or loth, for example, may be in communication through a network 102 with a backend service, 103a or 103b, hosted by a vendor or software service provider, for example. The one or more terminals may send requests 104 through the network 102 to the service 103a or 103b. The service may determine a response 105 using information and data from a datastore 106, for example. The response 105 may be sent to the terminal instructing certain actions, for example. The backend service may be in further communication with third party services, 107a or 107b, for example.
The terminals or points-of-sale may be hardware terminals capable of any transaction. For example, the terminals may be one or a combination of, for example, ATMs, virtual currency ATMs such as Bitcoin ATMs, product terminals capable of vending or dispensing a product. In one example the product may be a cannabis or cannabis-containing product, tobacco or tobacco-containing product. In some examples, the products may be regulated in some form. For example, the legal age of purchase of the product may be 18 years or greater in a sale location. In one example, a terminal may be a dispensing product that can accept cash or virtual currency for the purchase.
FIG. 2A is a diagram of a general network environment that can be used with terminals or points-of-sale capable of virtual currency and/or other transactions serviced by a software service vendor. Various terminals (201a, 201b, 201c) may be operated or serviced by an operator 202, for example. Various other terminals (203a, 203b, 203c) may be operated or serviced by another operator 204, for example. The terminals may be in communication through a network with one or more software services provided by one or more vendors or software service providers (205), for example. The vendor may provide various software services hosted on one or more servers (2o6a-2o6g). The software services maybe hosted together, or separately, for example. The software services may reference or use data from one or more datastores (207a-207d), for example.
FIG 2B. is a diagram of a network architecture environment that can be used with client nodes, terminals or points-of-sale capable of virtual currency and/or other transactions serviced by, for example, a software service vendor.
A client node, terminal, or point-of-sale 230 may access the software services of a vendor through a secure connection such as a VPN 232a. The terminal/point-of-sale and the VPN may each possess a static IP address or a dynamic IP address. The software service assets may be secured, for example behind a firewall or within a VPC 233. Connections to some or all of the services or microservices in the VPC may
be configured to allow or disallow traffic from particular IP addresses or IP address ranges. For example, some services in the VPC may only allow inbound traffic from the IP address of the VPN service 232a.
The software services may be core software services and may include any number of microservices (22ta-22td). Services and microservices may be segregated on different servers or may be devised in a shared server tenancy architecture. Each service or microservice may be balanced between one or more servers (234a-234d) via a load balancer 235 and may access one or more corresponding databases 236. Each service or microservice, for example 221a, may also be in communication with other services or microservices, for example 22ib-22td, that are part of the system or VPC. Each service or microservice server may be devised in an elastic infrastructure with access to storage infrastructure such as database infrastructure 236. For example, a service or microservice server resource may automatically scale up, or allocated, upon increased demand for server resources beyond a certain threshold. Similarly, for example, a service or microservice server resource may automatically scale down, or unallocated, upon decreased demand for server resources at a certain threshold.
The servers for services and microservices may be segregated, or allocated, into different availability zones or failover regions.
The software services may prepare and process requests and responses to and from third party services (237a-237c).
An administrator 231 may access the software services through a secure connection such as a VPN 232b. The administrator machine(s) and the VPN may each possess a static IP address or a dynamic IP address. The software service assets may be secured, for example behind a firewall or within a VPC 233. Connections to some or all of the services or microservices in the VPC may be configured to allow or disallow traffic from particular IP addresses or IP address ranges. For example, some services in the VPC may only allow inbound traffic from the IP address of the VPN service 232b.
FIG. 2C is a diagram of a network architecture environment that can be used with terminals, hardware terminals, kiosks, nodes, or clients, serviced by, for example, more than one software service vendor or provider.
In some embodiments, more than one software service or other service provider (241a, 241b) may provide software or other services to operators (243a, 243b) and terminals hosted or managed by those operators (244a, 244b hosted/managed by 243a; and 244c, 244d hosted/managed by 243b). Thus, a split multi-service and multi-hosting environment is devised.
It will be understood that more than two software service providers may provide services as above in other embodiments without departing from the scope of this disclosure.
The software service providers may provide different roles and/or services. Depending on the selection, action, or operation requested by a customer at a terminal, for example, a particular software service by a particular provider may be triggered, called, or summoned. For example, a particular type of operation or request at a terminal may be routed to a particular service provider. Thus, in some examples, a particular request or operation may make use of one service provider while another request or operation may make use of another service provider. For example, a customer may visit a terminal and request a virtual currency transaction, for which the associated requests/operations maybe routed using a particular channel to a particular software service provider. The channel may be pre-configured via, for example, instructions included at the terminal in one or more files for handling virtual currency transaction requests/operations. One example channel maybe a browser or application capable of sending/receiving HTTP/HTTPS requests/responses. It will be understood that any network connection or communication channel may be used to communicate with a software service provider.
Each software service provider may be contacted in one or more of various network methods. In one embodiment, a first software service provider is contacted using a network connection such as internet connections, ethernet network connections, wireless network connections such as satellite or cellular network connection using, for example, 3G/4G LTE data connections, or Wi-Fi connections.
Terminals (244a-244d) may then be outfitted with software or software portions as described herein, wherein the software or software portions orchestrate request routing to the appropriate software service provider to handle a particular type of request.
In one example embodiment, a first software service provider maybe utilized to provide handling and/or processing of some or all of a virtual currency transaction. Similarly, a second software service provider maybe utilized to provide handling and/or processing of some or ah of a transaction that does not utilize virtual currency, such as an ATM cash deposit to, or withdrawal from, bank transaction, or a check deposit or cashing bank transaction. It will be understood that, in other embodiments, the first and second software service providers may be the same entity wherein different requests as above may be routed to different processing software portions of the same software service provider.
Continuing with the example embodiment above, a customer may visit a terminal 244a of a first operator 243a, for example. The terminal may be a combination terminal as described herein, which is capable of providing ATM cash transactions, for example, that do not utilize virtual currency, and also capable of providing virtual currency transactions. As such, a customer may be presented with two options, for example, as two buttons in a GUI, for example. The two options may correspond to each of the two
different types of transactions described above. Each option or button may trigger a different software portion to be executed.
In the above, ATM cash transactions, for example, may require the use of, or communication with, bank networks 245. A software service provider may be an ATM host processor 241b that handles this communication with the bank networks 245 and/or the customer’s associated bank account. For example, the software service provider, in this instance, may contact the customer’s bank based on the customer’s debit or EMV card. The software service provider may establish communication with the customer’s bank to determine, for example, authentication factors, funds availability, etc. Based on messages received from the bank network and/or the customer’s bank, a transaction may be authorized or not authorized. The software service provider, in this instance, may then deliver a message to the terminal communicating whether the transaction is, or is not, authorized, or possible based on funds, etc. In one example, communication with such a software service provider may be pre-configured or configured at a terminal by identifying an IP address of the software service provider. Network connection or communication with the software service provider then maybe established, for example, using SSL and/or TLS connections.
Similarly, in the above, virtual currency transactions, for example, may not require the use of, or communication with, bank networks. Instead, a virtual currency transaction may require, for example, an communication with an API accessing and/or handling virtual currency wallet transactions 246. In such a case, a software service provider 241a may provide such an access/handling service.
The software service provider 241a may, as described herein, perform security verification steps such as authentication, background checks, and AML/KYC checks. The software service provider may, as described herein, also determine funds availability in a customer’s or operator’s virtual currency wallet, for example. The software service provider, in this instance, may then deliver a message to the terminal communicating whether the transaction is, or is not, authorized, or possible based on funds, etc.
In some embodiments or cases, sufficient funds may not be available in a customer’s or operator’s virtual currency wallet, for example. In one example, if a customer has requested the purchase of a virtual currency or cryptocurrency in exchange for cash deposited, and funds are not available in a virtual currency wallet associated with the terminal or operator, a request may be made by the terminal, the operator, or a software service provider, etc., to purchase cryptocurrency or virtual currency from an exchange to meet or fulfill the customer’s request. The purchase may, for example, be used to replenish or fund the associated operator’s virtual currency wallet for example. In another example, a purchase to meet or fulfill the customer’s request may be executed from a third party, such as a liquidity provider that possesses cryptocurrency or virtual currency funds. In some embodiments, for any transaction, blockchain network confirmations, for example a selected number of confirmations, may be used to determine or verify that cryptocurrency funds are available in a virtual currency wallet such as one
belonging to a user, customer, operator, software service provider, etc. In some embodiments, one or more redemption codes may be provided, on a receipt, for example, that may be used at a terminal to retrieve funds, for example cash funds.
In one example, communication with such a software service provider may be pre-configured or configured at a terminal by identifying an IP address or URL/API endpoint of the software service provider. Network connection or communication with the software service provider then may be established, for example, using SSL, TLS, and/or other secured and/or encrypted connections through a browser application on the terminal, for example.
Further still, in some embodiments, a combination of capabilities may be used. In some examples, one or more bank networks and communication with an API accessing and/or handling virtual currency wallet transactions may be used for some transaction types. For example, in some embodiments, a customer or user’s bank account may be used to fund a purchase of a virtual currency or cryptocurrency. In some embodiments, a user may be prompted, requested, or given the opportunity or option to provide a credit card, or a debit card connected to the user’s bank account, for example, to fund the purchase of a virtual currency or cryptocurrency. In a debit card example, cash from the user’s bank account may then be debited and utilized to allow the purchase of cryptocurrency. In this example, an ATM or combination ATM/virtual currency terminal may contact one or more bank networks to carry out or facilitate the cash transfer from the customer or user’s bank account to a bank account of an operator or owner of the terminal, for example. In another example the transfer may be to a provider or software service provider involved with the transaction. In some embodiments, a fee maybe deducted, handled, and/or delivered to various parties, including, for example, software service providers, terminal operators, etc.
Virtual Currency/ Digital Wallets
Virtual / digital currency wallet services for various currencies may be integrated with a software service application in communication with one or more terminals. Such services may include creation of wallets including, for example, multi-signature wallets, wallet balance listing/querying, transaction listing/querying, transaction creation and/or signing, transaction monitoring, transaction notifications, secure user authentication, multi-user workflows for use in enterprise environments, policies, spending limits, etc. Multi-signature wallets require the cooperation of multiple parties to approve a transaction by requiring signing and/or keys from each party.
Therefore, a third party or software service provider, for example, may handle virtual currency transactions between customers and/or operators of terminals when a customer requests a transaction at a terminal. A customer may request to purchase or sell virtual currency in exchange for cash, for example, at a terminal. Thus, virtual currency may need to be sent or received to/from a customer. Similarly, virtual
currency may need to be sent or received to/from an operator of a terminal. Such a request by a customer at a terminal may be communicated to a software service provider. The software service provider may formulate or prepare, using the request information and/or parameters, for example, an appropriate request to a virtual / digital currency wallet service. Such a request may be a web request, such as an HTTP/HTTPS request, for example. Using the request information, a virtual / digital currency wallet service may orchestrate a transaction between wallets of the customer and operator, for example. Furthermore, a virtual / digital currency wallet service may orchestrate a transaction between wallets of the operator and software service, for example. A transaction between wallets of the operator and software service may be used to settle fees for service, for example.
Purchase From Exchange
In some embodiments, a software service provider may also handle keeping one or more virtual/digital currency wallets such as those described herein funded or maintaining funds above a threshold amount.
In one example, a notification or alert may be configured that requests wallet replenishment when funds in a wallet fall below a particular threshold. Similar to the funds transfers described above, a software service may request the purchase of an appropriate virtual or digital currency from an exchange. Payment may be delivered directly, or through the software service provider, to the exchange.
In some embodiments, wallet funds may be maintained at its current funding level or at a particular selected funds level during and/or after each transaction, for example. In one example, a transaction may request an operator to deliver virtual or digital currency from an operator wallet to a customer wallet. For example, one Bitcoin may be transacted from operator to customer. In this example, one Bitcoin may be replenished in the operator wallet from an exchange. In this example, the replenishment may be carried out before, after, or simultaneously with the transfer of funds from the operator wallet to the customer wallet. Replenishment may be carried out by transferring funds from, for example, an operator account with an exchange using, for example, an API call to the exchange for a withdrawal. This transaction replenishment allows a steady state of funds to be maintained in the operator wallet, for example. In some embodiments, a fee for various services may also be included in the replenishment calculation. For example, a o.t Bitcoin fee may be included in the withdrawal from the exchange. In the previous example, l.i Bitcoin may be withdrawn to account for the fee.
In some embodiments, an operator maybe allowed to enter credentials and/or authentication or access information in, for example, an operator GUI and/or account portal, that allows a software service provider to access the credentials and/or information to orchestrate transactions. In some examples, the operator GUI or account portal may be as described in other embodiments or examples provided herein. In some examples, credentials and/or authentication or access information may include one or more of
any of API keys, wallet credentials, access tokens, passwords or passphrases, wallet identifiers, account identifiers, or other identifying information, etc.
Paper Wallets
In some embodiments, a customer or user of the terminal may wish to create a paper wallet on-the-fly. By selecting an option, for example, a paper wallet including a private key and a public key may be generated. The paper wallet may then be printed to a receipt, for example, which may be used by the customer to manage funds.
Transaction / Payment Batching
Both transaction fees and pressure on blockchain block size limits can be managed through intelligent batching of transactions.
A single transaction can be created that possess multiple inputs and/or multiple outputs. This allows "batching" transactions together.
In one example, rather than paying 0.5 BTC to two parties in two transactions, each worth 0.5 BTC, and therefore paying two transaction fees at a network clearing rate, the two transactions may be batched into one transaction with 1.0 BTC as its input and two 0.5 BTC outputs. In this example, the transaction fees maybe reduced instead to one transaction fee.
Similarly, space savings are created since creating a second transaction doubles the original transaction size. For each output that could be batched, unnecessary pressure is applied to the block size limit and transaction fees are needlessly inflated. By incorporating batching more can be done with each, for example, Bitcoin block because the overall ratio of outputs per transaction will increase and the relative byte size of each output will decrease.
In some embodiments, transactions or transaction requests from one or more users or customers may be aggregated and or batched. For example, transactions within a particular time range or timeframe may be batched together. In another example, transactions may be handled and/or temporarily handled by a service provider such as a software service and/or liquidity provider. For example, a service or liquidity provider may provide credit for one or more transactions until batching criteria are met, such as a certain number of transactions and/or volume of transactions are aggregated for batching, handling, and/or settling.
In some embodiments, batching protocols may be based on network activity, such as activity and load determined on the Bitcoin network. In one example, as load on the network is determined as increased and/or beyond a certain threshold, wherein, for example, fees are increasing, batching protocols maybe activated. In one example, the batching protocols may scale up or be proportionally increased when network load is increased.
Sensor(s) and Peripheral(s) Events
Detection of Sensor Events
Sensors, peripherals, software or hardware components, and/or local devices of terminals may allow one or more connections with various other software and/or hardware components in the terminal, and therefore allow communication between the various components.
In one example, a browser application of a terminal, as well as with other terminal software or hardware units, may be allowed to be in communication with various software and/or hardware components in the terminal. This allows the browser and/or other components to handle and/or communicate activities of, for example, terminal hardware sensors and peripheral devices. In one example, a cash cassette for a bill dispenser or bill acceptor removal or replacement event can be communicated to a browser application using, for example, an event stream connected with the cash dispenser cash cassette or bill acceptor cash cassette. The browser may possess capabilities to communicate HTTP(S) requests/responses involving events then regarding, for example, the cash dispenser, bill acceptor, or their respective cash cassettes, of a terminal.
Terminal Maintenance Modes
Terminals, including, for example, ATMs, may possess a maintenance mode or other capability to allow special terminal functions. Some examples of such functions include cash restocking, emptying, etc. Entering a maintenance mode can be accomplished by allowing entry of a special PIN or code, for example, using a terminal’s user interface.
In one embodiment, such an above PIN or code may be set or defined using, for example, operator GUI or account systems as described herein.
Entry of maintenance mode using the terminal user interface, for example, may trigger API calls and/ or messaging instructions with a backend service(s) and/or bank network. In one example, a cash cassette
for a bill dispenser or bill acceptor removal or replacement event, a restocking event with details of the restocking, etc., can be communicated to the services or bank networks.
Event Listeners for Sensor Events
In some embodiments, event listeners may be configured or defined to respond to event stream events from sensors or peripherals of a terminal, for example. In one example, cash dispenser, bill acceptor, or respective cash cassette, handling event listeners and/or handler functions may be configured or defined as browser functions using, for example, JavaScript. JavaScript functions maybe loaded in a webpage running on a terminal using a browser.
An event stream may be created or opened between the browser and, for example, a cash dispenser, bill acceptor, or their respective cash cassettes of the terminal. When a cash dispenser, bill acceptor, or a respective cash cassette, event is published to the event stream between the component and the browser, a respective JavaScript event handler may be called. For example, upon the uninstallation of a cash dispenser or bill acceptor cassette from the terminal, a CashDispenserCassetteUninstahed or BillAcceptorCassetteUninstalled function, or the like, may be called or triggered. In some cases, this can avoid an operator or maintenance person from manually interacting with the user interface, for example. This can be advantageous because, for example, a maintenance person may forget to enter appropriate commands or processes at a user interface that reflect his or her actions at the terminal. For example, a maintenance person may forget to enter that a cassette was emptied after it has been emptied. This can result in accounting errors. In another example, a maintenance person may forget a PIN or code. In these cases, desired API calls and/or functions may still be made or executed without the need of the correct actions from maintenance personnel.
In one example, upon the uninstallation of a cash dispenser or bill acceptor cassette from the terminal, a CashDispenserCassetteUninstahed or BillAcceptorCassetteUninstalled function, or the like, may be called or triggered which may include API calls to one or more backend services and/or networks such as methods that should be carried out when the cassette has been emptied. In another example, upon the uninstallation of a cash dispenser or bill acceptor cassette from the terminal, a
CashDispenserCassetteUninstahed or BillAcceptorCassetteUninstalled function, or the like, may be called or triggered which send or publish a command or message to take pictures or video with a camera at the terminal that is also in communication with the browser. This can allow for auditing during such events.
Shared Event Streams and Components
In combination terminals, such as a combination ATM and virtual currency kiosk hardware terminal, for example, considerations must be made in order to delegate the function, inputs, outputs, and control of peripherals and/or sensors of the terminal.
As described above, event streams, which may be concurrent, may be opened or created between various elements. This allows multiple device connections or streams, and the accessing or various software and/or hardware components to each other. Thus, commands maybe pushed to one hardware device or peripheral, for example, from multiple sources. In one example, this allows for accessing of a hardware device or peripheral of a terminal from a virtual currency application operating using a browser of the terminal and ATM software of the terminal.
Context and Context Switching
Various contexts and actions in various contexts may be possible in some embodiments. For example, a terminal may enable both ATM transactions and virtual currency transactions. A user may be allowed to perform ATM operations and/or virtual currency operations. In such an example, a user may operate in an ATM context or a virtual currency context. A user may be able to switch between these contexts.
In one example embodiment, to coordinate between contexts, a global state variable or flag may be created and or set. The variable may be reset to the current context or state each time the user switches, or requests to switch, between contexts. In these examples, the system can track or monitor in which context the user is operating during each transaction, operation, or request.
Bank Notes State
The methods and systems herein allow for accurate and efficient bank notes state tracking and monitoring in terminals such as, for example, ATMs, virtual currency kiosks/terminals, and or combinations thereof. That is, an efficient accounting of the bank notes content in each terminal is maintained, leveraged, and exploited.
In one example, a backend system or software service may maintain a database of bank notes content for one or more terminals at any given point in time. The content may be updated based on particular events communicated through, for example, HTTP(S) requests/messages from a terminal browser as previously described, in one example.
In one example, a U.S. based terminal maybe stocked with U.S. currency bank notes including various denominations. In one simplified example, a terminal may be stocked with 25 of each of $5, $10, $20, and $100 bills. A database may map variables to each type of bill and track the quantity of each. The database may include other relevant variables, such as events at the terminal modifying the content, the date/time of the events, percentage full for a terminal’s cash cassette. In an example such as an emptying event triggered at the terminal, the database may be updated to reflect a new state wherein all the bill quantities are zero.
Custom Audit and Accounting Receipt
In one example, when an emptying event is executed and database is updated as above, information as to the database state before emptying may be relayed to the terminal that was emptied. This may be in the form of an HTTP(S) payload for example. In one example, this may be a JSON payload. The payload may include the specifics of the database or terminal bank notes state before emptying for auditing or accounting purposes. The data may be printed to a receipt at the terminal. For example, a receipt may show the denominations and quantities of each bill that was present when the cassette was emptied, along with the percentage full the cassette was when it was emptied, a date and/or timestamp, etc. Further, the receipt may include custom information which an operator or owner, for example, of the terminal may wish to include, such as account numbers, other account data, compliance information, etc. Such custom information may be provided using an operator GUI or account portal as described herein. For example, an operator may be allowed to upload an image, such as a JPEG image, using a GUI in an account portal. The image may then be printed to, or included in, an area on the receipt.
FIG. 3 is a diagram illustrating an example embodiment of a hardware terminal point-of-sale used in FIG. 1. More specifically, a hardware terminal may include camera 301, screen 302, barcode or QR code reader 303, keypad 304, bill acceptor 305, card reader 306, and bill dispenser 307.
FIG. 4A is another diagram illustrating another example embodiment of a hardware terminal point-of-sale used in FIG. 1. More specifically, the hardware terminal may include one or more of each of a camera 401, screen 402, card reader 403, keypad 404, fingerprint reader 405, bill dispenser 406, card reader 407, bill acceptor 408, bill validator, electronic cash vault, thermal or other printer, processor, and a memory.
Each terminal may be capable of one-way exchange transactions between virtual currency and fiat currency, two-way exchange transactions between virtual currency and fiat currency, transactions utilizing virtual currency, fiat currency transactions, and/or transactions that do not utilize virtual currency.
For example, transactions that do not or need not utilize virtual currency may include check deposits, check cashing, cash withdrawal from bank accounts, cash deposit to bank accounts, domestic or international money transfers, bill payment, etc.
In the above examples, the memory, for example, may store at least one application, wherein the at least one application is an internet browser application, for example, and/or a set of one or more files. The set of one or more application files may include include, for example,
• transaction processing instructions for processing virtual currency transactions, the transaction processing instructions comprising, at least instructions to determine or calculate transaction limits, parameters, and/or fees, and/or instructions to encode an output;
• transaction processing instructions for processing fiat currency transactions or other transactions that do not utilize or require virtual currency, for example, the transaction processing instructions comprising, at least instructions to determine or calculate transaction limits, parameters, and/or fees, and/or instructions to encode an output;
• image processing instructions for processing image data, the image processing instructions comprising, at least instructions to determine or calculate facial geometry parameters, and/or instructions to encode image or video data;
• keypad entry processing instructions for processing keypad entry data;
• barcode or QR code processing instructions for processing barcode or QR code entry data; and/or
• fingerprint processing instructions for processing fingerprint entry data;
The above instructions carry out the processes that are described further herein.
Fig. 4B is a diagram illustrating GUI options/selections on a multi-use terminal.
A terminal may display using, for example, a GUI or screen 411, such as a touch screen as described herein, to display multiple options 412 and 413 to a user, visitor, or customer, for example.
The options 412 and 413, for example, may trigger different functionalities of the terminal. The different functionalities may utilize different software, for example, or different parts of a software.
In one example, one option 412 may be for cash or fiat ATM transactions that do not utilize virtual currency. This may require communication with and/or the use of bank networks.
In another example, one option 413 may be for virtual currency transactions that utilize virtual currency. This may not require communication with and/or the use of bank networks. Instead, for example, this
maybe accomplished through communication with and/or use of virtual currency APIs and/or software services such as wallet APIs, for example. Therefore, different workflows may be triggered by the user selections.
Fig. 4C is a decision tree showing various workflows triggered based on user selections.
As shown previously, a terminal may display 421 using, for example, a GUI or screen, such as a touch screen as described herein, to display multiple options and to a user, visitor, or customer, for example.
In one example, a user may select 422 for cash or fiat ATM transactions that do not utilize virtual currency. This may require communication with and/or the use of bank networks and trigger processes for doing so 423.
In another example, a user may select 424 for virtual currency transactions that utilize virtual currency. . This may not require communication with and/or the use of bank networks, and, instead, for example, this maybe accomplished through communication with and/or use of virtual currency APIs and/or software services such as wallet APIs, for example, and trigger processes for doing so 423.
Fig. 4D shows a logic diagram relating workflows and toggling between workflows.
In one example, a user may select for cash or fiat ATM transactions that do not utilize virtual currency. This may require communication with and/or the use of bank networks and trigger processes for doing so, such as in the cash transaction process (43ta-43ie).
In another example, a user may select for virtual currency transactions that utilize virtual currency. This may not require communication with and/or the use of bank networks, and, instead, for example, this maybe accomplished through communication with and/or use of virtual currency APIs and/or software services such as wallet APIs, such as in the virtual currency transaction process (432a-432e).
During any of the steps in the workflow process in 43ia-43te, a user may abort, switch, or toggle 43 if to a different workflow process associated with a different option or terminal use. For example, a user may wish to switch at any point from a cash or fiat ATM transaction that does not utilize virtual currency to a transaction that does utilize a virtual currency. The user will then be exited from the workflow process for the cash transaction in 43ia-43te and guided or forwarded to a virtual currency transaction workflow process (432a-432e). This will trigger the software functionality associated with virtual currency transactions. Similarly, at any point, a user may wish to abort, switch, or toggle 432f from the virtual currency transaction workflow to execute a cash or fiat ATM transaction that does not utilize virtual
currency. The user will then be guided or forwarded to the cash transaction workflow process such as shown in 43ia-43te.
In one embodiment, when a cash ATM transaction is requested, bank networks need to be used. However, when a virtual currency transaction is requested, bank networks need not be used, or are not used. Instead, virtual currency transactions may use wallets and services to record and/or execute transactions using the blockchain and allowing the transfer of virtual currency.
Therefore, the virtual currency transactions can be accomplished using, for example, a browser interfacing with a software/web service provider. Since the ATM may include a browser application, the virtual currency transactions maybe executed using the ATM’s browser application and/or HTTP/HTTPS requests, prepared by the browser, for example.
Since the browser application may already be included with the ATM registered software, new software need not be registered again, which is a time-consuming process. Further, the software updates may be easily implemented and deployed to ATMs/terminals. Further still, this allows both the cash transaction and virtual transactions to leverage the same terminal/ATM peripherals. For example, receipts maybe printed for either transaction type using the same printer, or cash may be dispensed for either transaction type using the same cash dispenser.
In one embodiment, cash or fiat ATM transactions that do not utilize virtual currency may be executed using a particular application, program, or portion of software, while virtual currency transactions utilize another particular application, program, or portion of software. These particular applications, programs, or portions of software maybe independent, co-localized, and/or combined. Each application, program, or portion of software may, in one example, share the use of terminal or ATM peripherals, or hardware elements, such as cash dispensers, receipt printers, etc.
Thus, it is necessary that the particular application, program, or portion of software associated with the selected workflow or process control the hardware or peripherals during the period during which they are selected and/or in use.
In one embodiment, a terminal or device such as an ATM may be initialized to a default state. In one example the default state may be for performing cash or fiat ATM transactions that do not utilize virtual currency. Another example state may be for performing transactions that do utilize virtual currency. For the purposes of this example, the former can be referred to as an “ATM context” and the latter can be referred to as a “BTM context.” Therefore, the particular application, program, or portion of software associated with the ATM context will be delegated control, priority, primacy, or authority of the hardware and/or peripherals, and their events, in one default state example. During the initialization then,
communication between the particular application, program, or portion of software associated with the ATM context and the hardware and/or peripherals, and their events, maybe established. During the initialization, communication between the particular application, program, or portion of software associated with the BTM context may also be established, but, for example, may defer authority to the particular application, program, or portion of software associated with the ATM context. That is, the BTM context may be subordinate to the ATM context. In another embodiment, communication between the particular application, program, or portion of software associated with the BTM context may not be established during initialization.
A listener may be used to determine when events occur at hardware and/or peripherals of the terminal. During an ATM context state, these events will be referred to and/or handled by the particular application, program, or portion of software associated with the ATM context.
Upon a user event, such as a selection on a touchscreen, to switch the use or option at the terminal, or a particular pre-defined event, such as the end of a cash or fiat transaction, the context of the terminal may be changed. For example, an ATM context may be changed to a BTM context, to permit virtual currency transaction functionalities.
Therefore, the particular application, program, or portion of software associated with the BTM context will be delegated control, priority, primacy, or authority of the hardware and/or peripherals, and their events. Communication between the particular application, program, or portion of software associated with the BTM context and the hardware and/or peripherals, and their events, may also be established, if not already established during initialization.
A listener may be used to determine when events occur at hardware and/or peripherals of the terminal. During a BTM context state, these events will be referred to and/or handled by the particular application, program, or portion of software associated with the BTM context.
Fig. 5 is a flowchart showing a general funds transfer process using virtual currency. A user/customer visits a terminal and/or point of sale (POS) which received/accepts a deposit 501. The POS may execute steps to confirm the deposit 502. For example, the POS may count the funds that have been received and user selections providing specifics, configurations, and/or settings for the transaction. The settings may include, for example, user’s phone number, recipient’s phone number, amount of time to make the funds available to the recipient for withdrawal before expiration, etc. The user selections may be stored in a database, for example 503.
Once the deposit is confirmed and completed, a hold period 504 may begin. The funds are kept in or at the POS and remain in possession of the POS operator. During the hold period, it may be the case that no
withdrawal request is made before the expiration of 505, for example, a user-selected expiration as set forth above. Alternatively, a withdrawal request maybe received before the expiration 506. The withdrawal request may be at any terminal and/ or point-of-sale that is part of a system or network of terminals and/or points-of-sale, for example. Therefore, the withdrawal request may be made in any country. The country may be the same or different from the deposit POS country.
A withdrawal request triggers the funds transfer and disbursement processes.
The withdrawal terminal and/or POS and location will be identified 507. For example, the country 516 of the withdrawal POS maybe different from a country 517 of the deposit POS. Therefore, an exchange rate may be associated with the withdrawal POS that is different than an exchange rate associated with the deposit POS.
The withdrawal request may be authenticated 513. For example, the withdrawing user may provide and confirm ownership of a phone number that is associated with a deposit. Upon authenticating a withdrawal request, available funds may be calculated and disbursed 514.
Calculation of the disbursement funds may include several variables. For example, exchange rates at the originating country and resulting country may be taken into account. Additionally, service fees of the operators and vendors may be taken into account.
A funds transfer process may leverage or utilize a virtual currency.
An exchange rate at an originating country may be calculated along with operator and/or vendor fees 508. The funds calculated may be exchanged for virtual currency in a virtual currency wallet 509. The virtual currency wallet may be a wallet associated with the deposit POS or the operator of the deposit POS, for example.
The virtual currency may then be transferred to a virtual currency wallet associated with the target/withdrawal POS or operator of the withdrawal POS 510. The transfer may occur across a country-line 515, for example.
An exchange rate of the country of the withdrawal POS may be calculated along with operator and/or vendor fees 511. The virtual currency in the target virtual currency wallet may be exchanged for funds at the target POS 512.
Example Embodiments
Various embodiments are described for example purposes. The embodiments, or elements of the embodiments, may be used or practiced in combination with one another.
Funds Deposit
A customer may, for example, deposit U.S. dollars at a terminal in the United States in exchange for a cryptocurrency such as Bitcoin to be deposited into the customer’s cryptocurrency wallet.
Funds Withdrawal
In another example, a customer may withdraw U.S. dollars at a terminal in the United States in exchange for a cryptocurrency such as Bitcoin to be withdrawn from the customer’s cryptocurrency wallet.
Domestic Funds Transfer
In another example, a customer may wish to deposit U.S. dollars at a terminal in the United States to send funds to another customer at another terminal in another location in the United States for withdrawal.
A third party or provider may facilitate the transfer. The third party may be a software service, for example.
In one example, the third party may instruct to accept funds received at the deposit terminal. The third party or provider may then instruct the transfer of cryptocurrency from a virtual currency wallet associated with the deposit terminal to a virtual currency wallet associated with a withdrawal terminal. The third party or provider may then instruct the remittance of funds at the withdrawal terminal.
International Funds Transfer
In another example, a customer may wish to deposit U.S. dollars at a terminal in the United States to send funds to another customer in another location outside of the United States for withdrawal.
A third party or provider may facilitate the transfer. The third party may be a software service, for example.
In one example, the third party may instruct to accept funds received at the deposit terminal in, for example, the United States, where the funds are U.S. dollars. The third party or provider may then instruct the transfer of an amount of cryptocurrency based on the local exchange rate from a virtual
currency wallet associated with the deposit terminal to a virtual currency wallet associated with a withdrawal terminal where the withdrawal terminal is in another country, for example, Mexico. The third party or provider may then instruct the remittance of funds at the withdrawal terminal based on the local exchange rate.
A customer may visit a terminal in one country. One embodiment of the deposit process is described further below.
FIG. 6 is a flowchart showing a detailed view of the deposit process.
During processing of a deposit at a POS, a customer/user may be authenticated 601. For example, a user may provide/scan an ID document such as a driver’s license, provide and verify a phone number/PIN, etc. A phone may be verified, for example, by a PIN sent to the phone number by SMS after the phone number is entered at a terminal, for example. The user may be prompted to enter/verify the phone number by entering the received PIN.
Other data or metadata may be gathered and used for verification/ authentication 602, such as biometric verification. For example, a camera at a terminal or POS may provide image or video data of the user’s face. This may trigger a facial recognition process, a KYC/AML (Know Your Customer/ Anti-Money Laundering) process, and/or a trust/risk analysis process 607. These processes may be carried out in conjunction in a non-blocking manner, or sequentially .These processes may be executed at the POS, at a proxy, and/or as a backend process. These processes may be provided by the vendor, operator, and/or a third party, and in any combination thereof.
The customer/user may make various selections 603 associated with a deposit providing specifics, configurations, and/or settings for the transaction. The settings may include, for example, user’s phone number, recipient’s phone number, creation of a redemption code, amount of time to make the funds available to the recipient for withdrawal before expiration, etc.
The customer/user may then deposit funds at the terminal or POS 604. The POS may execute steps to confirm the deposit is complete 605. For example, the POS may count the funds that have been received and user selections providing specifics, configurations, and/or settings for the transaction.
After the deposit is completed, the POS may provide a receipt and/or notification 606. Once the deposit is confirmed and completed, the funds are kept in or at the POS and remain in possession of the POS operator. After the expiration of the holding period, the funds may begin to incur holding fees, for example.
FIG. 7 is a flowchart showing a detailed view of the withdrawal process.
A withdrawal request may be received during a hold period. The withdrawal request may be at any terminal and/or point-of-sale that is part of a system or network of terminals and/or points-of-sale, for example. Therefore, the withdrawal request may be made in any country. The country may be the same or different from the deposit POS country.
In one embodiment, the customer may deposit virtual currency to the vendor and the funds are converted to funds during the holding period to avoid or minimize realization of exchange rate fluctuations or volatility.
In another embodiment, the customer may deposit virtual currency to the vendor and the funds are not converted to funds during the holding period.
A withdrawal request triggers the funds transfer and disbursement processes.
The withdrawal terminal and/or POS and location will be identified as set forth above. The withdrawal request may be authenticated as set forth above. For example, the withdrawing user may provide and confirm ownership of a phone number that is associated with a deposit. The customer may be identified 701 and a withdrawal request may be sent to a vendor 702. The request may include specifications associated with the customer, etc. 703.
Other data or metadata may be gathered and used for verification/ authentication, such as biometric verification. For example, a camera at a terminal or POS may provide image or video data of the withdrawing user’s face. This may trigger a facial recognition process, a KYC/AML (Know Your Customer/ Anti-Money Laundering) process, and/or a trust/risk analysis process. These processes may be carried out in conjunction in a non-blocking manner, or sequentially.These processes may be executed at the POS, at a proxy, and/ or as a backend process. These processes may be provided by the vendor, operator, and/or a third party, and in any combination thereof.
If the specifications and withdrawal are not cleared during a decision process by the vendor service 704, for example, the withdrawal may be denied 710.
If the specifications and withdrawal are cleared during a decision process by the vendor service 704, for example, the withdrawal may be permitted, and a virtual currency exchange process (709, 711) may be initiated, and a funds disbursement process (705, 706, 707, 708) may be initiated.
Upon authentication or permission of a withdrawal request, funds may be calculated and disbursed. A withdrawal limit may be determined 705 based on factors such as the amount deposited, operator and vendor fees 706, exchange rate parameters 706, etc. A response from the vendor service may be sent to the operator 707 including, for example, the calculation of limits of funds allowed for withdrawal. In response, the terminal or POS may permit a withdrawal 708.
Trust/Risk Analysis Service
A trust and/or risk analysis may be carried out, optionally, for example, for the authentication/verification of a depositing or withdrawing user. The analysis may be carried out in parallel with the customer’s deposit, or may be carried out before allowing a particular step of the customer’s deposit to be completed, for example. For example, the analysis may be required to be completed before accepting funds or a deposit from the user. Alternatively, for example, funds or a deposit may be accepted while the analysis is performed.
In another example, a trust and/or risk analysis maybe carried out in parallel with a customer’s withdrawal, or may be carried out before allowing a particular step of the customer’s withdrawal to be completed, for example. For example, the analysis may be required to be completed before dispensing funds or funds to the user. Alternatively, for example, funds or funds may be dispensed while the analysis is performed.
In one example, the data and metadata for trust/risk analysis processing maybe delivered to a third party service provider, or vendor. The third party service, for example, may be a software service of a vendor, as set forth above. The software service may be hosted at a vendor-owned location, a third party location, or a proxy location, for example. The data and/or metadata maybe sent to a processing queue of the software service. For example, the queue may be processed in a first-in-first-out (FIFO) or last-in-first-out (LIFO) order. The queue may collect several processes to be carried out. The processes may, for example, be similar trust/risk analysis processes from various POS locations, or different processes.
The service may be hosted on elastic server architecture, in one example, as set forth above. In another example, the service may be hosted using serverless architecture, as set forth above.
Various actions may be taken in response to the outcome of the analysis.
One advantage of the use of cryptocurrency is the ability to eliminate third parties or additional parties. However, one disadvantage associated with this is that cryptocurrency transactions by bad actors are more easily enabled. It is useful and necessary then to establish whether a user is trustworthy.
A trust score may be computed, established, stored, and/or updated for a user. The trust score may be used to increase or decrease, for example, user capabilities or privileges at a point of sale node or terminal. For example, in one embodiment, a trust score exceeding a threshold score may allow or unlock for the user a higher transaction limit privilege.
In one embodiment, when a trust score does not exceed a certain minimum threshold, additional actions or inputs may be required of a user at a point of sale node or terminal. For example, a user may be required or requested to provide additional identification, scan an ATM card, or provide a biometric input if a trust score does not exceed a certain minimum threshold. It will be recognized that any input or requirement that can affect a trust score may be required or requested.
In one embodiment, when a trust score does not exceed a certain minimum threshold, a user transaction or other request may be denied.
A trust score may incorporate, or take into account, any number of factors, wherein each factor may be assigned a weight. A weighted factor, for example the product of a factor and a respective weight, may provide a trust factor. A trust score may be a sum of various trust factors. It will be understood that any of a trust score, factor, or weight, may be positive, zero, or negative.
One factor may be a facial verification or recognition factor.
In one embodiment, a user’s facial image data or video data, for example, may be gathered at a point of sale node or terminal, or any other computing device, such as a user’s mobile device. One or more parameters of the image or video data may be stored. The entire image or video data may be stored.
In one embodiment, facial recognition may be performed based on a video sequence or one or more video frames of a user’s face gathered at a node or terminal, or any other computing device, such as a user’s mobile device, for example. In one embodiment, facial recognition may be performed based on an image of a user’s face gathered at a node or terminal, or any other computing device, such as a user’s mobile device, for example.
The facial data may be processed on the client side at the node or terminal, at a proxy, on the server side, or any combination of such locations thereof, wherein various steps or portions of processing may be performed at each location.
Facial verification or recognition
It will be understood that any facial recognition algorithm, or combinations or hybrids thereof, might be used.
In one embodiment, a facial verification method may be used to compare a user’s face with one or more datasets. A dataset may be, for example, a training dataset, a model dataset, a stored dataset of previous or known users, or a stored criminal or blacklist dataset.
One or more datasets may be selected as training datasets and/or models and one or more cost functions may be defined. In one example, a cost function may be a Kullback-Leibler divergence, or difference, from a selected dataset or model. An optimization problem may be defined.
One factor may be a user geolocation factor.
A geolocation factor may be gathered as associated with a user. In one example, a user may share a mobile device geolocation with a service. A request for geolocation maybe sent to a user mobile device, for example.
In one embodiment, a user geolocation may be compared with a point of sale locatio A factor may be determined based on the proximity of the two geolocations.
One factor may be a point of sale geolocation factor.
A geolocation factor maybe gathered as associated with a point of sale. In one example, an IP address that is connected with, or used by, a point of sale may be associated with a geolocation.
In one embodiment, a point of sale geolocation may be compared with a user geolocation. A factor may be determined based on the proximity of the two geolocations.
One factor may be an ATM card verification factor.
An ATM card may be issued to a user of a cryptocurrency terminal. The card may include a chip, barcode, account number, and/or magnetic strip. The ATM card may be read by a cryptocurrency terminal for verification. A factor may be associated with a ATM -verified user.
One factor may be an age of account factor.
An account age may be determined. For example, a creation may be determined. A factor may be associated with the account age.
One factor may be a previous incident factor.
A list of incidents may be associated with an account and stored. An incident may be a suspicious event that has been flagged. For example, an incident may include exceeding a threshold number of failed logins within a certain window of time, of a time period of a predefined length.
A factor may be associated with each incident. Alternatively, a factor may be associated with a threshold number of incidents.
One factor may be a metadata factor.
One factor maybe a PIN verification factor.
One factor may be a mobile device PIN verification factor.
One factor may be a biometric factor, such as a fingerprint, finger scan, or palm scan.
One factor may be a distance from a last transaction location probability factor.
One factor may be a credit card verification factor.
One factor may be an ID card verification factor.
One factor may be a QR code verification factor.
One factor may be a mobile device bluetooth verification factor.
One factor may be a security pattern verification factor.
One factor may be a geographic criminal activity factor.
One factor may be a transaction anomaly factor.
Transaction data for a user or group of users may produce a probability distribution. For example, transaction amounts may follow a normal, or Gaussian, distribution for a particular location, or across many locations, wherein a particular mean transaction amount is determined.
Thus, a transaction amount may deviate from a mean by some portion or multiple of a standard deviation. Larger deviations may be more anomalous then.
In one embodiment, a larger standard deviation may be associated with a particular factor, which may be a negative factor. Addition of a negative factor in a trust score may penalize the trust score.
One factor may be a transaction location anomaly factor.
Transaction location data for a user or group of users may produce a probability distribution. For example, transaction locations may follow a normal, or Gaussian, distribution for a particular location, or across many locations, wherein a particular mean transaction location is determined.
Thus, a transaction location may deviate from a mean by some portion or multiple of a standard deviation. Larger deviations may be more anomalous then.
In one embodiment, a larger standard deviation may be associated with a particular factor, which may be a negative factor. Addition of a negative factor in a trust score may penalize the trust score.
Calculation of Trust Score or Risk Score
Thus, a trust score may be calculated by including one or more weighted factors. In one example, a trust score (TS) based on a factor (f,) at a weight (w,), and a factor (f2) at a weight (w2):
TS = w,f, + w2f2
Thus, for many (x) factors, a trust score may be calculated: TS = w,f, + w2f2... wxfx or
TS = Loading... wxfx
Trust Score Distribution
Trust scores amongst a certain set, subset, portion, or group of users may form a probability distribution. For example, trust scores may follow a normal, or Gaussian, distribution for a group of users, wherein a particular mean trust score is determined.
Thus, a user’s computed or determined trust score may deviate from a mean by some portion or multiple of a standard deviation. Larger deviations may be more anomalous then.
In one embodiment, a larger standard deviation may be associated with a less trustworthy user. A threshold standard deviation or portion of a standard deviation may be defined. A comparison or relationship between a user’s trust score and a threshold standard deviation from a mean trust score may be established. User privileges at a point of sale, or in or for a user account, may be determined according to whether the user’s trust score exceeds the threshold.
Updating for Trust or Risk
It will be understood that information or metadata about users may increase over time. For example, a new user may complete a cryptocurrency transaction with certain characteristics such as location, time, transaction amount, etc., and, over time, that user will complete additional transactions with their own characteristics- some characteristics may be the same, or similar, to those characteristics of the earlier transactions. These transaction data or characteristics may be stored.
Thus, the information or metadata surrounding the user increases over time as additional data surrounding transactions are aggregated.
A running, or aggregate, trust score may be associated with a user. Thus, a prior, or posterior, trust score may exist for a user prior to a transaction. After a transaction the prior trust score may be updated.
FIG. 8A is a flowchart showing a general view of a risk analysis process.
A user may initiate a transaction request 801. Upon doing so, a user may provide, or be prompted to provide credentials for a virtual currency wallet 802. For example, a user may enter a wallet address manually, or scan a barcode or other address representation at a point of sale. The point of sale may be a terminal, for example. After the user provides the address, the terminal may wait for a response 803 from a vendor or third party service. The service may be a risk analysis service, for example, that provides a risk score for a given address. After the risk score is received 804, the terminal may allow the transaction to proceed or move forward 805.
After the user enters a wallet address, the address and/or user data maybe forwarded a vendor or third party service 806. As set forth above, the service may be a risk analysis service, for example, that provides a risk score for a given address. The service may perform a risk analysis 807 and calculate a risk score 808. The risk score may be provided, in response, back to the point of sale.
FIG. 8B is a flowchart showing a general view of a verification process.
In some cases, a user validation event, such as whitelisting for some capabilities may be desired. For example, operators of terminals may desire a setting wherein users requesting transactions beyond a certain dollar amount may be required additional verifications or whitelist status, such as photo ID verification completed, before the transaction may be allowed to proceed. Such a whitelist status may be labeled “VIP,” for example.
Users or customers may or may not have already completed a photo ID verification step, or “VIP” verification step, for example, before requesting a large transaction 810, for example. Thus, for example, after a user selects an option beyond a desired threshold dollar amount determined by the operator of the terminal (using an operator GUI as described herein, for example), the user at the terminal maybe directed to or shown an interim UI, or holding/waiting page UI 811, while the user profile may be queried or checked to determine whether the whitelist or “VIP” verification step has already been completed by the user 813-814. The terminal on the client-side maybe in communication with a software service provider 818, for example as provided herein, on a server-side. A user verification query maybe communicated to the software service provider, which may, for example, check a user or customer status in a database.
Based on the status of the user’s verification status query 814, the GUI at the terminal may display different UIs in the next step. For example, if it is determined 818 the user’s account has already completed a photo ID verification step, or “VIP” verification step, then the next UI displayed may be the next for the transaction to proceed 815, after a message or response is sent to the terminal from the software service provider indicating such 820.
However, if it is determined 818 that the user has not completed a photo ID verification step, or “VIP” verification step, for example, the next UI may be, for example, a request to complete a photo ID verification step, or “VIP” verification step 816. In this case, for example, an SMS maybe sent to the user’s phone alone with, for example, a URL or link to a registration web page for completion of registration of verification using off site registration capabilities by the software service provider 821 and/or a message or response is sent to the terminal from the software service provider indicating such 819.
While the system awaits verification of registration completion, the user at the terminal may be directed to a waiting page (811, 816), for example. In an example embodiment, the waiting page may be a UI that displays text and/or content specified by the operator of the terminal, which may, for example, be specified in an operator GUI as described herein.
The waiting page and/or state may utilize or initialize a process to determine when the user verification has been completed. For example, a polling or long polling process may be started, an open web socket maybe used, a new web socket maybe opened or established, or Server-Sent events (SSE), HTTP/2 push, or other data stream methods/protocols that listen for a user verification complete event maybe used.
In one example, long polling may be used to persist or hold a client or terminal connection open until data such as a user verified event becomes available or until a timeout threshold is reached. Such polling may be repeated or continued until a user verified event is received at the terminal, for example. In another example, full-duplex persistent WebSocket(s) may be used to determine or identify such an event as a user verified event.
The URL or link to the registration web page and the web page itself may be created and/or hosted by, for example, the operator, third party, or the software service provider of the terminal. If the registration web page is not hosted by the software service provider of the terminal, the operator or third party hosting the page, for example, may send an API request to the software service provider of the terminal when or after the user submits the registration information to notify the software service provider that the registration is submitted and/or the user has been verified 822. The service provider may then communicate a message or response to the terminal 817.
The registration web page may be a form requesting any of the account information described herein.
In one example, a user account may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, image of a photo ID, and/or any other data from an identification document associated with the account.
In one example, the user may need to submit an image of a photo ID such as a driver’s license.
The image may be received in any form, for example, JPEG, PNG, etc. The image data may be sent to the host of the web registration form by, for example, HTTP/HTTPS request such as in an AJAX request. In one example, the image data may be a base64 data string stored/delivered via, for example, a JSON string included in the request.
Upon receipt of the request, the host may process the data to verify the user.
In one example, the data, including, for example, the image data, may be forwarded, by the host, to a service provider, which then determines that the registration or verification is complete 822. In another example, this determination can be made within the service provider system if the service provider is also the host of the web page, for example. The service provider may be a software service provider that may be a third party software service provider.
For example, data may be forwarded from the host, operator, or vendor to a third party software service provider in the form of an HTTP(S) request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned. HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE. The HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP(S) status codes may be used to indicate success and failure.
An HTTP(S) request to an API endpoint may require authentication. For example, the API may conform to a Representational State Transfer (REST) style. For example, an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor. Keys may be included in HTTP(S) headers, for example, for every HTTP(S) request. Keys may be in the form of a string, such as a base04 encoded string, for example. Similarly, a timestamp may be included in HTTP(S) headers for HTTP(S) requests to an API endpoint. A Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
An HTTP(S) request to an API endpoint may include a payload. The request and payload may be formatted as any HTTP(S) request. For example, a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
The payload may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, photo ID image data such as the raw image or base64 data representation of the image, and/or any other data from an identification document associated with the account. The payload may be formatted in HTML, XML, JSON, or another format.
The service provider may return, to the host, operator, or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the account (819, 820). For example, o, 1, or 2 may be returned to indicate not verified, verified, or partially verified. In another example, o or 1 may be returned to indicate not matched, or matched to a dataset, such as a criminal dataset. The result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the
result may be also stored. The result may include a payload formatted in HTML, XML, JSON, or another format.
As an example a JSON response payload can include elements such as whether an ID element, such as address, name, and/or date of birth are verified, partially verified, or not verified, and/or elements such as associated risk scores calculated for each element, or a combination of elements:
For example, such a payload could include:
{
"user_id": "12345",
"status": "1"
}
In one example, a request for a verification may be made to a third party service provider, wherein a verification is based on the specifics of the image data. The third party may, for example, apply a facial recognition to data matching process to compare the photo ID with a dataset of images, such as against a criminal image dataset.
If the host is not also the terminal software service provider, for example, the host may forward notification to the software service provider that the user is verified or not verified. This may, again be in the form of an API request/payload such as described previously.
After the user is verified and/or a user verified event is received at the terminal, for example, 817, the user may be allowed to proceed with the transaction 815.
In one example this may be accomplished by changing a status or flag associated with the user account in a user database operated or managed by the terminal software service provider, for example.
After the flag is changed when a user is verified, the software service provider may, for example, communicate the change to the host and/or the terminal 820. For example, a user verification complete event may be delivered to the terminal using the data stream protocols described previously.
The polling or web socket, for example, may then catch, identify, or determine the user verification complete event 817. In response, for example, the UI at the terminal may then allow the user to proceed with the transaction by taking the user to a next transaction step 815, for example.
FIG. 9A is a flowchart showing a customer funds deposit process.
A customer may visit a point of sale 901, which may be, for example, a hardware terminal such as an automated teller machine capable of one or both of cash and virtual currency transactions. The point of sale may display selection options such as “Deposit” and “Withdrawal”, current prices of various virtual currencies and/or customer selections such as transaction ranges 902. For example, ranges for a cash to virtual currency (such as Bitcoin, for example) deposit transactions may be displayed. In one example, a range of $0-$500 maybe displayed, wherein a user can opt to deposit up to $500 cash into a virtual currency wallet. The customer may select a range 903. The customer may be prompted to enter a phone number, for example his/her mobile phone number 904.
A determination may be made as to whether the phone number entered is associated with an existing account or known user 905. For example, a database may be queried for the entered phone number. If no account is found, a user may be prompted to create an account 906. If an account is found, an SMS verification code may be sent to the entered phone number 907. In another embodiment, the SMS code may be sent before the database is queried. After the user entered the SMS code, if the entered code matches the code that was sent, the transaction may be allowed to continue. If the entered code does not match, the transaction may be denied, for example. The user may be allowed to request a new code. The requests may be limited, for example, to 5 attempts before the account is locked.
Once an account is identified, a KYC/AML (“know-your-customer” or “anti-money laundering”) verification analysis maybe performed 908. In one example, a user account may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account.
The data may be forwarded, by a core service provider or vendor, to a service provider. The service provider may be a software service provider that may be a third party software service provider.
For example, data may be forwarded from the core service provider or vendor to a third party software service provider in the form of an HTTP request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned. HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE. The HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP status codes may be used to indicate success and failure.
An HTTP request to an API endpoint may require authentication. For example, the API may conform to a Representational State Transfer (REST) style. For example, an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor. Keys may be included in HTTP headers, for example, for every HTTP request. Keys may be in the form of a string, such as a base04 encoded string, for example. Similarly, a timestamp may be included in HTTP headers for HTTP requests to an API endpoint. A Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
An HTTP request to an API endpoint may include a payload. The request and payload may be formatted as any HTTP request. For example, a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
The payload may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account. The payload may be formatted in HTML, XML, JSON, or another format.
The service provider may return, to the core service provider or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the account. For example, o, 1, or 2 may be returned to indicate no match, partial match, or match. The result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored. The result may include a payload formatted in HTML, XML, JSON, or another format.
As an example a JSON response payload can include elements such as whether an ID element, such as address, name, and/or date of birth are verified, partially verified, or not verified, and/or elements such as associated risk scores calculated for each element, or a combination of elements:
For example, such a payload could include:
{
"address": "1",
"address_risk": "high",
"identification": "o",
"date_of_birth": "2"
}
In one example, a request for a verification may be made to a third party service provider, wherein a verification or risk score is based on the specifics of fund contributors to a queried address. A risk score
may be, for example, a numeral ranging from o to to, wherein o or l correspond to little, low, or no risk, and 9 or to correspond to high risk. In another example, a risk score may be a floating point value such as o.ooi or 4.58.
In another example, a request for a risk score may be made to a third party service provider, wherein the risk score is based on the specifics of recipients of funds from a queried address.
In another embodiment, it may be determined, by a core service provider or vendor, that a risk analysis has been performed on the account within a certain timeframe. For example, it may be determined that a risk analysis has been performed within the last week. Based on such a determination, the request to the service provider may be skipped. For example, if a risk analysis for the account was requested within the previous week and the associated account was cleared, trusted, and/or otherwise determined to be low risk, based on a query of the aforementioned stored results and/or date/time, then a risk analysis may be skipped.
After the phone number is verified, the customer may be allowed to select a virtual currency from a set of virtual currency 909. For example, the customer may select “Bitcoin” from a set comprising “Bitcoin”, “Litecoin”, “Ethereum”, etc.
After selection, a virtual currency wallet address maybe gathered 910. For example, a user may scan a QR code for a virtual currency wallet shown on a mobile device. In other examples, a user may manually enter a virtual currency wallet address, or a virtual currency wallet address may be created.
The virtual currency wallet address may be used to perform a risk analysis 911.
A KYC/AML (“know-your-customer” or “anti-money laundering”) verification analysis may also be performed 908. In one example, a user account may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account.
The data may be forwarded, by a core service provider or vendor, to a service provider. The service provider may be a software service provider that may be a third party software service provider.
For example, data may be forwarded from the core service provider or vendor to a third party software service provider in the form of an HTTP request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned. HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE. The HTTP
requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP status codes may be used to indicate success and failure.
An HTTP request to an API endpoint may require authentication. For example, the API may conform to a Representational State Transfer (REST) style. For example, an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor. Keys may be included in HTTP headers, for example, for every HTTP request. Keys may be in the form of a string, such as a base64 encoded string, for example. Similarly, a timestamp may be included in HTTP headers for HTTP requests to an API endpoint. A Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
An HTTP request to an API endpoint may include a payload. The request and payload may be formatted as any HTTP request. For example, a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
The payload may include elements such as a type of analysis performed, an asset type, an address or transaction hash, a type of analysis, and a customer reference or ID.
As an example a JSON request payload can include:
{
"type": "transaction",
"asset": "LTC",
"hash": "dvf35gh . ebrvryh6",
"address": "khbKJB98y ..jbaAYGAB83",
"type": "source",
"customer_id": "3234"
}
The service provider may return, to the core service provider or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the account. The result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored.
As an example JSON response payload can include:
{
"id": 4542,
“date": "2018-05-04",
"risk_score": “10.54”
}
In one example, a request for a verification may be made to a third party service provider, wherein a verification or risk score is based on the specifics of fund contributors to a queried address. A risk score may be, for example, a numeral ranging from o to 10, wherein o or 1 correspond to little, low, or no risk, and 9 or 10 correspond to high risk. In another example, a risk score may be a floating point value such as 0.001 or 4.58.
In another example, a request for a risk score may be made to a third party service provider, wherein the risk score is based on the specifics of recipients of funds from a queried address.
FIG. 9B is a flowchart showing a customer funds withdrawal process.
A customer may visit a point of sale 921, which may be, for example, a hardware terminal such as an automated teller machine capable of one or both of cash and virtual currency transactions. The point of sale may display selection options such as “Deposit” and “Withdrawal”, current prices of various virtual currencies and/or customer selections such as transaction ranges 922. The customer may select “Withdrawal” 923. The customer maybe prompted to enter a phone number, for example his/her mobile phone number 924.
A determination may be made as to whether the phone number entered is associated with an existing account or known user 925. For example, a database may be queried for the entered phone number. If no account is found, a user may be prompted to create an account 926. If an account is found, an SMS verification code may be sent to the entered phone number 927. In another embodiment, the SMS code may be sent before the database is queried. After the user entered the SMS code, if the entered code matches the code that was sent, the transaction may be allowed to continue. If the entered code does not match, the transaction may be denied, for example. The user may be allowed to request a new code. The requests may be limited, for example, to 5 attempts before the account is locked.
Once an account is identified, a KYC/AML (“know-your-customer” or “anti-money laundering”) verification analysis may be performed 928. In one example, a user account may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account.
The data may be forwarded, by a core service provider or vendor, to a service provider. The service provider may be a software service provider that may be a third party software service provider.
For example, data may be forwarded from the core service provider or vendor to a third party software service provider in the form of an HTTP request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned. HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE. The HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP status codes may be used to indicate success and failure.
An HTTP request to an API endpoint may require authentication. For example, the API may conform to a Representational State Transfer (REST) style. For example, an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor. Keys may be included in HTTP headers, for example, for every HTTP request. Keys may be in the form of a string, such as a base04 encoded string, for example. Similarly, a timestamp may be included in HTTP headers for HTTP requests to an API endpoint. A Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
An HTTP request to an API endpoint may include a payload. The request and payload may be formatted as any HTTP request. For example, a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
The payload may include any combination of identification document data such as an associated name, date of birth, address, social security number, driver’s license number, passport number, and/or any other data from an identification document associated with the account.
The service provider may return, to the core service provider or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the account. For example, o, 1, or 2 may be returned to indicate no match, partial match, or match. The result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored. The result may include a payload formatted in HTML, XML, JSON, or another format.
For example, such a payload could include:
{
"address": "1",
"address_risk": "high",
"identification": "o",
"date_of_birth": "2"
}
In one example, a request for a verification may be made to a third party service provider, wherein a verification or risk score is based on the specifics of fund contributors to a queried address. A risk score may be, for example, a numeral ranging from o to 10, wherein o or 1 correspond to little, low, or no risk, and 9 or 10 correspond to high risk. In another example, a risk score may be a floating point value such as 0.001 or 4.58.
In another example, a request for a risk score may be made to a third party service provider, wherein the risk score is based on the specifics of recipients of funds from a queried address.
In another embodiment, it may be determined, by a core service provider or vendor, that a risk analysis has been performed on the account within a certain timeframe. For example, it may be determined that a risk analysis has been performed within the last week. Based on such a determination, the request to the service provider may be skipped. For example, if a risk analysis for the account was requested within the previous week and the associated account was cleared, trusted, and/or otherwise determined to be low risk, based on a query of the aforementioned stored results and/or date/time, then a risk analysis may be skipped.
After the phone number is verified, the customer may be allowed to select a virtual currency from a set of virtual currency 929. For example, the customer may select “Bitcoin” from a set comprising “Bitcoin”, “Litecoin”, “Ethereum”, etc.
For example, ranges for a cash to virtual currency (such as Bitcoin, for example) withdrawal transactions may be displayed. The customer may select a range 930. In one example, a range of $o-$so may be displayed, wherein a user can opt to withdraw up to $50 cash from a virtual currency wallet.
After selection, a virtual currency wallet address may be displayed, for example as a QR code 931. The wallet address may represent a wallet address associated with the operator of the point of sale. A user may scan the QR code for the virtual currency wallet shown 932 to send funds from his/her virtual currency wallet. Once the funds have been sent to the operator or point of sale virtual currency wallet, corresponding cash funds may be dispensed 933. The cash funds may calculated be less any fees, for example.
The virtual currency wallet transaction or sender address may be used to perform a KYC/AML (“know-your-customer” or “anti-money laundering”) risk analysis 934.
The data may be forwarded, by a core service provider or vendor, to a service provider. The service provider may be a software service provider that may be a third party software service provider.
For example, data may be forwarded from the core service provider or vendor to a third party software service provider in the form of an HTTP request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned. HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE. The HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP status codes may be used to indicate success and failure.
An HTTP request to an API endpoint may require authentication. For example, the API may conform to a Representational State Transfer (REST) style. For example, an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor. Keys may be included in HTTP headers, for example, for every HTTP request. Keys may be in the form of a string, such as a base04 encoded string, for example. Similarly, a timestamp may be included in HTTP headers for HTTP requests to an API endpoint. A Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
An HTTP request to an API endpoint may include a payload. The request and payload may be formatted as any HTTP request. For example, a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
The payload may include elements such as a type of analysis performed, an asset type, an address or transaction hash, a type of analysis, and a customer reference or ID.
As an example a JSON request payload can include:
{
"type": "transaction",
"asset": "LTC",
"hash": "dvf35gh . ebrvryh6",
"address": "khbKJB98y ..jbaAYGAB83",
"type": "source",
"customer_id": "3234"
}
The service provider may return, to the core service provider or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the account. The result may be stored in
association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored.
As an example JSON response payload can include:
{
"id": 4542,
“date": "2or8-05-04",
"risk_score": “ro.54”
}
In one example, a request for a verification may be made to a third party service provider, wherein a verification or risk score is based on the specifics of fund contributors to a queried address. A risk score may be, for example, a numeral ranging from o to to, wherein o or r correspond to little, low, or no risk, and 9 or to correspond to high risk. In another example, a risk score may be a floating point value such as o.oor or4.58.
In another example, a request for a risk score may be made to a third party service provider, wherein the risk score is based on the specifics of recipients of funds from a queried address.
The virtual currency wallet address and transaction details may be stored by a software service provider. In one example, this risk analysis may be performed after the withdrawal. In one example, if the account is deemed high risk, the account may be flagged or placed in a “hold” or “pending approval” state, or similar.
Customer Transaction/Request Interview
In one embodiment, a progessive, interactive interview is presented to the customer via a terminal or point of sale display, using, for example, a series of one or more graphical user interfaces (GUIs) in a browser element.
During the presentation of the GUIs in the interview, data may be stored at the terminal or point of sale, at least temporarily reflecting customer selections. In one example, cookies may be stored in association with the customer/transaction in a user session, using, for example, JavaScript.
The cookies may then be utilized to prepare or produce a payload for transmission, for example, a JSON encoded data element. In another embodiment, such a payload/ JSON encoded data element maybe prepared without the use of cookies.
The JSON encoded data element may comprise multiple elements reflecting the customer selections and/or request along with information such as identifying information of the terminal or point of sale at which the request is being prepared and timestamps. Additionally, API keys and/or API secret keys may be included with the payload data element.
In some embodiments, as the customer makes the selections a stored machine state is updated. This can be maintained in various network locations, for example, near the edge or at a central server location. Caches at the client terminal or point of sale, or in the network path or at the central server may be used to store a machine state, for example.
There may be a time period set at which the state or session times out. For example, after t minute of inactivity or lack of state changes, the session or state is cleared, logged off and/or ended, etc.
In an example embodiment, a customer approaches a terminal or point of sale. The customer may select a transaction type, for example, “Buy Virtual Currency,” and selects type of virtual currency, for example, “Bitcoin,” in a GUI display of the terminal or point of sale.
The machine state stored in a database, datastore, or internet of things model, for example. The machine state may be incrementally updated with each secure request associated with a user selection, to build a string or payload, for example. Each request may be filtered at the service provider side, where security measures may be in place. For example, code injection requests may be logged along with the origin. Further, the origin may be blocked from making further requests until the request is reviewed and cleared.
This reduces what may be stored locally and allows machine state to be maintained, even when, for example, connection is lost.
The request specifications may be aggregated into a complete payload to make a complete request. On submission, for example, via a command from the user to make or submit the request, the complete aggregate payload may be used to deliver a complete request to the vendor or software service provider.
FIG. 9C is a flowchart showing a customer funds deposit and virtual currency purchase process connected with a virtual currency machine state.
An example sequence is provided. It will be understood that the given steps are optional and/or maybe rearranged. A user or customer may visit a terminal which may be a virtual currency terminal, for example.
The customer may be presented with a series of user interfaces in an interview to allow for ascertaining the customer’s specifications for a transaction request. The customer interview corresponds to 955-959, for example. A machine state corresponds to 954a-954d, for example. The machine state may be stored in any location between the client and the cloud service. For example, the machine state may be stored or cached locally at the terminal, near the edge or fog layer, or at a central server.
During the customer interview, queries/requests (952a-952e) and updates (953a-953e) maybe made between the terminal and a software service. The queries and updates may handle and/or update a machine state (954a-954d) associated with the terminal . It will be understood that data elements 954a-954d could include other parameters. Additionally, such data elements could include, for example, API keys and/or secret keys.
In one embodiment, a customer may select to purchase a virtual currency 955 in exchange for cash via a cash deposit at the terminal. An initial state for the terminal may be empty or null, for example. The initial state maybe requested 952a before or during the customer’s initial selection 955, for example and communicated from a software service provider via a secure session via a VPN. The query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal. For example, a JSON data element may be created or prepared by the software service provider. The data element may be encrypted and delivered to the terminal.
After the customer’s selection to buy virtual currency, an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN. The update may include the delta or changes to the initial or current machine state. The update may be communicated to the software service provider as an encrypted payload. For example, a JSON data element may be created or prepared at the terminal. The data element may be encrypted and delivered to the software service provider 953a. The software service provider may decrypt the payload to reveal a decrypted payload 954a and update the machine state for the terminal, for example by updating a database or datastore.
The current machine state may be queried or requested 952b before or during the customer’s next selection 956, for example and communicated from a software service provider via a secure session via a VPN. The query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal. For example, a JSON data element may be created or prepared by the software service provider. The data element may be encrypted and delivered to the terminal.
The customer may select a virtual currency 956 to buy in exchange for cash via a cash deposit at the terminal.
After the customer’s selection to buy “Bitcoin” 956, for example, an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN. The update may include the delta or changes to the initial or current machine state. The update may be communicated to the software service provider as an encrypted payload 953b. For example, a JSON data element may be created or prepared at the terminal. The data element may be encrypted and delivered to the software service provider. The software service provider may decrypt the payload 953b and update the machine state for the terminal, for example by updating a database or datastore.
The current machine state may be queried or requested 952c before or during the customer’s next selection 957, for example, and communicated from a software service provider via a secure session via a VPN. The query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal. For example, a JSON data element may be created or prepared by the software service provider. The data element may be encrypted and delivered to the terminal.
The customer may select a virtual currency amount 957 to buy 1 Bitcoin (BTC).
After the customer’s selection to buy “1 BTC,” for example, an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN. The update may include the delta or changes to the initial or current machine state. The update may be communicated to the software service provider as an encrypted payload 953c. For example, a JSON data element may be created or prepared at the terminal. The data element may be encrypted and delivered to the software service provider. The software service provider may decrypt the payload to reveal a decrypted payload 954c and update the machine state for the terminal, for example by updating a database or datastore.
The current machine state may be queried or requested 952d before or during the customer’s next selection or action 958, for example, and communicated from a software service provider via a secure session via a VPN. The query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal. For example, a JSON data element may be created or prepared by the software service provider. The data element may be encrypted and delivered to the terminal.
The customer may enter a virtual currency wallet address 958.
After the customer’s entry, for example, an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN. The update may include the delta or changes to the initial or current machine state. The update may be communicated to the software service provider as an encrypted payload 953d. For example, a JSON data element may be created or prepared at the terminal. The data element may be encrypted and delivered to the software service provider. The software
service provider may decrypt the payload to reveal a decrypted payload 954d and update the machine state for the terminal, for example by updating a database or datastore.
The current machine state may be queried or requested 952e before or during the customer’s next selection or action 959, for example, and communicated from a software service provider via a secure session via a VPN. The query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal. For example, a JSON data element may be created or prepared by the software service provider. The data element may be encrypted and delivered to the terminal.
The customer may deposit cash 959.
After the customer’s action, for example, an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN. The update may include the delta or changes to the initial or current machine state. The update may be communicated to the software service provider as an encrypted payload 953e. For example, a JSON data element may be created or prepared at the terminal. The data element may be encrypted and delivered to the software service provider. The software service provider may decrypt the payload to reveal a decrypted payload and update the machine state for the terminal, for example by updating a database or datastore.
FIG. 9D is a flowchart showing a customer funds withdrawal and virtual currency sale process connected with a virtual currency machine state.
An example sequence is provided. It will be understood that the given steps are optional and/or maybe rearranged. A user or customer may visit a terminal which may be a virtual currency terminal, for example.
The customer may be presented with a series of user interfaces in an interview to allow for ascertaining the customer’s specifications for a transaction request. The customer interview corresponds to 965-969, for example. A machine state corresponds to 904a-904d, for example. The machine state may be stored in any location between the client and the cloud service. For example, the machine state may be stored or cached locally at the terminal, near the edge or fog layer, or at a central server.
During the customer interview, queries/requests (902a-902e) and updates (903a-903e) may be made between the terminal and a software service. The queries and updates may handle and/or update a machine state (904a-904d) associated with the terminal . It will be understood that data elements 904a-904d could include other parameters. Additionally, such data elements could include, for example, API keys and/or secret keys.
In one embodiment, a customer may select to sell a virtual currency 965 in exchange for cash via a cash withdrawal at the terminal. An initial state for the terminal may be empty or null, for example. The initial state may be requested 962a before or during the customer’s initial selection 965, for example and communicated from a software service provider via a secure session via a VPN. The query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal. For example, a JSON data element may be created or prepared by the software service provider. The data element may be encrypted and delivered to the terminal.
After the customer’s selection to sell virtual currency, an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN. The update may include the delta or changes to the initial or current machine state. The update may be communicated to the software service provider as an encrypted payload. For example, a JSON data element may be created or prepared at the terminal. The data element may be encrypted and delivered to the software service provider 963a. The software service provider may decrypt the payload to reveal a decrypted payload 964a and update the machine state for the terminal, for example by updating a database or datastore.
The current machine state may be queried or requested 962b before or during the customer’s next selection 966, for example and communicated from a software service provider via a secure session via a VPN. The query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal. For example, a JSON data element may be created or prepared by the software service provider. The data element may be encrypted and delivered to the terminal.
The customer may select a virtual currency 966 to sell in exchange for cash via a cash withdrawal at the terminal.
After the customer’s selection to sell “Bitcoin” 966, for example, an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN. The update may include the delta or changes to the initial or current machine state. The update may be communicated to the software service provider as an encrypted payload 963b. For example, a JSON data element may be created or prepared at the terminal. The data element may be encrypted and delivered to the software service provider. The software service provider may decrypt the payload 963b and update the machine state for the terminal, for example by updating a database or datastore.
The current machine state may be queried or requested 962c before or during the customer’s next selection 967, for example, and communicated from a software service provider via a secure session via a VPN. The query may be communicated from the software service provider as an encrypted payload that is
decrypted at the terminal. For example, a JSON data element may be created or prepared by the software service provider. The data element may be encrypted and delivered to the terminal.
The customer may select a virtual currency amount 967 to sell 1 Bitcoin (BTC).
After the customer’s selection to sell “1 BTC,” for example, an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN. The update may include the delta or changes to the initial or current machine state. The update may be communicated to the software service provider as an encrypted payload 963c. For example, a JSON data element may be created or prepared at the terminal. The data element may be encrypted and delivered to the software service provider. The software service provider may decrypt the payload to reveal a decrypted payload 964c and update the machine state for the terminal, for example by updating a database or datastore.
The current machine state may be queried or requested 902d before or during the customer’s next selection or action 968, for example, and communicated from a software service provider via a secure session via a VPN. The query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal. For example, a JSON data element may be created or prepared by the software service provider. The data element may be encrypted and delivered to the terminal.
The customer may enter a virtual currency wallet address 968.
After the customer’s entry, for example, an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN. The update may include the delta or changes to the initial or current machine state. The update may be communicated to the software service provider as an encrypted payload 963d. For example, a JSON data element may be created or prepared at the terminal. The data element may be encrypted and delivered to the software service provider. The software service provider may decrypt the payload to reveal a decrypted payload 904d and update the machine state for the terminal, for example by updating a database or datastore.
The current machine state may be queried or requested 902e before or during the customer’s next selection or action 969, for example, and communicated from a software service provider via a secure session via a VPN. The query may be communicated from the software service provider as an encrypted payload that is decrypted at the terminal. For example, a JSON data element may be created or prepared by the software service provider. The data element may be encrypted and delivered to the terminal.
The customer may withdraw cash 969.
After the customer’s action, for example, an update for the terminal machine state may be communicated to a software service provider via a secure session via a VPN. The update may include the delta or changes to the initial or current machine state. The update may be communicated to the software service provider as an encrypted payload 903e. For example, a JSON data element may be created or prepared at the terminal. The data element may be encrypted and delivered to the software service provider. The software service provider may decrypt the payload to reveal a decrypted payload and update the machine state for the terminal, for example by updating a database or datastore.
User Defined Security Protocols
In one embodiment, an operator or vendor is allowed to select various settings to customize a security protocol. Any individual setting, or combination of settings, may be used together to provide a factor or various factors. a. One setting may be a minimum purchase amount setting. b. One setting may be a maximum purchase setting. c. One setting may be a customer identification requirement. A customer identification requirement may be comprised of one or more of the following, for example: i. SMS Verification ii. Fingerprint iii. Part of a social security number, for example, the last four digits iv. Photo ID v. Face photo vi. Barcode or Magnetic Stripe Scan of government ID vii. First name viii. Last name ix. Address x. Date of Birth xi. A third party trust or risk score xii. A bank card d. A 24-hour customer volume limit e. A minimum customer age
Linking/Monitoring “Shared” Profiles
When a customer or user submits an ID, the data on the ID is compared with all other customers in the owner-operator’s customer database. If the ID data matches any other customers other than the current customer at the machine, the system or software may flag the customer as having submitted a duplicate ID. The customer’s account is then placed in the ‘pending review’ state for manual review by the owner-operator, and the system or software may alert the owner-operator via a text message and email notification of the behavior.
Owner-operators may ‘link’ different customers or users together with a common unique identifier “UUID”. For example, when two or more customer profiles are ‘linked’ through a unique identifier, the customers’ available purchasing power for buying and selling on the owner-operator’s machines is inclusive of the daily volume done across all the linked profiles.
Linked Profiles Example:
Customer A has a $500 purchasing power based on their verification tier.
Customer A and Customer B are linked to a custom unique identifier.
Customer B has already transacted $200 for the day.
When Customer A visits an owner-operator’s machine, they will only be able to buy $300.
Freezing “UUID” Accounts/Profiles
Owner-operator may also automatically freeze transactions for customers who have been “linked” together as a UUID because it is suspected they are sharing financial information. Such a feature permits the owner-operator to have complete control over who is using their terminals or kiosks, by freezing transactions associated with specific customers, whereby no virtual currency will be sent thus allowing for additional due diligence to be gathered before allowing a transaction to be completed.
Detecting “Shared” Virtual Currency Wallets
The system and method also may allow the ability to detect when a customer’s virtual currency wallet address has been shared between multiple customers. When a customer enters a virtual currency wallet address to where they desire their virtual currency to be sent, the software automatically cross-references this address across all of the owner-operator’s transactions. If the address has already been used by a different customer whose profile is not already linked to the current customer through a common unique identifier, the current customer’s account may then placed in the ‘pending review’ state for manual review by the owner-operator, and the software alerts the owner-operator via a text message and email notification of the shared wallet address.
Detecting Contradictory Account Information
The system and method may allow the ability to detect and flag when there is a mismatch between information submitted by a customer at different verification tiers. For instance, if a customer scans an ID that includes the name “Bob Smith” but then later submits a registration application with the name of “Johnny Appleseed” their account may be placed in the ‘pending review’ state for manual review by the owner-operator, and the system or software may alert the owner-operator via a text message and email notification of the customer identification mismatch.
Customer Volume Limits
The system and method may allow the ability to manually set the volume limits for a given customer, regardless of where they may otherwise stand based on the information they’ve submitted and the owner-operator’s requirements. This allows owner-operators to effectively scale a customer’s purchasing power up or down based on perceived risk or enhanced due-diligence.
Crypto Wallet Address Volume Limits
The system and method may allow a terminal or kiosk owner-operator to set volume limits for a specific virtual currency wallet address in the event that a customer (or customers) is/are using said wallet to avoid normal KYC/AML detection.
Ownership Pledge of Crypto Wallet
The system and method may require a terminal or kiosk customers to accept personal ownership of the wallet that they are using when transacting on the kiosk, which acts as a pre-emptive safeguard against unlawful money transmission, in addition to helping flag and prevent possible scam-related transactions where users are, under duress, told to send money to third parties.
Automatic Account Freeze - Age
The system and method may permit a terminal or kiosk owner-operator to implement a standard procedure to freeze all new customer accounts depending on the customer’s age. For example, an owner-operator can set a rule for all his/her kiosks that all new customers under 18 who register an account will be frozen until reviewed and then approved by owner-operator.
In one embodiment, an operator of one or more terminals may set a threshold using a GUI for transaction volume at or after which one or more customer accounts will be frozen until the due diligence is completed. For example, a customer account may be frozen after a total of $50,000 volume has been transacted by the customer curing some or all of the customer account history. The customer may then be disallowed from performing further transactions until the due diligence is completed.
In one embodiment, alerts may be created for a customer. For example, alerts may be created for customers whose accounts have been frozen as described above. In one example, SMS or email alerts may be created for customers. The alerts may be delivered to, for example, compliance officers or contacts. Operators may create such settings in an operator console for managing terminals and/or customers, for example, as described herein.
In one embodiment, an operator console for managing terminals and/or customers, for example, as described herein may include a GUI allowing for customers to be whitelisted. For example, once due diligence is completed as described above, an operator may whitelist the customer account. The ability to whitelist may be permissioned- for example, the capability to whitelist may be set such that a compliance manager or higher operator account permission is needed to whitelist.
Blacklisting Customers/Accounts
The system and method may allow the ability to “blacklist” virtual currency wallet addresses and ID cards. This provides additional alerting to the owner-operator, as they receive an additional text message and email notification in the event that any customer enters a wallet address or scans an ID card that has been blacklisted by the owner-operator. Any customer submitting a blacklisted datapoint is automatically placed in the ‘pending review’ state for manual review by the owner-operator.
“Hours of Operation” Controls
The system and method may allow the ability for owner-operators to specify hours of operation for their terminals or kiosks. This ensures that the owner-operator is only providing exchange services through their kiosks between a set opening and closing time schedule. The kiosk becomes unavailable between the hours after closing and before opening time and customers are not able to transact.
Face detection
A face detection process may occur at a client terminal. For example a hardware camera may be used to gather user image or video data. A user’s face may be detected within the data, for example, by selecting image frames or frames within a video containing a detected face.
In one embodiment, some or all of a face detection may occur at a client terminal. For example, a face may be identified and localized in an image or video data of a user. Coordinates of facial features may be determined and bounding boxes maybe defined for each feature or combination of features. Facial attributes and landmarks may be detected, and distances between features or landmarks may be determined. The scale and orientation of a detected face may be determined. A confidence score may be determined which provides a confidence level estimate of the face detection prediction or determination.
A confidence score may be used to determine a next process.
In one embodiment, parts of such image or video data, or processed or preprocessed data, may be forwarded to a core service provider or vendor, or further to a service provider, and face detection as above may be carried out by the service. For example a base64 encoded image or full image file may be communicated to the server from a client terminal. The service provider may be a software service provider that may be a third party software service provider.
For example, data may be forwarded from the core service provider or vendor to a third party software service provider in the form of an HTTP request to an API endpoint, for example, a URL, of the third party software service provider, and responses may be returned. HTTP methods used may include, for example GET, HEAD, POST, PUT, PATCH, DELETE, CONNECT, OPTIONS and TRACE. The HTTP requests and/or responses may include application/json content type, wherein data maybe JSON encoded data. Additionally HTTP status codes may be used to indicate success and failure.
An HTTP request to an API endpoint may require authentication. For example, the API may conform to a Representational State Transfer (REST) style. For example, an API key, token, access key, and/or secret key may be provided by the third party software service to the core service provider or vendor. Keys may be included in HTTP headers, for example, for every HTTP request. Keys may be in the form of a string, such as a base64 encoded string, for example. Similarly, a timestamp may be included in HTTP headers for HTTP requests to an API endpoint. A Hash-based Message Authentication Code may be computed using a hash function, for example, a SHA256 hash function.
An HTTP request to an API endpoint may include a payload. The request and payload may be formatted as any HTTP request. For example, a request may be made using various programming languages or combinations of programming languages, such as CURL, Ruby, Python, Node, PHP, Java, and/or JSON.
The payload may include, for example, a base64 encoded image version or a full image file.
The service provider may return, to the core service provider or vendor, a result that may include one or more flags, states, parameters, metrics, or scores associated with the request. For example, o, t, or 2 may be returned to indicate no match, partial match, or match. The result may be stored in association with the account, and the date and/or time of the request and/or retrieval of the result may be also stored. The result may include a payload formatted in HTML, XML, JSON, or another format.
For example, such a payload could include:
{
"Base64lmage": {
"ImageBytes": "iVBORwoKGgoAAAANSUhEUgA . "
}
}
Machine Learning (ML)
A server side model may be trained using user data, such as image or video data. Image or video data may be forwarded to the server from a client terminal.
In one embodiment, parts of such data, or processed or preprocessed data may be forwarded to the server, for example a base64 encoded image or full image file may be communicated to the server from a client terminal. A decentralized learning model may be carried out on a client terminal device or server-side.
An application on the terminal device may download a machine learning model, for example, in compressed form. Such a model may also be pre-installed on a client terminal. Such a model may be pre-trained on a selected dataset, for example, currently known users, or known criminals etc. Known users, for example, may be those for which image, video, or face data already exists, associated with an account, and/or has been verified. Changes to the model, for example, addition of new user data, on a server may be downloaded to a terminal. This allows for less dependency on online connectivity. For example, preprocessing and training of the model may be carried out at a terminal without needing to send data to a server, reducing overhead for the client and server. For example, a server machine learning model may be retrained simply using delta values calculated at the client and sent to the server. This is additionally advantageous since the system can function offline. Round-trip to server and processing time is also reduced, creating a lower latency for the end user.
Computation, storage, networking, decision making, and data management resources and applications maybe placed or allocated at a server of, for example, a cloud service provider, or nearer the edge. For
example, resources may be allocated network elements, such as servers, cloudlets, or caches, closer to the end user at a client device may be utilized. In one example, fog computing may place resources closer to end users to reduce latency, for example.
Some examples of the advantages of the presented technology include speed, efficiency, and security over present systems. In one example, by performing more CPU intensive processes closer to the edge or at the endpoint, transmission of data requiring heavier bandwidth, such as image or video, may be reduced or eliminated, in some cases. In another example, privacy may be more preserved when such data items need not be transmitted through the network.
Therefore, placing resources and performing computations closer to the end user has advantages for processes such as facial recognition in terminal devices such as reducing latency and creating more relevancy for end users and/or providing relevant data for computations. For example, a terminal device may be perform a facial recognition process for an end user, however, since the end user must be physically present at the geographic location of the device or terminal, the likelihood of the user revisiting the same device, or nearby devices, is increased. Therefore, maintaining data associated with the user’s facial recognition process closer to the geographic endpoint where it is performed provides a more relevant dataset and reduces the need for central server round trips, for example. Computational load is also decreased for each request. That is, rather than one large shared dataset, many datasets are effectively created and localized or hyper-localized.
In one embodiment, a hierarchy of computational resources is provided. For example, a central server or software service may be provided as a first, top, or core layer, such as in a cloud layer. At least a second layer may be provided between the first layer and an edge layer of devices or terminal. The second layer may contain computational resources such as servers, proxies, or caches between the top layer elements and a subset of edge elements. Each of the network elements of the second layer may be then more closely associated with particular edge devices, wherein the edge elements may be with closer proximity to each other. Thus, the second elements may be more closely associated with particular geographic locales.
In one embodiment, various important or relevant features represented as numerical vectors are extracted from an image or video of a customer at the terminal or device.
Extracted features may be compared to, for example, features of training images, which may be various images of the same face, for example, in a database. For such a comparison, the database is queried in order to determine the nearest-neighbor feature for some or ah of each feature extracted at the terminal or device. An approximation nearest-neighbor search may be executed.
The closest feature matched data may be selected, which may be geometrically verified. Accordingly, a threshold value may be determined above which a match is considered to be found. If it is determined that a match is not found at the terminal or device, a request may be forwarded to a cloud server, for example. The request may include the extracted features and/or image gathered.
A model present at the terminal or device may be retrained using the features or feature data gathered.
In one embodiment, a geographic location of a device may be determined. From the geographic location, a subset of the model may be selected as the most relevant. The subset may be compared with the image to check for a hit. If there is not hit, a broader subset of the model, or the whole model, may be selected for comparison.
In one embodiment, various models may be stored, and a particular model may be selected according to one or more metrics. For example, a geographic location of a device may be used to determine a particular model. This model maybe delivered, installed, and/or updated on terminals or devices in geographic locale. For example, a particular model may be used for terminals or devices with an IP address in the United States, or in a region of the United States such as a southwest region.
Models may be blended models, including selected model sets, for example, criminal data sets plus geographic user data sets.
Fig. to is a diagram showing a decentralized learning network.
Various network client devices (i002a-t002g), such as mobile phones (1002a, t002f) or hardware terminals (i002b-t002e, t002g) as previously described may be connected through a cloud network 1001. The cloud network may include services provided by a software service provider.
In a decentralized learning network, client devices I002a-t002g may each house or store local data and machine learning models. Changes to the local models may be calculated and updated, and the updates may be communicated to the service provider. The service provider may update a global model according to the updates received. Thereafter, the new global model or global updates may be distributed to the client devices. The process may be then repeated.
Nodes Management
In one embodiment, a vendor or software service provider may provide software services for terminals operated by one or more operators. Each operator may own or operate one or more terminals.
The terminals may be, for example, virtual currency transaction terminals, as above.
The vendor or software service provider may provide account management tools to the operators, for example, the cloud-hosted account management websites or portals.
Messaging Service
A messaging service may be provided by a service provider. The service may be delivered via cloud services. It will be understood that cloud services may refer to software services and the like at any layer, including services closer to the edge, for example, such as in a fog computing environment, and in other exemples, centralized services further from the edge.
The service provider, or core service provider, may make determinations regarding transaction requests. One advantage of such an environment is that it allows for centralized updating of the services and/or deployment of updates.
Another advantage of this environment is scalability. In one example, cloud computing resources may be easily replicated and added or removed to meet demand, tailoring costs more precisely to meet demand.
Fee Settlement
In a virtual currency transaction in such an environment, several parties may be owed fees, such as licensing fees or service fees, during a transaction. The current system allows for the easy and organized settlement of such fees. For example, a central vendor may be owed a fee, a terminal or point of sale operator may be owed a fee, etc.
In a virtual currency transaction, such fees may be settled using any currency, for example fiat or a virtual currency.
In the current system, the operator terminals or points of sale may be associated with a virtual currency wallet address.
In one example, a transaction such as a purchase or sale of virtual currency in exchange for fiat currency may be carried out at a virtual currency terminal. In the example, a vendor may charge a fee of 1% of the transaction amount while the terminal owner and/or operator may have set a fee of 10% of the transaction amount.
Thus, in one example, when a transaction occurs for USD $100, a vendor may be owed a fee of USD $1.00. A virtual currency exchange may be queried at the time of the transaction to determine, for example, the exchange rate for the virtual currency. In one example, Bitcoin may be the virtual currency.
If a virtual currency exchange is queried and it is determined that the exchange rate for Bitcoin is $10,000, then a $1.00 fee would be equal to $i.oo/$to, 000.00 Bitcoin, or 0.0001 Bitcoin, for example. This fee value may be stored in a database or datastore, for example. The fee may be charged immediately, or at a later point in time.
In one embodiment, the fee may be charged by a software service provider or vendor making a request to withdraw funds from the terminal operator’s virtual currency wallet and deposit the funds into the vendor’s virtual currency wallet.
Similarly, in one example, when a transaction occurs, a terminal’s operator or owner may be owed a fee. The fee may be set or determined by the operator, using access to an account and through consoles as presented previously. The fees may be communicated to a core software service provider or vendor and updated in a database or datastore. The updated fees are used in the fee determinations and distributions.
In one example, a transaction such as a purchase or sale of virtual currency in exchange for fiat currency may be carried out at a virtual currency terminal. In the example, a vendor may charge a fee of 1% of the transaction amount while the terminal owner and/or operator may have set a fee of 10% of the transaction amount.
Thus, in one example, when a transaction occurs for USD $100, an operator maybe owed a fee of USD $10.00. A virtual currency exchange may be queried at the time of the transaction to determine, for example, the exchange rate for the virtual currency. In one example, Bitcoin may be the virtual currency.
If a virtual currency exchange is queried and it is determined that the exchange rate for Bitcoin is $10,000, then a $100.00 transaction amount would be equal to $ioo.oo/$to, 000.00 Bitcoin, or 0.01 Bitcoin, for example. Similarly, if a virtual currency exchange is queried and it is determined that the exchange rate for Bitcoin is $10,000, then a $10.00 fee amount would be equal to $10.00/ $10,000.00 Bitcoin, or 0.001 Bitcoin, for example. Therefore, to purchase 0.01 Bitcoin, a customer may be required to deposit USD $110.00 at the given time.
In one embodiment, the operator fee may simply remain in the terminal as cash as profits. For the previous example, $10.00 remains in the terminal as cash profit.
In another example, a customer may request a cash withdrawal, in the example above wherein 1 Bitcoin is priced at $10,000 and the operator fee is 10%, then the customer may send 1 Bitcoin to the operator wallet address in exchange for withdrawing $9,000 USD in cash. The operator may dispose of the 0.1
Bitcoin profit in any manner, such as by selling for cash, keeping the virtual currency, or a combination of the two.
State Projection and Transaction Locking/Limiting
In one embodiment, network terminals may track and communicate inventory levels within. In one example an ATM may be capable of tracking the notes currently present in the machine. For example, an atomic count of the number of each $1, $5, $10, $20, , $50, $100, etc. bills may be continuously tracked and updated.
In one embodiment, this can be accomplished by tracking initial stocking of each type of bill and subsequent transactions wherein bills are dispensed. For example, if 50 units of $20 bills are stocked, initially, and a transaction releasing one unit $20 bill is executed, then the machine may track or communicate the delta or change.
In one embodiment, the software service provider may keep track of each atomic bill unit present in each machine or terminal in a network of machines or terminals in a database or data store, for example. When changes are made during each transaction, the database count may be updated. Therefore, terminals may send a payload to the software service provider identifying the bill units that were used to execute the transactions. In another embodiment, the details of the transaction may be scripted by the software service provider, wherein the details and bill denominations to be used are determined by the software service provider. In this case, the software service provider communicates a payload to the respective terminal or machine, wherein the payload includes the bill denominations to be used for the transaction. Such a payload maybe, for example, a JSON payload.
In this way, a master accounting of each bill in each terminal in a distributed terminal network is constantly maintained by the software service provider, and may show real-time, or near real-time, data.
During a restocking event, the updates may be entered, for example, by a terminal operator. In another embodiment, a terminal may be capable of counting the notes or bills that have been restocked. The updates, again, may be communicated to the software service provider. In the first case, a payload, such as a JSON payload, maybe communicated from an operator account console, for example, the console as described herein. In the second, a similar payload may be communicated directly from the terminal to the software service provider.
Since a master accounting of currency or other inventory may be available for some or all terminals in the distributed network, and future transaction data may also be available, a future state or projected state
may be predicted or determined. For example, in a network of two terminals, terminal A and terminal B, where terminal A is on the west coast of the U.S., and terminal B is on the east coast of the U.S., a transaction state may be predicted. In one example, customer A on the west coast may send $100 in funds from terminal A (by depositing $100 at terminal A) to customer B on the east coast. Customer B may be directed or routed to terminal B as being the nearest terminal, for example. In this case, it may be projected that the withdrawal of $100 will be necessary at terminal B in the near future. Thus, the software service provider or system may predict this future need, and $100 in currency in terminal B may be reserved and/or locked. In such a state, other customers may be restricted from withdrawing cash or currency from terminal B that would preclude the availability of the reserved $100. In one example, the withdrawal may be arranged with an expiration time period, for example. After such an expiration period, the reserved funds maybe unlocked or allowed to become available.
Transaction Trends
In some embodiments, historic data may be used to identify trends in inventory needs in each terminal. Responsive and adaptive actions may be taken, automatically, in response to the given trends. For example, future needs may be predicted, extrapolated, or calculated based on observed trends data. In one example, a data curve may be established such as a linear increase in need for a certain bill based on usage- for example, $20 notes maybe increasing in need. The system may incorporate this information to intelligently determine a future state, as described previously. Transactions and locking/limiting may be carried out accordingly.
Recommendations
Recommendations may be provided to customers based on the inventory distribution and/or fee settings/state within the network.
A customer may access an application via a mobile app, or other computing device, for example. The application may determine or predict the customer’s general or specific location by using any of, for example: a. a GPS determination/query b. a previous location or activity of the customer c. a previous setting set by the customer, operator, or software service provider d. a default setting e. manual entry f. metadata g. a last used machine and/or time frame
User Routing
Using the determinations regarding the customer’s location, recommendations may be may to direct, or route, the customer to locations meeting certain requirements or preferences. In one example, the customer may be directed to terminals that are nearest and can satisfy a transaction with particular requirements, such as sufficient funds available. In another example, the particular requirements may be based on customer preferences, such as maximum desirable fee limits and/or not exceeding a certain distance from the customer’s location.
A customer may be allowed to enter, modify, or search according to preferences. Such preferences may be set according to, for example, settings set in a user account management portal, default settings, or may be a search, filter, or selection made from within an application at the time of the customer’s use of the application.
Based on the recommendations, a map may be presented to the user or customer, for example.
FIG. 9E is a diagram showing a map comprising terminals (white filled circles/dots) near a customer’s location (black filled circle/dot).
In one embodiment, an SMS be delivered to the customer to notify the customer that a withdrawal of funds is available, for example. The SMS may include a map element which displays the terminals selected based on the recommendations. The map may be embedded in an image in the SMS, in one embodiment. In another embodiment, the map may be a web page, and the SMS may include a link to the webpage. Such a map may be a GUI wherein terminals are displayed as GUI icons or elements in their locations, and respective to the customer’s location, for example. The GUI icons or elements may be colored coded, shaded, or similarly pictographically differentiated alone with a key, for example, to show various classifications for the terminals meeting particular criteria. In one example, the GUI icons or elements that operate at certain hours, such as 24-hour locations, may be displayed in a particular color or in a certain distinguishable manner. In another example, the GUI icons or elements that are capable of transaction a particular type of currency or virtual currency, may be displayed in a particular color or in a certain distinguishable manner.
Compliance Triggers
FIG 9F. shows an example distributed network terminal environment.
A service provider 981 may provide a suite of software services 982, for example. The software services may include, for example, data management, account management, security management, and/or transaction management services.
Operators (984a and 984b) may operate terminals or sets of terminals. Operator 984a operates terminals 985a, for example.
Terminals such as 985a and 985b are in communication with the software services 982, through a network and/or VPN for example.
Operators may access aspects of the software services through user portals, consoles, and/or web applications (983a and 983b), for example.
In some embodiments, operator consoles such as those described herein may include GUI elements, for example, that provide compliance and other management via web applications 983a, for example. For example, operator 984a may design a security profile for all terminals, or a subset or selected group of terminals 985a. Operator 984a may implement some or all of the designed security profile by making given GUI selections for particular options consistent with the security profile.
Once selections are made, the security profile may be immediately updated and/ or propagated to the distributed terminals network. For example, a selection can be instituted by modifying a security item stored in a database via the software services 982, for example. The security item maybe referred to during a customer transaction at a terminal. Therefore, the customer transaction workflow may be immediately modified. In one example, a compliance trigger may be set by operator 984a that requires a fingerprint verification. Upon this setting, the workflow at one or more associated terminals in 985a may be modified such that customers will then be routed through a fingerprint entry/scan interview.
This can be accomplished by using terminal side code, for example, instructions stored in files at the terminal that queries the backend software service provider between GUi views at a terminal. Such a request can be via a JSON payload in an HTTP/HTTPS request, for example. The backend software service provider may check the values in the database or datastore regarding each security factor, setting, or selection. Based on the values, the software service provider may deliver a response including the page view corresponding to the setting value via a HTTP/HTTPS response in a JSON payload, for example, to the terminal. The next page or terminal view may render based on the response. Thus, a customer can be alternatively routed to a view based on backend settings that can be updated in real-time, or nearly real-time, to accomplish workflows according to operator-designed security profiles. This is advantageous since security requirements are constantly changing and/or evolving. The current invention allows for a responsive system to quickly and precisely meet these requirements. Further, the current invention allows
for a high degree of customizability. Thus, for example, operators 984a and 984b can provide different security profiles without sacrificing speed or precision.
In some examples, compliance settings might include, requiring entry of first and/or last name, date of birth, email, social security number, and/ or photo or scan of ID. Each selection may modify the workflow end-user/customer experience at each terminal that is in the affected group. These settings may also be gated or specified under particular conditions. For example, a stricter security profile may be designed for transactions greater than a specified amount.
A system may be provided to allow users or customers to configure terminals during purchase, order, or request, for example.
A graphical user interface (GUI) may be displayed to a user. This may be, for example, in response to a selection of a user interface element such as a button to purchase a terminal.
The GUI may be one of numerous in a user, operator, or customer account portal as described herein. Since the user or operator may be logged into his/her account as described herein, an operator ID, customer ID, or user ID may be associated with the user. Thus, orders or purchases made in the account may cause a new terminal, machine, or client ID to be generated (for example, by the provider), which may, in turn, be automatically associated with the user/operator and/or user’s/operator’s account. The terminal may then be associated with the other user account portal capabilities described herein. In this way, the terminal or client is added to a distributed terminal network.
The GUI may include numerous configuration elements and/or options. The elements may allow a user to select from a dropdown list, for example, from various terminal configuration options.
In one embodiment, a user interface element may be provided in such a GUI allowing selection of a terminal or machine type. In one example, an order may be placed for a kiosk, machine, or terminal. Each option may include and/ or pre-populate default selections in any of the other fields displayed, for example.
Various types, variants, or options for the terminal may be available from, for example, a seller or provider. The seller or provider may also be a provider of software or other services for the terminal, as provided herein. In one example, the terminal may be one that can optionally include, make available, or enable, various software portions or programs. Such software portions or programs may be pre-installed on the terminal, scheduled for installation, made available from, for example, a cloud environment, downloaded to the terminal, or any combination of the aforementioned. In one example, particular software options may be set as included, installed, or enabled by default.
In one embodiment, a user interface element may be provided in such a GUI allowing selection of such software options as described above.
In one example, such software may include virtual currency transaction instructions, programs, code, and/or capabilities. In one example, virtual currency software maybe included, installed, or enabled by default with the selection of the machine type “Satoshm” displayed.
In another example, such software may include fiat or cash currency transaction instructions, programs, code, and/or capabilities . In one example, fiat or cash currency transactions do not utilize virtual currency (such as the selection “Include ATM software (S/W)” selection displayed in 982). Thus, in one example, where a terminal may include virtual currency transactions software as default above, and where ATM software is selected, the terminal will be configured to allow, enable, or include software for both virtual currency transaction capabilities/functions and fiat/cash transactions (that do not utilize virtual currency) capabilities/functions.
In one embodiment, a user interface element may be provided in such a GUI allowing selection of a CPU type.
In one embodiment, a user interface element may be provided in such a GUI allowing selection of a lock type.
In one embodiment, a user interface element may be provided in such a GUI allowing selection of a key type.
In one embodiment, a user interface element may be provided in such a GUI allowing selection of a security belt.
In one embodiment, a user interface element may be provided in such a GUI allowing selection of a bill acceptor cassette.
In one embodiment, a user interface element may be provided in such a GUI allowing selection of a decal installation.
In one embodiment, a user interface element may be provided in such a GUI allowing selection/entry of a quantity of the selected terminal with the selected options.
In one embodiment, a user interface element may be provided in such a GUI allowing selection/entry of a delivery and shipping options and/or details.
In one embodiment, a user interface element may be provided in such a GUI allowing selection/entry of additional order instructions and/or details.
The selected configuration options may be intelligently linked to purchase order processing and/ or hardware production and delivery. In one example, particular selections may route orders to varying production lines, plants, or departments.
User Roles
User roles may be defined. In one example, operators may include several users for management of terminals. Users maybe assigned user roles, which can define access privileges to terminals and/or for subsets of terminals. The access privileges may limit the actions users in a user role group are permitted. For example, user console actions/tools may be limited or restricted.
Example user roles are provided:
Manager
The Manager role is a full user, with access to all permissions.
Compliance Officer
The Compliance Officer role has full access to customers, transactions, and compliance tools. Customer Support
The Customer Support role has read-only access to transactions and customers, with the ability to leave notes on both as well as send SMS messages to customers.
Accountant
The Accountant role has read only access to transactions as well as the ability to export transactional data.
Groups Management
In one aspect of the invention, realtime groups management is possible. An operator, for example, may assign various terminals to different groups. A software service provider may also assign settings for terminal groups, which may be, for example, higher level and immutable by the operator..
Each group may be identified by a label or name assigned by the operator, for example. Configuration settings may then be selected, updated, and/or implemented and propagated to some or all of the groups simultaneously.
In one example, an operator may purchase and/or manage a first set of terminals that include Terminal l, Terminal 2, Terminal 3, Terminal 4, and Terminal 5. The operator may log into his user account portal. The operator may then, for example, assign Terminals 1-3 into a group and add an identifier/label as Group A. Similarly, the operator may, for example, assign Terminals 4-5 into a group and add an identifier /label as Group B.
The operator may then select, create, or update one or more settings, for example, for a group of terminals at once. For example, the operator may select Group A and set a minimum of maximum purchase limit. This setting will be propagated to all terminals belonging to Group A. When a terminal is added to Group A after one or more settings have been created or set, the terminal added will inherit the current settings profile and/or state.
Additionally, in one embodiment, a terminal may be assigned to a group but also specified to not inherit or share the group’s settings, or, in other words, specifically excluded from the group’s settings.
In one embodiment, a setting may be a configuration setting that may be enabled or disbaled to only be available at a service provider (such as a software service provider) level. If enabled as to be only accessible to the provider, then the operator may not have access or ability to change the setting.
Examples of such configuration settings may be a terminal capability or functionality, such as the capability to execute virtual currency transactions and/or the capability to execute transactions that do not require or utilize virtual currency, such as a bank withdrawal or deposit using, for example, an ATM card or biometric verification.
This creates a highly adaptive and customizable environment. In one example advantage, functionalities may be toggled to be enabled/ disbaled in nearly immediate manner.
Any of the settings described herein, including those described in User Defined Security Protocols can be applied selectively in this way, security settings, compliance settings, KYC/AML settings, etc.
Settings changes may manifest in numerous ways at terminals. In one example, a settings change may modify the workflow, content, or sequence of GUI elements presented to users or customers.
Advantages
Many advantages arise over previous systems in the described embodiments, for example.
First, the described embodiments provide an adaptive and more robust security environment. For example, several factors for customers at a terminal, for example, are determined and leveraged. The combination of factors creates a nexus of confidence (or lack thereof) around a user.
Next, the piecemeal nature of requests/responses in certain embodiments between a node and central service allows for a machine state to be constantly known, stored, etc by the central service. Thus, data is not easily lost or tampered with, for example, at the client or terminal.
Next, a connection interrupt between a hardware terminal, for example, has less impact on the security in the described embodiments. As described above, the machine state may be known or saved by the central service, and therefore it may be easily and securely restored, etc.
Next, in the described embodiments, the services are easily scalable and the security services are easily modified and quickly implemented system-wide. This is because changes may be simply implemented in the central software services which are immediately used by some or all nodes or terminals. Thus, hardware, terminal, or client side changes are minimized.
Next, in the described embodiments, a central service can easily leverage and implement services such as security services from third parties. New specialized services are constantly being created and made available, and easily connecting, interacting, and quickly implementing these services is highly advantageous. Since security often relies on quickly evolving against new threats, speed of implementation of new defenses is of great value and importance.
Next, as provided previously, in some embodiments such as the above federated facial recognition systems are additionally advantageous since some or all of the system can function offline. Round-trip to server and processing time is also reduced, creating a lower latency for the end user.
Environment
Embodiments of the subject matter and the actions and operations described in this specification can be implemented in digital electronic circuitry, in tangibly-embodied computer software or firmware, in computer hardware, including the structures disclosed in this specification and their structural equivalents, or in combinations of one or more of them. Embodiments of the subject matter described in this specification can be implemented as one or more computer programs, e.g., one or more modules of computer program instructions, encoded on a computer program carrier, for execution by, or to control the operation of, data processing apparatus. The carrier may be a tangible non-transitory computer storage medium. Alternatively or in addition, the carrier may be an artificially-generated propagated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal, that is generated to encode information for transmission to suitable receiver apparatus for execution by a data processing apparatus. The computer storage medium can be or be part of a machine-readable storage device, a machine-readable storage substrate, a random or serial access memory device, or a combination of one or more of them. A computer storage medium is not a propagated signal.
The term “data processing apparatus” encompasses all kinds of apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, or multiple processors or computers. Data processing apparatus can include special-purpose logic circuitry, e.g., an FPGA (field programmable gate array), an ASIC (application-specific integrated circuit) , or a GPU (graphics processing unit). The apparatus can also include, in addition to hardware, code that creates an execution environment for computer programs, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, or a combination of one or more of them.
A computer program can be written in any form of programming language, including compiled or interpreted languages, or declarative or procedural languages; and it can be deployed on a system of one or more computers in any form, including as a stand-alone program, e.g., as an app, or as a module, component, engine, subroutine, or other unit suitable for executing in a computing environment, which environment may include one or more computers interconnected by a data communication network in one or more locations.
A computer program may, but need not, correspond to a file in a file system. A computer program can be stored in a portion of a file that holds other programs or data, e.g., one or more scripts stored in a markup language document, in a single file dedicated to the program in question, or in multiple coordinated files, e.g., files that store one or more modules, sub-programs, or portions of code.
The processes and logic flows described in this specification can be performed by one or more computers executing one or more computer programs to perform operations by operating on input data and generating output. The processes and logic flows can also be performed by special-purpose logic circuitry,
e.g., an FPGA, an ASIC, or a GPU, or by a combination of special-purpose logic circuitry and one or more programmed computers.
Computers suitable for the execution of a computer program can be based on general or special-purpose microprocessors or both, or any other kind of central processing unit. Generally, a central processing unit will receive instructions and data from a read-only memory or a random access memory or both. The essential elements of a computer are a central processing unit for executing instructions and one or more memory devices for storing instructions and data. The central processing unit and the memory can be supplemented by, or incorporated in, special-purpose logic circuitry.
Generally, a computer will also include, or be operatively coupled to, one or more mass storage devices, and be configured to receive data from or transfer data to the mass storage devices. The mass storage devices can be, for example, magnetic, magneto-optical, or optical disks, or solid state drives. However, a computer need not have such devices. Moreover, a computer can be embedded in another device, e.g., a mobile telephone, a personal digital assistant (PDA), a mobile audio or video player, a game console, a Global Positioning System (GPS) receiver, or a portable storage device, e.g., a universal serial bus (USB) flash drive, to name just a few.
To provide for interaction with a user, embodiments of the subject matter described in this specification can be implemented on one or more computers having, or configured to communicate with, a display device, e.g., a LCD (liquid crystal display) or organic light-emitting diode (OLED) monitor, a virtual-reality (VR) or augmented-reality (AR) display, touchscreen, etc., for displaying information to the user, and an input device by which the user can provide input to the computer, e.g., a keyboard and a pointing device, e.g., a mouse, a trackball or touchpad. Other kinds of devices can be used to provide for interaction with a user as well; for example, feedback and responses provided to the user can be any form of sensory feedback, e.g., visual, auditory, speech or tactile; and input from the user can be received in any form, including acoustic, speech, or tactile input, including touch motion or gestures, or kinetic motion or gestures or orientation motion or gestures. In addition, a computer can interact with a user by sending documents to and receiving documents from a device that is used by the user; for example, by sending web pages to a web browser on a user’s device in response to requests received from the web browser, or by interacting with an app running on a user device, e.g., a smartphone or electronic tablet. Also, a computer can interact with a user by sending text messages or other forms of message to a personal device, e.g., a smartphone that is running a messaging application, and receiving responsive messages from the user in return.
This specification uses the term “configured to” or “configured for” in connection with systems, apparatus, and computer program components. That a system of one or more computers is configured for or configured to perform particular operations or actions means that the system has installed on it software,
firmware, hardware, or a combination of them that in operation cause the system to perform the operations or actions. That one or more computer programs is configured for or configured to perform particular operations or actions means that the one or more programs include instructions that, when executed by data processing apparatus, cause the apparatus to perform the operations or actions. That special-purpose logic circuitry is configured for or configured to perform particular operations or actions means that the circuitry has electronic logic that performs the operations or actions.
Embodiments of the subject matter described in this specification can be implemented in a computing system that includes a back-end component, e.g., as a data server, or that includes a middleware component, e.g., an application server, or that includes a front-end component, e.g., a client computer having a graphical user interface, a web browser, or an app through which a user can interact with an implementation of the subject matter described in this specification, or any combination of one or more such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (LAN) and a wide area network (WAN), e.g., the Internet.
The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. In some embodiments, a server transmits data, e.g., an HTML page, to a user device, e.g., for purposes of displaying data to and receiving user input from a user interacting with the device, which acts as a client. Data generated at the user device, e.g., a result of the user interaction, can be received at the server from the device.
Example embodiments are provided:
Although the disclosed inventive concepts include those defined in the attached claims, it should be understood that the inventive concepts can also be defined in accordance with the following embodiments.
It will be understood that any of the given elements, steps, etc. in the given embodiments are optional and or reorderable, and provided for example embodiment purposes only.
Embodiment l is a method, the method comprising one or more of the following elements: a) managing or maintaining, by the software service provider, the distributed terminal network system, the distributed terminal network system comprising at least:
i) one or more specialized servers providing a software service by the software service provider, wherein the one or more specialized servers are in communication, through a network, with at least: a distributed network of terminals, wherein: each terminal of the terminals comprises a hardware terminal, node, point of sale, kiosk, and/or client; each terminal is capable of one-way exchange transactions between virtual currency and fiat currency, two-way exchange transactions between virtual currency and fiat currency, transactions utilizing virtual currency, fiat currency transactions, and/or transactions that do no utilize virtual currency; wherein each point of sale or terminal comprises:
(1) at least one liquid crystal display (LCD) touch screen;
(2) at least one cash dispenser;
(3) at least one keypad;
(4) at least one bill validator;
(5) at least one electronic cash vault;
(6) at least one barcode or QR code reader;
(7) at least one thermal printer;
(8) at least one EMV card reader;
(9) at least one high definition camera;
(10) at least one fingerprint reader;
(11) at least one processor; and/or
(12) at least one memory storing: a. at least one application, wherein the at least one application is an internet browser application; and/or b. a set of one or more files; i. wherein the set of one or more application files include, at least:
1. transaction processing instructions for processing virtual currency transactions, the transaction processing instructions comprising, at least:
2. instructions to determine or calculate transaction limits, parameters, and/or fees; and/or
3. instructions to encode an output; ii. image processing instructions for processing image data, the image processing instructions comprising, at least: iii. instructions to determine or calculate facial geometry parameters; and/or iv. instructions to encode image or video data; v. keypad entry processing instructions for processing keypad entry data; vi. barcode or QR code processing instructions for processing barcode or QR code entry data; and/or vii. fingerprint processing instructions for processing fingerprint entry data; ii) at least one load balancer configured to route network traffic to the one or more specialized servers; iii) one or more processors; and/or iv) one or more data storage devices; b) creating a first operator account for a first operator, by the software service provider, wherein creating the first operator account comprises: i) creating, by the software service provider, a first operator account identifier for the first operator; ii) storing, by the software service provider, in association with the first operator account, the first operator account identifier in the one or more data storage devices; iii) associating, by the software service provider, login credentials with the first operator; and iv) storing, by the software service provider, the login credentials in the one or more data storage devices; c) associating a first set of terminals with the first operator, wherein associating the first set of terminals with the first operator comprises:
i) storing first operator data, by the software service provider, in association with the first operator account, wherein the first operator data comprises: one or more terminal identifiers associated with each of the terminals of the first set of terminals, wherein each of the first set of terminals is owned by, operated by, or associated with, the first operator; d) receiving an authentication request to access the first operator account, wherein: i) the authentication request is received via a first HTTP/HTTPS request, the first HTTP/HTTPS request including the login credentials; e) authenticating the authentication request, wherein the authenticating comprises: i) verifying the login credentials; f) in response to the authenticating, allowing access to a first operator account portal allowing selections or updates, wherein the first operator account portal comprises: i) a first set of one or more graphical user interfaces (GUIs), the first set of GUIs including at least: information associated with each terminal of the first set of terminals, wherein the information includes: an identifier label associated with each of the first set of terminals; first configuration preferences for a new terminal in a request, order, or purchase, wherein the configuration preferences comprise: a first option to include functionalities or capabilities for fiat and/or cash transactions that do not utilize virtual currency; a second option to include functionalities for virtual currency transactions; a third option to specify a delivery location for the new terminal; second configuration preferences for each terminal of the first set of terminals, wherein the configuration settings include: security settings, wherein the security settings comprise: KYC/AML configuration settings; fee settings; and/or, controls for each of the first set of terminals, wherein the controls include: reboot commands;
g) associating the new terminal with the first operator, wherein the associating comprises storing a terminal ID in a database or datastore wherein the terminal ID is associated with, or connected to, an operator ID; h) in response to selection of the first option, providing or enabling a first software or software portion in the new terminal that allows functionality for transactions that do not utilize virtual currency i) in response to selection of the second option, providing or enabling a second software or software portion in the new terminal that allows functionality for transactions that utilize virtual currency; j) creating a purchase order for the request, order, or purchase for the new terminal; k) providing the purchase order specifying the configuration preferences for the new terminal to a hardware provider, preparer, installer, or manufacturer of terminals; l) providing, requesting, or instructing for delivery the new terminal to the delivery location; m) receiving selections or updates made in the first operator account portal, wherein: the selections or updates are received via a second HTTP/HTTPS request; n) based on the selections or updates, updating configuration settings for the first set of terminals to create a set of updated settings, wherein updating comprises: i) storing configuration data in the one or more data storage devices, wherein the configuration data reflects the selections or updates. i) updating configuration settings for the at least one of the terminals, by the software service provider, the configuration settings comprising: i) permissions to allow functionality for transactions that utilize virtual currency and/or permissions to allow functionality for transactions that do not utilize virtual currency; j) wherein the updating configuration settings comprises: i) enabling permissions to allow functionality for transactions that utilize virtual currency; and ii) enabling permissions to allow functionality for transactions that do not utilize virtual currency; k) in response to the updating configuration settings, permitting, the at least one of the terminals: i) functionality for transactions that utilize virtual currency, wherein functionality for transactions that utilize virtual currency comprises: i) displaying an option to request a transaction that utilizes virtual currency; ii) functionality for transactions that do not utilize virtual currency, wherein functionality for transactions that do not utilize virtual currency comprises:
1) displaying an option to request a transaction that does not utilize virtual currency; l) initializing the first software or software portion; m) delegating control of the peripherals to the first software or software portion; n) receiving a request for a transaction that utilizes virtual currency; o) delegating control of the peripherals to the second software or software portion; p) receiving a request for a transaction that does not utilize virtual currency; q) delegating control of the peripherals to the first software or software portion; r) tracking a composition of bank notes in one or more of the terminals, wherein the tracking comprises: i) determining a first bank note composition in the one or more terminals before a virtual currency or cash transaction; ii) determining a second bank note composition in the one or more terminals after the virtual currency or cash transaction; iii) storing the first bank note composition and the second bank note composition in a database or data store; iv) determining a fee based on the size of the transaction, wherein the fee is a percentage of the size of the transaction; t) wherein the size of the transaction may be determined as the size of the cash or virtual currency transaction request or the market rate of a virtual currency associated with a virtual currency transaction; s) displaying, on the touchscreen or a graphical user interface: i) at least a first selection option for fiat currency transactions and/or transactions that do not utilize virtual currency; and/or ii) at least a second selection option for virtual currency transactions and/or transactions that utilize virtual currency; t) receiving a selection , by a visitor, user, or customer, at the terminal, of the first selection option or the second selection option; u) in response to the selection of the first selection option: i) providing a first workflow, wherein the first workflow allows one or more cash or fiat currency transactions and/or transactions that do no utilize virtual currency, wherein the first workflow comprises: t) transaction options comprising a cash bank deposits, a cash bank withdrawal, and/or a bank transfer; and/or
2) a third option to switch to virtual currency transactions and/or transactions that utilize virtual currency; v) in response to the selection of the second selection option or selection of the third option:
i) providing a second workflow, wherein the second workflow allows for one or more virtual currency transactions and/or transactions that utilize virtual currency, wherein the second workflow comprises:
1) virtual transaction options comprising a virtual currency purchase, a virtual currency sale, and/or a virtual currency transfers; and/or
2) a fourth option to switch to fiat currency transactions and/or transactions that do not utilize virtual currency.
Embodiment 2 is a method, the method comprising one or more of the following elements: a) providing a combination virtual currency and ATM hardware terminal capable of one-way exchange transactions between virtual currency and fiat currency, two-way exchange transactions between virtual currency and fiat currency, transactions utilizing virtual currency, fiat currency transactions, and/or transactions that do no utilize virtual currency, wherein the hardware terminals comprises or includes: i) a set of one or more processors; ii) at least one touchscreen or graphical user interface; iii) a set of one or more computer readable media or memories, the set of one or more computer readable media or memories storing:
1) at least one application, wherein the at least one application is an internet browser application; and/or
2) a set of one or more files or computer program instructions;
(a) wherein the set of one or more files or computer program instructions include, at least:
(i) first transaction processing instructions for processing transactions that utilize or involve virtual currency, the first transaction processing instructions comprising, at least:
(1) first instructions to determine or calculate transaction limits, parameters, and/or fees; and/or
(2) second instructions to encode an output;
(ii) second transaction processing instructions for processing transactions that do not utilize or involve virtual currency, the second transaction processing instructions comprising, at least:
(1) third instructions to determine or calculate transaction limits, parameters, and/or fees; and/or
(2) fourth instructions to encode an output;
(iii) image processing instructions for processing image data, the image processing instructions comprising, at least:
(1) fifth instructions to determine or calculate facial geometry parameters; and/or
(2) sixth instructions to encode image or video data;
(iv) keypad entry processing instructions for processing keypad entry data; and/or
(v) barcode or QR code processing instructions for processing barcode or QR code entry data; iv) at least one cash dispenser; v) at least one keypad; vi) at least one barcode or QR code reader; vii) at least one card reader; viii) at least one camera; b) displaying, on the touchscreen or graphical user interface: i) at least a first option for fiat currency transactions and/or transactions that do not utilize virtual currency and/or cryptocurrency; and/or ii) at least a second option for virtual currency transactions and/or transactions that utilize virtual currency and/or cryptocurrency; c) receiving a selection, by a first visitor, user, or customer, at the terminal, of the first option or the second option; d) if the first option is selected, in response: i) using, at least in part, the first processing instructions to perform a first process comprising:
1) providing a first workflow, wherein the first workflow allows one or more cash or fiat currency transactions and/or transactions that do no utilize virtual currency or cryptocurrency, wherein the first workflow comprises:
(a) displaying transaction options comprising a cash bank deposits, a cash bank withdrawal, and/or a bank transfer; and/or
(b) displaying one or more prompts requiring or requesting the visitor, user, or customer to enter an EMV or debit card;
(c) not requiring or requesting a phone number;
(d) a third option to switch to virtual currency or or cryptocurrency transactions and/or transactions that utilize virtual currency or or cryptocurrency; e) if the second option or third option is selected, in response: i) using, at least in part, the second processing instructions to perform a process: l) providing a second workflow, wherein the second workflow allows for one or more virtual currency transactions and/or transactions that utilize virtual currency or cryptocurrency, wherein the second workflow comprises:
(a) virtual currency or or cryptocurrency transaction or options comprising a virtual currency or cryptocurrency purchase, a virtual currency or cryptocurrency sale, and/or a virtual currency or cryptocurrency transfers; and/or
(b) requiring or requesting the visitor, user, or customer to enter a a phone number using the keypad;
(c) not requiring an EMV or debit card;
(d) a fourth option to switch to fiat currency transactions and/or transactions that do not utilize virtual currency f) if the first option is selected: i) establishing, or using, a secure session with or between a first software service provider and the hardware terminal; ii) performing a first processing of the first option selection, wherein performing the first processing of the first option selection comprises:
1) receiving, by the software service provider, an encrypted second payload;
(a) wherein the encrypted first payload is produced by encrypting a first payload, the first payload produced by the hardware terminal, and wherein the first payload comprises a phone number, the phone number received from the first visitor, user, or customer at the hardware terminal;
(b) wherein the encrypted first payload is communicated to the software service provider from the hardware terminal during the secure session using the secured connection;
2) identifying, by the software service provider, an IP address associated with the VPN;
3) allowing, by software service provider, traffic from the VPN based on the IP address;
4) decrypting, by the software service provider, the encrypted first payload; and
5) sending, by the software service provider, an SMS verification code to the phone number; iii) performing a second processing of the first option selection, wherein performing the second processing of the first operation comprises:
1) receiving, by the software service provider, an encrypted second payload;
2) wherein the encrypted second payload is produced by encrypting a second payload, the second payload produced by the hardware terminal;
3) wherein the encrypted second payload is communicated to the software service provider from the hardware terminal during the secure session using the secured connection;
4) identifying, by the software service provider, the IP address associated with the VPN;
5) allowing, by software service provider, traffic from the VPN based on the IP address; and
6) decrypting, by the software service provider, the encrypted second payload; iv) identifying a first security factor associated with the first visitor, user, or customer wherein the identifying the first security factor associated with the first visitor, user, or customer comprises:
1) the software service provider forwarding a first HTTP/HTTPS request to at least one of a set of third party service providers,
2) wherein the request is an age verification request, and
3) wherein the first request comprises:
(a) a third payload;
(i) wherein the third payload comprises at least a portion of the first data;
4) the software service provider receiving a first third party response from at least one of the set of third party service providers; v) performing a third processing of the first option selection, wherein performing the third processing of the first option selection comprises:
1) receiving, by the software service provider, an encrypted fourth payload;
2) wherein the encrypted fourth payload is produced by encrypting a fourth payload, the fourth payload produced by the hardware terminal, and wherein the fourth payload comprises at least second data;
3) wherein the encrypted fourth payload is communicated to the software service provider from the hardware terminal during the secure session using the secured connection;
4) identifying, by the software service provider, the IP address associated with the VPN;
5) allowing, by software service provider, traffic from the VPN based on the IP address; and
6) decrypting, by the software service provider, the encrypted fourth payload; vi) identifying a second security factor associated with the first visitor, user, or customer, wherein the identifying the second security factor associated with the first visitor comprises:
1) the software service provider forwarding a fourth HTTP or HTTPS request to at least one of the set of third party service providers, wherein the second request comprises:
(a) a fifth payload; and
(b) wherein the fifth payload comprises at least a portion of the second data;
2) receiving a second third party response from at least one of the set of third party service providers; vii) identifying a facial recognition factor associated with the first visitor, user, or customer, wherein the identifying the facial recognition factor associated with the first visitor comprises:
1) receiving, by the software service provider, an encrypted sixth payload;
2) wherein the encrypted sixth payload is produced by encrypting a sixth payload, the sixth payload produced by the hardware terminal, and wherein the sixth payload comprises at least one parameter associated with image or video data associated with the first visitor’s, user’s, or customer’s face;
3) wherein the encrypted sixth is payload communicated to the software service provider from the hardware terminal during the secure session using the secured connection;
4) identifying, by the software service provider, the IP address associated with the VPN;
5) allowing, by software service provider, traffic from the VPN based on the IP address; and
6) decrypting, by the software service provider, the encrypted sixth payload; viii) determining, by the software service provider, a score associated with the first visitor based on the first factor and the second factor; ix) in response to determining that the score is less than a threshold score or equal to an acceptable score:
1) sending, by the software service provider, an encrypted seventh payload;
(a) wherein the encrypted seventh payload is produced by encrypting a seventh payload, the seventh payload produced by the software service provider, and wherein the seventh payload comprises at least a message to the hardware terminal to allow a completing of the operation; and
(b) wherein the encrypted seventh payload is communicated to the hardware terminal from the software service provider during the secure session using the secured connection; x) logging operation details in the one or more data storage devices, by the software service provider, wherein the logging comprises at least:
1) storing, in association with the first user account, an operation parameter;
2) storing, in association with the first user account, an operation date or time; and
3) storing, in association with the first user account, the IP address associated with the operation.
Embodiment 3 is a method, the method comprising one or more of the following elements: a) providing one or more clients or terminals in the distributed terminals network, wherein the one or more clients or terminals includes: i) a first terminal comprising a hardware terminal, wherein:
) the first terminal is a combination automated teller machine (ATM) and virtual currency ATM; ) wherein the first terminal comprises:
(a) a first set of one or more processors;
(b) at least one display screen;
(c) at least one cash dispenser;
(d) at least one bill validator;
(e) at least one electronic cash vault;
(f) at least one barcode or QR code reader;
(g) at least one printer;
(h) at least one camera; and
(i) a first set of one or more memories storing:
(i) a first set of one or more applications;
(ii) a set of one or more files;
(1) wherein the set of one or more files comprise: a. transaction processing instructions for processing virtual currency transactions, the transaction processing instructions comprising, at least: i. instructions to determine or calculate at least one of a transaction limit, parameter, or fee; b. image processing instructions for processing image data; c. keypad entry processing instructions for processing keypad entry data; and d. barcode or QR code processing instructions for processing barcode or QR code entry data; ) wherein the first terminal is in communication, through a network communication interface, with at least:
(a) one or more specialized servers or processors providing a first software service; and ) the first terminal is capable of one or more of:
(a) one-way exchange transactions between virtual currency and fiat currency;
(i) wherein one-way exchange transactions between virtual currency and fiat currency comprise, at least:
(t) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving a virtual currency wallet address;
(4) receiving fiat currency;
(b) two-way exchange transactions between virtual currency and fiat currency;
(i) wherein two-way exchange transactions between virtual currency and fiat currency comprise, at least:
(1) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving a virtual currency wallet address;
(4) receiving or dispensing fiat currency;
(d) one or more types of automated teller machine (ATM) transactions, wherein the automated teller machine (ATM) transactions involve a bank account, wherein the automated teller machine (ATM) transactions include:
(i) a fiat currency or cash deposit to the bank account;
(ii) a fiat currency or cash withdrawal from the bank account; providing one or more software services for managing, handling, maintaining, and/or processing transactions, requests, and operations by operators and user, visitors, and/or customers; determining an operator account user role upon a login authentication; determining a level of permissions associated with the user role; based on the level of permissions, providing one or more graphical user interfaces (GUIs) in a first operator account portal, the GUIs including at least:
information associated with at least one of the one or more clients or terminals, wherein the information includes: an identifier label associated with each of the at least one of the one or more clients or terminals; configuration preferences for each of the at least one of the one or more clients or terminals, wherein the configuration settings include: security settings, wherein the security settings comprise at least one of: know your customer/ anti-money laundering (KYC/AML) configuration settings; fee settings; controls for each of the first set of terminals, wherein the controls include: reboot controls; receiving selections or updates made in the first operator account portal, wherein: the selections or updates are received via a first HTTP/HTTPS request; based on the selections or updates, updating configuration settings for each of the at least one of the one or more clients or terminals to create a set of updated settings; receiving a transaction request from a user or visitor at the first terminal; communicating to the software service information regarding the transaction request, including a transaction volume or amount, from the first terminal to the one or more software services; determining a total volume or amount during or over a predetermined period of time associated with the user account by querying one or more data stores and adding transaction volumes for all transactions associated with the user account and/or associated user accounts and/or linked or connected accounts; wherein the total volume or amount, a predetermined volume or amount threshold, the predetermined period of time, and/or the associated user accounts and/or linked or connected accounts maybe specified using the one or more GUIs or a management console and/or GUI; comparing the volume or amount to the total volume or amount;
if the total volume exceeds the predetermined volume or amount threshold, denying, or communicating a message or information to the terminal to deny, the transaction by providing a transaction denial workflow at the terminal; if the total volume does not exceed the predetermined volume or amount threshold, allowing, or communicating a message or information to the terminal to allow, the transaction by providing a transaction allowance workflow at the terminal, and/or adding or storing the transactions details and/or parameters including the volume or amount in the one or more data stores; wherein the communicating maybe via HTTP/HTTPS requests/responses using payloads comprising JSON payloads; wherein the payloads may be sent/received via the browser at the terminal;
Embodiment 4 is a system comprising one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations or methods as in any of Embodiments 1-3.
Embodiment 5 is a computer program carrier encoded with a computer program, the program comprising instructions that are operable, when executed by data processing apparatus, to cause the data processing apparatus to perform operations or methods as in any of Embodiments 1-3.
Embodiment 6 is the computer storage carrier of embodiment 5 wherein the medium is a non-transitory computer storage medium or a propagated signal.
While this specification contains many specific implementation details, these should not be construed as limitations on the scope of what is being claimed, which is defined by the claims themselves, but rather as descriptions of features that may be specific to particular embodiments of particular inventions. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination. Moreover, although features may be described above as acting in certain combinations and even initially be claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claim may be directed to a subcombination or variation of a subcombination.
Similarly, while operations are depicted in the drawings and recited in the claims in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Moreover, the separation of various system modules and components in the embodiments described above should not be understood as requiring such separation in all embodiments, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.
Particular embodiments of the subject matter have been described. Other embodiments are within the scope of the following claims. For example, the actions recited in the claims can be performed in a different order and still achieve desirable results. As one example, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some cases, multitasking and parallel processing may be advantageous.
It will be understood that terms such as “first”, “second”, and “third” in the claims and herein may be used simply to specify different or distinct elements, and not a numerical requirement. For example, “third instructions” is simply a label to distinguish from, for example, “second instructions.” Such labeling will not specify a requirement, for example, for three different “instructions” elements. Therefore, “third instructions” may exist in the claims, for example, without any other instructions, such as “first instructions.”
An electronic document, which for brevity will simply be referred to as a document, may, but need not, correspond to a file. A document may be stored in a portion of a file that holds other documents, in a single file dedicated to the document in question, or in multiple coordinated files.
In this specification, the term “database” refers broadly to refer to any collection of data: the data does not need to be structured in any particular way, or structured at all, and it can be stored on storage devices in one or more locations. Thus, for example, the index database can include multiple collections of data, each of which may be organized and accessed differently.
Similarly, in this specification the term “engine” refers broadly to refer to a software-based system, subsystem, or process that is programmed to perform one or more specific functions. Generally, an engine will be implemented as one or more software modules or components, installed on one or more computers in one or more locations. In some cases, one or more computers will be dedicated to a particular engine; in other cases, multiple engines can be installed and running on the same computer or computers.
As used in this specification, the term “engine” or “software engine” refers to a software implemented input/output system that provides an output that is different from the input. An engine can be an encoded block of functionality, such as a library, a platform, a software development kit (“SDK”), or an object. Each engine can be implemented on any appropriate type of computing device, e.g., servers, mobile phones, tablet computers, notebook computers, music players, e-book readers, laptop or desktop computers, PDAs, smart phones, or other stationary or portable devices, that includes one or more processors and computer readable media. Additionally, two or more of the engines may be implemented on the same computing device, or on different computing devices.
Claims
1. establishes a secure session with the software service; a. wherein the secure session utilizes, at least, a secure socket layer (SSL) or transport layer security (TLS) protocol; b. wherein the secure session utilizes, at least, a secured connection using a virtual private network (VPN);
2. sends, to the software service, an encrypted first payload; a. wherein the encrypted first payload is produced by encrypting a first payload, the first payload produced by the first terminal, and wherein the first payload comprises a phone number, the phone number received from the first visitor at the first terminal; b. wherein the encrypted first payload is communicated to the software service from the first terminal during the secure session using the secured connection;
3. sends, to the software service, an encrypted second payload; a. wherein the encrypted second payload is produced by encrypting a second payload, the second payload produced by the first terminal; b. wherein the encrypted second payload is communicated to the software service from the first terminal during the secure session using the secured connection.
Claim 2:
A method for securely managing a distributed terminals network and operations in the distributed terminals network, the method comprising: a) providing one or more clients or terminals in the distributed terminals network, wherein the one or more clients or terminals includes: i) a first terminal comprising a hardware terminal, wherein:
1) the first terminal is a combination automated teller machine (ATM) and virtual currency ATM;
2) wherein the first terminal comprises:
(a) a first set of one or more processors;
(b) at least one display screen;
(c) at least one cash dispenser;
(d) at least one bill validator;
(e) at least one electronic cash vault;
(f) at least one barcode or QR code reader;
(g) at least one printer;
(h) at least one camera; and
(i) a first set of one or more memories storing:
(i) a first set of one or more applications;
(ii) a set of one or more files;
(l) wherein the set of one or more files comprise: a. transaction processing instructions for processing virtual currency transactions, the transaction processing instructions comprising, at least: i. instructions to determine or calculate at least one of a transaction limit, parameter, or fee; b. image processing instructions for processing image data; c. keypad entry processing instructions for processing keypad entry data; and d. barcode or QR code processing instructions for processing barcode or QR code entry data;
5) wherein the first terminal is in communication, through a network communication interface, with at least:
(a) one or more specialized servers or processors providing a first software service; and
6) the first terminal is capable of at least one of:
(c) one-way exchange transactions between virtual currency and fiat currency;
(i) wherein one-way exchange transactions between virtual currency and fiat currency comprise, at least:
(1) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving a virtual currency wallet address;
(4) receiving fiat currency;
(d) two-way exchange transactions between virtual currency and fiat currency;
(i) wherein two-way exchange transactions between virtual currency and fiat currency comprise, at least:
(t) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving a virtual currency wallet address;
(4) receiving or dispensing fiat currency; providing one or more graphical user interfaces (GUIs) in a first operator account portal, the GUIs including at least: information associated with at least one of the one or more clients or terminals, wherein the information includes: an identifier label associated with each of the at least one of the one or more clients or terminals; configuration preferences for each of the at least one of the one or more clients or terminals, wherein the configuration settings include: security settings, wherein the security settings comprise at least one of: know your customer/ anti-money laundering (KYC/AML) configuration settings; fee settings; controls for each of the first set of terminals, wherein the controls include: reboot controls; receiving selections or updates made in the first operator account portal, wherein: the selections or updates are received via a first HTTP/HTTPS request; based on the selections or updates, updating configuration settings for each of the at least one of the one or more clients or terminals to create a set of updated settings.
Claim 3:
The method of claim 1, further comprising: providing one or more graphical user interfaces (GUIs) in a first operator account portal, the GUIs including at least: information associated with at least one of the one or more clients or terminals, wherein the information includes:
an identifier label associated with each of the at least one of the one or more clients or terminals; configuration preferences for each of the at least one of the one or more clients or terminals, wherein the configuration settings include: security settings, wherein the security settings comprise at least one of: know your customer/ anti-money laundering (KYC/AML) configuration settings; fee settings; controls for each of the first set of terminals, wherein the controls include: reboot controls; receiving selections or updates made in the first operator account portal; based on the selections or updates, updating configuration settings for each of the at least one of the one or more clients or terminals to create a set of updated settings.
Claim 4:
A system comprising: b) one or more clients or terminals in a distributed terminals network, wherein the one or more clients or terminals includes: i) a first terminal comprising a hardware terminal, wherein:
1) the first terminal is a combination automated teller machine (ATM) and virtual currency ATM;
2) wherein the first terminal comprises:
(a) a first set of one or more processors;
(b) at least one display screen;
(c) at least one cash dispenser;
(d) at least one bill validator;
(e) at least one electronic cash vault;
(f) at least one barcode or QR code reader;
(g) at least one printer;
(h) at least one camera; and
(i) a first set of one or more memories storing:
(i) a first set of one or more applications;
(ii) a set of one or more files;
(l) wherein the set of one or more files comprise: a. transaction processing instructions for processing virtual currency transactions, the transaction processing instructions comprising, at least: i. instructions to determine or calculate at least one of a transaction limit, parameter, or fee; b. image processing instructions for processing image data; c. keypad entry processing instructions for processing keypad entry data; and d. barcode or QR code processing instructions for processing barcode or QR code entry data;
3) wherein the first terminal is in communication, through a network communication interface, with at least:
(a) one or more specialized servers or processors providing a first software service; and
4) the first terminal is capable of at least one of:
(a) one-way exchange transactions between virtual currency and fiat currency;
(i) wherein one-way exchange transactions between virtual currency and fiat currency comprise, at least:
(1) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving a virtual currency wallet address;
(4) receiving fiat currency;
(b) two-way exchange transactions between virtual currency and fiat currency;
(i) wherein two-way exchange transactions between virtual currency and fiat currency comprise, at least:
(t) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving a virtual currency wallet address;
(4) receiving or dispensing fiat currency; wherein the first terminal is further capable of:
1. establishing a secure session with the software service; a. wherein the secure session utilizes, at least, a secure socket layer (SSL) or transport layer security (TLS) protocol; b. wherein the secure session utilizes, at least, a secured connection using a virtual private network (VPN);
2. sending, to the software service, an encrypted first payload; a. wherein the encrypted first payload is produced by encrypting a first payload, the first payload produced by the first terminal, and wherein the first payload comprises a phone number, the phone number received from the first visitor at the first terminal; b. wherein the encrypted first payload is communicated to the software service from the first terminal during the secure session using the secured connection;
3. sending, to the software service, an encrypted second payload; a. wherein the encrypted second payload is produced by encrypting a second payload, the second payload produced by the first terminal; b. wherein the encrypted second payload is communicated to the software service from the first terminal during the secure session using the secured connection.
Claim 5:
A system comprising:
a) one or more clients or terminals in a distributed terminals network, wherein the one or more clients or terminals includes: i) a first terminal comprising a hardware terminal, wherein:
1) the first terminal is a combination automated teller machine (ATM) and virtual currency ATM;
2) wherein the first terminal comprises:
(a) a first set of one or more processors;
(b) at least one display screen;
(c) at least one cash dispenser;
(d) at least one bill validator;
(e) at least one electronic cash vault;
(f) at least one barcode or QR code reader;
(g) at least one printer;
(h) at least one camera; and
(i) a first set of one or more memories storing:
(i) a first set of one or more applications;
(ii) a set of one or more files;
(1) wherein the set of one or more files comprise: a. transaction processing instructions for processing virtual currency transactions, the transaction processing instructions comprising, at least: i. instructions to determine or calculate at least one of a transaction limit, parameter, or fee; b. image processing instructions for processing image data; c. keypad entry processing instructions for processing keypad entry data; and d. barcode or QR code processing instructions for processing barcode or QR code entry data;
3) wherein the first terminal is in communication, through a network communication interface, with at least:
(a) one or more specialized servers or processors providing a first software service; and
4) the first terminal is capable of at least one of:
(a) one-way exchange transactions between virtual currency and fiat currency;
(i) wherein one-way exchange transactions between virtual currency and fiat currency comprise, at least:
(1) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving a virtual currency wallet address;
(4) receiving fiat currency;
(b) two-way exchange transactions between virtual currency and fiat currency;
(i) wherein two-way exchange transactions between virtual currency and fiat currency comprise, at least:
(1) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving a virtual currency wallet address;
(4) receiving or dispensing fiat currency; a second set of one or more memories storing instructions for presenting, in one or more graphical user interfaces (GUIs), a first operator account portal, the GUIs including at least: information associated with at least one of the one or more clients or terminals, wherein the information includes: an identifier label associated with each of the at least one of the one or more clients or terminals; configuration preferences for each of the at least one of the one or more clients or terminals, wherein the configuration settings include: security settings, wherein the security settings comprise at least one of: know your customer/ anti-money laundering (KYC/AML) configuration settings; fee settings;
controls for each of the first set of terminals, wherein the controls include: reboot controls.
Claim 6:
The system of claim 4, further comprising: a second set of one or more memories storing instructions for presenting, in one or more graphical user interfaces (GUIs), a first operator account portal, the GUIs including at least: information associated with at least one of the one or more clients or terminals, wherein the information includes: an identifier label associated with each of the at least one of the one or more clients or terminals; configuration preferences for each of the at least one of the one or more clients or terminals, wherein the configuration settings include at least one of: security settings, wherein the security settings comprise: know your customer/ anti-money laundering (KYC/AML) configuration settings; fee settings; controls for each of the first set of terminals, wherein the controls include: reboot controls.
Claim 7:
A method for securely managing a distributed terminals network and operations in the distributed terminals network, the method comprising: b) providing one or more clients or terminals in the distributed terminals network, wherein the one or more clients or terminals includes: i) a first terminal comprising a hardware terminal, wherein: r) the first terminal is a combination automated teller machine (ATM) and virtual currency ATM;
2) wherein the first terminal comprises:
(a) a first set of one or more processors;
(b) at least one display screen;
(c) at least one cash dispenser;
(d) at least one bill validator;
(e) at least one electronic cash vault;
(f) at least one barcode or QR code reader;
(g) at least one printer;
(h) at least one camera; and
(i) a first set of one or more memories storing:
(i) a first set of one or more applications;
(ii) a set of one or more files;
(l) wherein the set of one or more files comprise: a. transaction processing instructions for processing virtual currency transactions, the transaction processing instructions comprising, at least: i. instructions to determine or calculate at least one of a transaction limit, parameter, or fee; b. image processing instructions for processing image data; c. keypad entry processing instructions for processing keypad entry data; and d. barcode or QR code processing instructions for processing barcode or QR code entry data;
7) wherein the first terminal is in communication, through a network communication interface, with at least:
(a) one or more specialized servers or processors providing a first software service; and
8) the first terminal is capable of at least one of:
(c) one-way exchange transactions between virtual currency and fiat currency;
(i) wherein one-way exchange transactions between virtual currency and fiat currency comprise, at least:
(1) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving a virtual currency wallet address;
(4) receiving fiat currency;
(d) two-way exchange transactions between virtual currency and fiat currency;
(i) wherein two-way exchange transactions between virtual currency and fiat currency comprise, at least:
(1) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving a virtual currency wallet address;
(4) receiving or dispensing fiat currency; providing one or more graphical user interfaces (GUIs) in a first operator account portal, the GUIs including at least: information associated with at least one of the one or more clients or terminals, wherein the information includes: an identifier label associated with each of the at least one of the one or more clients or terminals; configuration preferences for each of the at least one of the one or more clients or terminals, wherein the configuration settings include: one or more compliance triggers, wherein the compliance triggers comprise: security settings comprising one or more of: a name entry requirement; a date of birth entry requirement; a social security number entry requirement; an email entry requirement; a photo ID entry requirement; an ID scan requirement; a fingerprint scan requirement; a face scan or verification requirement; optionally, condition parameters for the security settings, comprising: transaction parameters or limits;
based on the configuration preferences, updating and providing a workflow at each of the at least one of the one or more clients or terminals.
Claim 8:
The method of claim 1, further comprising: providing one or more graphical user interfaces (GUIs) in a first operator account portal, the GUIs including at least: information associated with at least one of the one or more clients or terminals, wherein the information includes: an identifier label associated with each of the at least one of the one or more clients or terminals; configuration preferences for each of the at least one of the one or more clients or terminals; based on the configuration preferences, updating and providing a workflow at each of the at least one of the one or more clients or terminals.
Claim 9:
A computer storage medium encoded with a computer program, the program comprising instructions that are operable, when executed by data processing apparatus, to cause the data processing apparatus to perform the method of any one of claims 1-3, 7-8.
Claim 10:
A computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed perform, or cause a device to perform, any of the methods of claims 1-3, 7-8.
Claim 11:
A system comprising: one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform the method of any one of claims 1-3, 7-8.
Claim 12:
A method comprising:
a) managing, operating, or maintaining a plurality of terminals in a network or system; b) allowing access to a first account portal, console, and/or or system that allows selections or updates, wherein the first account portal, console, and/or system presents, display, and/or comprises: i) one or more graphical user interfaces (GUIs), the GUIs including at least: l) information associated with one or more terminals in a first set of terminals, wherein the information includes:
(a) an identifier label associated with each of the one or more terminals in the first set of terminals;
(b) settings for each of the one or more terminals in the first set of terminals, wherein the settings include:
(i) first settings, wherein the first settings comprise:
(1) compliance settings;
(2) preference settings;
(3) fee settings; and/or
(4) controls for each of the first set of terminals, wherein the controls include: a. reboot commands; c) receiving selections or updates made in the first account portal, console, or system; d) based on the selections or updates, updating configuration settings for each of the one or more terminals in the first set of terminals; e) creating a first user account for a first user, wherein creating the first user account comprises: i) receiving first user data wherein the first user data comprises identification document information or identification information associated with the first user; ii) creating a user or account identifier associated with the first user; and/or
iii) storing in association with the first user account, the user or account identifier; f) receiving an operation by the user at a first hardware terminal, wherein the first hardware terminal belongs to the one or more terminals in the first set of terminals.
Claim 13:
The method of claim 12, further comprising: establishing a secure session between a software service provider and the hardware terminal: i) wherein the secure session is established using at least a secure socket layer (SSL) or transport layer security (TLS) protocol; and/or ii) wherein the secure session is established using a secured connection using a virtual private network (VPN).
Claim 14:
The method of any of claims 12-13, further comprising: performing a first processing of the operation, wherein performing the first processing of the operation comprises: i) receiving an encrypted first payload from the first hardware terminal; ii) wherein the encrypted first payload is produced by encrypting a first payload, the first payload produced by the hardware terminal, and wherein the first payload comprises a phone number, the phone number received from the user at the first hardware terminal; iii) wherein the encrypted first payload is communicated from the hardware terminal during a secure session; and/or iv) sending an SMS verification code to the phone number.
Claim 15:
The method of of any of claims 12-14, further comprising: performing facial recognition or verification for a first visitor at a first terminal in the first set of terminals, wherein performing facial recognition or verification comprises: comparing the first visitor’s face with one or more datasets detected from image or video data of the first visitor’s face.
Claim 16:
The method of any of claims 12-15, further comprising: wherein one or more of the first set of terminals is a combination automated teller machine (ATM) and virtual currency ATM or kiosk.
Claim 17:
The method of any of claims 12-16, further comprising: wherein one or more of the first set of terminals dispenses a cannabis-containing product.
Claim 18:
The method of any of claims 12-17, further comprising: wherein one or more of the first set of terminals dispenses a tobacco-containing product.
Claim 19:
A computer storage medium encoded with a computer program, the program comprising instructions that are operable, when executed by data processing apparatus, to cause the data processing apparatus to perform the method of any one of claims 12-17.
Claim 20:
A computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed perform, or cause a device to perform, any of the methods of claims 12-17.
Claim 21:
A system comprising: one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform the method of any one of claims 12-17.
Claim 22:
A method comprising:
a) providing a group or set of clients, terminals, or kiosks comprising one or more clients, terminals, or kiosks, wherein the one or more clients, terminals, or kiosks includes: i) a first client, terminal, or kiosk comprising a hardware client, terminal, or kiosk, wherein the hardware client, terminal, or kiosk comprises:
(a) a first set of one or more processors;
(b) at least one display screen or user interface;
(c) at least one cash dispenser;
(d) at least one bill validator;
(e) at least one camera; and
(f) a first set of one or more memories or data storage devices storing:
(i) a first set of one or more applications;
(ii) a set of one or more files; i) wherein the hardware client, terminal, or kiosk is capable of establishing communication, or interacting, through a network communication interface, with at least: l) one or more processors, computers, or servers providing a first software service; b) creating, managing, or maintaining a first operator account portal, console, or system; c) providing or allowing access to one or more graphical user interfaces (GUIs) to access the first operator account portal, console, or system, the GUIs including at least: i) information associated with at least one of the one or more clients, terminals, or kiosks, wherein the information includes:
1) an identifier label associated with each of the at least one of the one or more clients, terminals, or kiosks;
2) configuration preferences for each of the at least one of the one or more clients, terminals, or kiosks, wherein the configuration settings include:
(a) first settings, wherein the security settings comprise at least one of:
(i) know your customer/ anti-money laundering (KYC/AML) configuration settings;
(ii) price or fee settings;
(iii) controls for each of the first set of terminals, wherein the controls include:
(r) reboot controls; d) receiving selections or updates using the first operator account portal; and e) based on the selections or updates, updating configuration settings for each of the one or more clients, terminals, or kiosks.
Claim 23:
The method of claim 22, further comprising: the first client, terminal, or kiosk is capable of:
(a) a first type of transaction to exchange virtual currency and fiat currency; (i) wherein the first type of transaction to exchange virtual currency and fiat currency comprises, at least:
(1) displaying, on the at least one display screen or user interface, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving or creating a virtual currency wallet address;
(4) receiving fiat currency;
Claim 24:
The method of claim 23, further comprising: the first client, terminal, or kiosk is capable of:
(b) a second type of transaction to exchange virtual currency and fiat currency;
(i) wherein the second type of transaction to exchange virtual currency and fiat currency comprises, at least:
(1) displaying, on the at least one display screen, a price or transaction range;
(2) receiving a selection of a virtual currency;
(3) receiving or creating a virtual currency wallet address;
(4) dispensing fiat currency;
Claim 25:
The method of claim 24, further comprising: the first client, terminal, or kiosk is capable of:
(c) a third type of transaction;
(i) wherein the third type of transaction comprises, at least:
(1) an automated teller machine (ATM) transaction;
Claim 26:
The method of claim 25, further comprising: wherein the automated teller machine (ATM) transaction involves a bank account, wherein the automated teller machine (ATM) transaction is one of: a fiat currency deposit to the bank account; a fiat currency withdrawal from the bank account;
Claim 27:
The method of claim 23, further comprising: the first client, terminal, or kiosk is capable of:
(a) a first type of transaction allowing vending or dispensing of a cannabis, or cannabis-containing, product;
(i) wherein the first type of transaction allowing vending or dispensing of a cannabis, or cannabis-containing, product comprises, at least:
(1) displaying, on the at least one display screen or user interface, a price or transaction range;
(2) receiving a selection of a virtual currency;
Claim 28:
The method of claim 23, further comprising: the first client, terminal, or kiosk is capable of:
(a) a first type of transaction allowing vending or dispensing of a tobacco, or tobacco-containing, product;
(i) wherein the first type of transaction allowing vending or dispensing of a tobacco, or tobacco-containing, product comprises, at least:
(1) displaying, on the at least one display screen or user interface, a price or transaction range;
(2) receiving a selection of a virtual currency;
Claim 29:
A computer storage medium encoded with a computer program, the program comprising instructions that are operable, when executed by data processing apparatus, to cause the data processing apparatus to perform the method of any one of claims 23-28.
Claim 30:
A computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which when executed perform, or cause a device to perform, any of the methods of claims 23-28.
Claim 31:
A system comprising: one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform the method of any one of claims 23-28.
Applications Claiming Priority (50)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201962945577P | 2019-12-09 | 2019-12-09 | |
US62/945,577 | 2019-12-09 | ||
US201962952408P | 2019-12-22 | 2019-12-22 | |
US62/952,408 | 2019-12-22 | ||
US201962954451P | 2019-12-28 | 2019-12-28 | |
US62/954,451 | 2019-12-28 | ||
US202062958572P | 2020-01-08 | 2020-01-08 | |
US62/958,572 | 2020-01-08 | ||
US202062972025P | 2020-02-09 | 2020-02-09 | |
US62/972,025 | 2020-02-09 | ||
US202063006808P | 2020-04-08 | 2020-04-08 | |
US63/006,808 | 2020-04-08 | ||
US202063018043P | 2020-04-30 | 2020-04-30 | |
US63/018,043 | 2020-04-30 | ||
US202063028093P | 2020-05-21 | 2020-05-21 | |
US63/028,093 | 2020-05-21 | ||
US202063031187P | 2020-05-28 | 2020-05-28 | |
US63/031,187 | 2020-05-28 | ||
US202063033780P | 2020-06-02 | 2020-06-02 | |
US63/033,780 | 2020-06-02 | ||
US202063056513P | 2020-07-24 | 2020-07-24 | |
US202063056163P | 2020-07-24 | 2020-07-24 | |
US63/056,513 | 2020-07-24 | ||
US63/056,163 | 2020-07-24 | ||
US202063057381P | 2020-07-28 | 2020-07-28 | |
US63/057,381 | 2020-07-28 | ||
US202063058422P | 2020-07-29 | 2020-07-29 | |
US63/058,422 | 2020-07-29 | ||
US202063060428P | 2020-08-03 | 2020-08-03 | |
US63/060,428 | 2020-08-03 | ||
US202063063804P | 2020-08-10 | 2020-08-10 | |
US63/063,804 | 2020-08-10 | ||
US202063073590P | 2020-09-02 | 2020-09-02 | |
US63/073,590 | 2020-09-02 | ||
US202063077408P | 2020-09-11 | 2020-09-11 | |
US63/077,408 | 2020-09-11 | ||
US202063090655P | 2020-10-12 | 2020-10-12 | |
US63/090,655 | 2020-10-12 | ||
US202063091869P | 2020-10-14 | 2020-10-14 | |
US63/091,869 | 2020-10-14 | ||
US202063092894P | 2020-10-16 | 2020-10-16 | |
US63/092,894 | 2020-10-16 | ||
US202063114241P | 2020-11-16 | 2020-11-16 | |
US63/114,241 | 2020-11-16 | ||
US202063117392P | 2020-11-23 | 2020-11-23 | |
US63/117,392 | 2020-11-23 | ||
US202063118943P | 2020-11-29 | 2020-11-29 | |
US63/118,943 | 2020-11-29 | ||
US17/112,777 US20210389854A1 (en) | 2020-06-12 | 2020-12-04 | Biometric Authentication, Decentralized Learning Framework, and Adaptive Security Protocols in Distributed Terminal Network |
US17/112,777 | 2020-12-04 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2021118942A1 WO2021118942A1 (en) | 2021-06-17 |
WO2021118942A9 true WO2021118942A9 (en) | 2021-07-15 |
Family
ID=76329066
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2020/063677 WO2021118942A1 (en) | 2019-12-09 | 2020-12-07 | Distributed terminals network management, systems, devices, interfaces and workflows |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2021118942A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115499845A (en) * | 2022-08-31 | 2022-12-20 | 北京京东振世信息技术有限公司 | Identity recognition method and device based on NFC |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9141876B1 (en) * | 2013-02-22 | 2015-09-22 | Cummins-Allison Corp. | Apparatus and system for processing currency bills and financial documents and method for using the same |
US9135787B1 (en) * | 2014-04-04 | 2015-09-15 | Mark Russell | Bitcoin kiosk/ATM device and system integrating enrollment protocol and method of using the same |
US11182793B2 (en) * | 2016-03-02 | 2021-11-23 | American Express Travel Related Services Company, Inc. | Systems and methods for transaction account tokenization |
-
2020
- 2020-12-07 WO PCT/US2020/063677 patent/WO2021118942A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
WO2021118942A1 (en) | 2021-06-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210176340A1 (en) | Graphical User Interface and Operator Console Management System for Distributed Terminal Network | |
US11019055B1 (en) | Biometric authentication, decentralized learning framework, and adaptive security protocols in distributed terminal network | |
US20220172188A1 (en) | Graphical User Interface and Operator Console Management System for Distributed Terminal Network | |
US20220156092A1 (en) | Graphical User Interface and Operator Console Management System for Distributed Terminal Network | |
US20210389854A1 (en) | Biometric Authentication, Decentralized Learning Framework, and Adaptive Security Protocols in Distributed Terminal Network | |
US10902705B1 (en) | Biometric authentication, decentralized learning framework, and adaptive security protocols in distributed terminal network | |
US20210174347A1 (en) | User Routing Application and Recommendation Engine for Distributed Terminal Network | |
US20210312026A1 (en) | Graphical User Interface and Operator Console Management System for Distributed Terminal Network | |
US20210288951A1 (en) | Distributed Terminals Network Management, Systems, Interfaces and Workflows | |
US20220262209A1 (en) | Graphical User Interface and Operator Console Management System for Distributed Terminal Network | |
US11200548B2 (en) | Graphical user interface and operator console management system for distributed terminal network | |
US11113665B1 (en) | Distributed terminals network management, systems, interfaces and workflows | |
US20210320917A1 (en) | Graphical User Interface and Operator Console Management System for Distributed Terminal Network | |
US20220116398A1 (en) | Graphical User Interface and Operator Console Management System for Distributed Terminal Network | |
US20220057918A1 (en) | Distributed Terminals Network Management, Systems, Interfaces and Workflows | |
US20210173673A1 (en) | Distributed Terminals Network Management, Systems, Interfaces and Workflows | |
US20210226921A1 (en) | Graphical user interface and operator console management system for distributed terminal network | |
WO2021118942A9 (en) | Distributed terminals network management, systems, devices, interfaces and workflows | |
WO2021118943A1 (en) | Distributed terminals network management, systems, devices, interfaces and workflows | |
WO2021154391A1 (en) | Distributed terminals network management, systems, devices, interfaces and workflows | |
CA3101942A1 (en) | Biometric authentication, decentralized learning framework, and adaptive security protocols in distributed terminal network | |
WO2021173174A1 (en) | Biometric authentication, decentralized learning framework, and adaptive security protocols in distributed terminal network | |
WO2021118940A1 (en) | Distributed terminals network management, systems, devices, interfaces and workflows | |
CA3101964A1 (en) | Biometric authentication, decentralized learning framework, and adaptive security protocols in distributed terminal network | |
CA3101936A1 (en) | Graphical user interface and operator console management system for distributed terminal network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20899388 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20899388 Country of ref document: EP Kind code of ref document: A1 |