WO2022002526A1 - Electronic document signatures - Google Patents

Electronic document signatures Download PDF

Info

Publication number
WO2022002526A1
WO2022002526A1 PCT/EP2021/064909 EP2021064909W WO2022002526A1 WO 2022002526 A1 WO2022002526 A1 WO 2022002526A1 EP 2021064909 W EP2021064909 W EP 2021064909W WO 2022002526 A1 WO2022002526 A1 WO 2022002526A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
document
blockchain
signature
linking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2021/064909
Other languages
English (en)
French (fr)
Inventor
Bassem AMMAR
Wei Zhang
Craig Steven WRIGHT
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nchain Licensing AG
Original Assignee
Nchain Licensing AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nchain Licensing AG filed Critical Nchain Licensing AG
Priority to US18/011,083 priority Critical patent/US12401519B2/en
Priority to EP21731106.7A priority patent/EP4143723A1/en
Priority to CN202180047276.3A priority patent/CN116097264A/zh
Priority to JP2022581409A priority patent/JP7765156B2/ja
Publication of WO2022002526A1 publication Critical patent/WO2022002526A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/083Shipping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present disclosure relates to electronic document signatures, and in particular to systems and methods for applying cryptographically verifiable digital signatures to multiple interrelated documents, having multiple signature requirements that change over time, and robustly recording those signatures.
  • Documents often need to be signed by actors, for example to authorise the document or as a confirmation of agreement or receipt.
  • hard copies of the document are signed and sent, if necessary, either by post or electronically.
  • electronic signatures, or e-signatures have become more prevalent. E-signatures allow actors to sign document electronically, without the actor needing to acquire a hard copy of the document.
  • signatures there are a number of different types of signature that could be loosely described as "electronic”. These include a scanned image of an entity's signature, a hand-signature generated on a tablet or other electronic writing device, a typed name, a video signature, and a checkbox which the entity checks to show agreement. Such signatures may comprise additional information, such as a timestamp indicating the time at which the actor provided their signature and/or a location of the actors at the time of signing.
  • Digital signatures are a cryptographic mechanism for employing electronic signatures and, unless otherwise indicated, references herein to electronic signatures, document signatures and the like refer to digital signatures in this sense.
  • the presence of a valid signature gives a receipt of the signed document assurance that the document has been sent by a known sender and has not been altered in transit.
  • Digital signatures are, therefore, frequently used in cases where detecting forgery or tampering are important.
  • Digital signatures schemes use private and public keys of actors to sign documents and validate signatures, the two keys being cryptographically linked. A private key is used to generate a signature which is verifiable by anyone in possession of the corresponding public key.
  • the signature is usually generated based on a cryptographic hash of a document to be signed. If the document is altered after signing, it will no longer match the cryptographic hash of the signature, and the signature will therefore be invalid in respect of the altered document.
  • an actor authorised to sign the document may change at different points in the document's lifespan.
  • Who is authorised may depend on any number of factors. There may be, for example, a sequential list of actors who are authorised to sign, such that an actor can only sign the document if the actor before them in the list has already signed it. Another example is that an actor is only authorised to sign if they, or another actor, has performed a specific task. This is complicated further if there is a need to link multiple signed documents. For example, it may be that, when a particular actor applies a signature to an initial document, that is contingent on one or more supplementary documents. Such supplementary documents won't necessarily have existed at the time the initial document was created, so this requires the ability to link different documents at different times, i.e. not limited to linking documents at the time they are created.
  • a blockchain provides a sequential record of transactions, with each new blockchain transaction recorded to a blockchain is conditional on certain requirements being met.
  • the sequential nature of the blockchain data structure is utilized to add new signature requirements, to existing documents, that must be fulfilled in a particular order.
  • Document signature requirements are defined in spendable outputs of blockchain transaction and, at the same time as defining new signature requirements, multiple documents can be liked together in a cryptographically verifiable manner via liking transactions having multiple spendable outputs.
  • a computer-implemented method of cryptographically linking multiple documents, having multiple electronic signature requirements, via a sequence of blockchain transactions comprising: computing document signature data satisfying a first signature requirement for an existing document, the first signature requirement defined in a blockchain transaction containing or referencing the existing document; wherein the document signature data signs a portion of a linking transaction containing or referencing a supplementary document, the linking transaction comprising an input for validly spending a spendable output of the blockchain transaction, whereby the document signature cryptographically links the supplementary document with the existing document; and wherein the signed portion comprises multiple outputs of the linking transaction, wherein a first of the multiple signed outputs is spendable and associated with the existing document, the signed portion defining a second signature requirement for the existing document, and wherein a second of the multiple signed outputs is spendable and associated with the supplementary document, the signed portion defining a signature requirement for the supplementary document.
  • a linking transaction for a blockchain comprising an input for validly spending a spendable output of a blockchain transaction containing or referencing an existing document, and multiple outputs; wherein document signature data signs a portion of the linking transaction containing or referencing a supplementary document, whereby the document signature cryptographically links the supplementary document with the existing document; and wherein a signed portion comprises multiple outputs of the linking transaction, wherein a first of the multiple signed outputs is spendable and associated with the existing document, the signed portion defining a second signature requirement for the existing document, and wherein a second of the multiple signed outputs is spendable and associated with the supplementary document, the signed portion defining a signature requirement for the supplementary document.
  • embodiments of the present invention admit status changes through status flags included in the signed transaction(s).
  • the sequential nature of the blockchain data structure is not only utilized as a way to define and fulfil complex document signature requirements, but also provides an immutable and consistent record of the complete history of any changes to the content and/or status of the signed documents.
  • Embodiments of the technology leverage transaction verifications mechanisms used to secure the blockchain to additionally provide an additional document signature verification function.
  • the document signatures take the form of transaction signatures for validating transactions, and in particular for validating spending relationships between transactions. This has the benefit that the existing work performed by node to validate blockchain transactions also assists in the verification of the document signature requirements.
  • Figure 1 is a schematic block diagram of a system for implementing a blockchain
  • Figure 2 schematically illustrates some examples of transactions which may be recorded in a blockchain
  • Figure 3A is a schematic block diagram of a client application
  • Figure 3B is a schematic mock-up of an example user interface that may be presented by the client application of Figure 3A,
  • Figure 4 is a schematic block diagram of some node software for processing transactions
  • Figure 5 schematically illustrates a generic linking transaction
  • Figure 6 shows an example export-import process
  • Figure 7 is a diagram of a Bill of Lading
  • Figure 8 shows an example sequence for the use of a Bill of Lading in the export-import process
  • Figure 9 shows an example process of using a letter of credit in the export-import process
  • Figure 10 schematically illustrates how modifications to a document can be validated both on and off the blockchain
  • Figure 11 schematically illustrates a set of transactions for linking documents.
  • a blockchain refers to a form of distributed data structure, wherein a duplicate copy of the blockchain is maintained at each of a plurality of nodes in a distributed peer-to-peer (P2P) network (referred to below as a "blockchain network") and widely publicised.
  • the blockchain comprises a chain of blocks of data, wherein each block comprises one or more transactions.
  • Each transaction other than so-called “coinbase transactions”, points back to a preceding transaction in a sequence which may span one or more blocks going back to one or more coinbase transactions.
  • Coinbase transactions are discussed further below. Transactions that are submitted to the blockchain network are included in new blocks.
  • New blocks are created by a process often referred to as "mining”, which involves each of a plurality of the nodes competing to perform "proof-of-work", i.e. solving a cryptographic puzzle based on a representation of a defined set of ordered and validated pending transactions waiting to be included in a new block of the blockchain.
  • the blockchain may be pruned at some nodes, and the publication of blocks can be achieved through the publication of mere block headers.
  • the transactions in the blockchain may be used to for one or more of the following purposes: to convey a digital asset (i.e. a number of digital tokens), to order a set of entries in a virtualised ledger or registry, to receive and process timestamp entries, and/or to time- order index pointers.
  • a blockchain can also be exploited in order to lay additional functionality on top of the blockchain.
  • blockchain protocols may allow for storage of additional user data or indexes to data in a transaction.
  • Nodes of the blockchain network (which are often referred to as “miners") perform a distributed transaction registration and verification process, which will be described in more detail later.
  • a node validates transactions and inserts them into a block template for which they attempt to identify a valid proof-of-work solution. Once a valid solution is found, a new block is propagated to other nodes of the network, thus enabling each node to record the new block on the blockchain.
  • a user e.g. a blockchain client application
  • Nodes which receive the transaction may race to find a proof-of-work solution incorporating the validated transaction into a new block.
  • Each node is configured to enforce the same node protocol, which will include one or more conditions for a transaction to be valid. Invalid transactions will not be propagated nor incorporated into blocks. Assuming the transaction is validated and thereby accepted onto the blockchain, then the transaction (including any user data) will thus remain registered and indexed at each of the nodes in the blockchain network as an immutable public record.
  • the node who successfully solved the proof-of-work puzzle to create the latest block is typically rewarded with a new transaction called the "coinbase transaction" which distributes an amount of the digital asset, i.e. a number of tokens.
  • the detection and rejection of invalid transactions is enforced by the actions of competing nodes who act as agents of the network and are incentivised to report and block malfeasance.
  • the widespread publication of information allows users to continuously audit the performance of nodes.
  • the publication of the mere block headers allows participants to ensure the ongoing integrity of the blockchain.
  • the data structure of a given transaction comprises one or more inputs and one or more outputs.
  • Any spendable output comprises an element specifying an amount of the digital asset that is derivable from the proceeding sequence of transactions.
  • the spendable output is sometimes referred to as a UTXO ("unspent transaction output").
  • the output may further comprise a locking script specifying a condition for the future redemption of the output.
  • a locking script is a predicate defining the conditions necessary to validate and transfer digital tokens or assets.
  • Each input of a transaction (other than a coinbase transaction) comprises a pointer (i.e.
  • a reference to such an output in a preceding transaction, and may further comprise an unlocking script for unlocking the locking script of the pointed-to output.
  • the first transaction comprises at least one output specifying an amount of the digital asset, and comprising a locking script defining one or more conditions of unlocking the output.
  • the second, target transaction comprises at least one input, comprising a pointer to the output of the first transaction, and an unlocking script for unlocking the output of the first transaction.
  • one of the criteria for validity applied at each node will be that the unlocking script meets all of the one or more conditions defined in the locking script of the first transaction. Another will be that the output of the first transaction has not already been redeemed by another, earlier valid transaction. Any node that finds the target transaction invalid according to any of these conditions will not propagate it (as a valid transaction, but possibly to register an invalid transaction) nor include it in a new block to be recorded in the blockchain.
  • An alternative type of transaction model is an account-based model.
  • each transaction does not define the amount to be transferred by referring back to the UTXO of a preceding transaction in a sequence of past transactions, but rather by reference to an absolute account balance.
  • the current state of all accounts is stored by the nodes separate to the blockchain and is updated constantly.
  • FIG. 1 shows an example system 100 for implementing a blockchain 150.
  • the system 100 may comprise of a packet-switched network 101, typically a wide-area internetwork such as the Internet.
  • the packet-switched network 101 comprises a plurality of blockchain nodes 104 that may be arranged to form a peer-to-peer (P2P) network 106 within the packet- switched network 101.
  • P2P peer-to-peer
  • the blockchain nodes 104 may be arranged as a near-complete graph. Each blockchain node 104 is therefore highly connected to other blockchain nodes 104.
  • Each blockchain node 104 comprises computer equipment of a peer, with different ones of the nodes 104 belonging to different peers.
  • Each blockchain node 104 comprises processing apparatus comprising one or more processors, e.g. one or more central processing units (CPUs), accelerator processors, application specific processors and/or field programmable gate arrays (FPGAs), and other equipment such as application specific integrated circuits (ASICs).
  • Each node also comprises memory, i.e. computer-readable storage in the form of a non-transitory computer-readable medium or media.
  • the memory may comprise one or more memory units employing one or more memory media, e.g. a magnetic medium such as a hard disk; an electronic medium such as a solid-state drive (SSD), flash memory or EEPROM; and/or an optical medium such as an optical disk drive.
  • the blockchain 150 comprises a chain of blocks of data 151, wherein a respective copy of the blockchain 150 is maintained at each of a plurality of blockchain nodes 104 in the distributed or blockchain network 106.
  • maintaining a copy of the blockchain 150 does not necessarily mean storing the blockchain 150 in full. Instead, the blockchain 150 may be pruned of data so long as each blockchain node 150 stores the block header (discussed below) of each block 151.
  • Each block 151 in the chain comprises one or more transactions 152, wherein a transaction in this context refers to a kind of data structure. The nature of the data structure will depend on the type of transaction protocol used as part of a transaction model or scheme. A given blockchain will use one particular transaction protocol throughout.
  • each transaction 152 comprises at least one input and at least one output.
  • Each output specifies an amount representing a quantity of a digital asset as property, an example of which is a user 103 to whom the output is cryptographically locked (requiring a signature or other solution of that user in order to be unlocked and thereby redeemed or spent).
  • Each input points back to the output of a preceding transaction 152, thereby linking the transactions.
  • Each block 151 also comprises a block pointer 155 pointing back to the previously created block 151 in the chain so as to define a sequential order to the blocks 151.
  • Each of the blockchain nodes 104 is configured to forward transactions 152 to other blockchain nodes 104, and thereby cause transactions 152 to be propagated throughout the network 106.
  • Each blockchain node 104 is configured to create blocks 151 and to store a respective copy of the same blockchain 150 in their respective memory.
  • Each blockchain node 104 also maintains an ordered set (or "pool") 154 of transactions 152 waiting to be incorporated into blocks 151.
  • the ordered pool 154 is often referred to as a "mempool”. This term herein is not intended to limit to any particular blockchain, protocol or model. It refers to the ordered set of transactions which a node 104 has accepted as valid and for which the node 104 is obliged not to accept any other transactions attempting to spend the same output.
  • the (or each) input comprises a pointer referencing the output of a preceding transaction 152i in the sequence of transactions, specifying that this output is to be redeemed or "spent" in the present transaction 152j.
  • the preceding transaction could be any transaction in the ordered set 154 or any block 151.
  • the preceding transaction 152i need not necessarily exist at the time the present transaction 152j is created or even sent to the network 106, though the preceding transaction 152i will need to exist and be validated in order for the present transaction to be valid.
  • preceding refers to a predecessor in a logical sequence linked by pointers, not necessarily the time of creation or sending in a temporal sequence, and hence it does not necessarily exclude that the transactions 152i, 152j be created or sent out-of-order (see discussion below on orphan transactions).
  • the preceding transaction 152i could equally be called the antecedent or predecessor transaction.
  • the input of the present transaction 152j also comprises the input authorisation, for example the signature of the user 103a to whom the output of the preceding transaction 152i is locked.
  • the output of the present transaction 152j can be cryptographically locked to a new user or entity 103b.
  • the present transaction 152j can thus transfer the amount defined in the input of the preceding transaction 152i to the new user or entity 103b as defined in the output of the present transaction 152j.
  • a transaction 152 may have multiple outputs to split the input amount between multiple users or entities (one of whom could be the original user or entity 103a in order to give change).
  • a transaction can also have multiple inputs to gather together the amounts from multiple outputs of one or more preceding transactions, and redistribute to one or more outputs of the current transaction.
  • an output-based transaction protocol such as bitcoin
  • a party 103 such as an individual user or an organization
  • wishes to enact a new transaction 152j (either manually or by an automated process employed by the party)
  • the enacting party sends the new transaction from its computer terminal 102 to a recipient.
  • the enacting party or the recipient will eventually send this transaction to one or more of the blockchain nodes 104 of the network 106 (which nowadays are typically servers or data centres, but could in principle be other user terminals).
  • the party 103 enacting the new transaction 152j could send the transaction directly to one or more of the blockchain nodes 104 and, in some examples, not to the recipient.
  • a blockchain node 104 that receives a transaction checks whether the transaction is valid according to a blockchain node protocol which is applied at each of the blockchain nodes 104.
  • the blockchain node protocol typically requires the blockchain node 104 to check that a cryptographic signature in the new transaction 152j matches the expected signature, which depends on the previous transaction 152i in an ordered sequence of transactions 152.
  • this may comprise checking that the cryptographic signature or other authorisation of the party 103 included in the input of the new transaction 152j matches a condition defined in the output of the preceding transaction 152i which the new transaction assigns, wherein this condition typically comprises at least checking that the cryptographic signature or other authorisation in the input of the new transaction 152j unlocks the output of the previous transaction 152i to which the input of the new transaction is linked to.
  • the condition may be at least partially defined by a script included in the output of the preceding transaction 152i. Alternatively it could simply be fixed by the blockchain node protocol alone, or it could be due to a combination of these.
  • the blockchain node 104 forwards it to one or more other blockchain nodes 104 in the blockchain network 106. These other blockchain nodes 104 apply the same test according to the same blockchain node protocol, and so forward the new transaction 152j on to one or more further nodes 104, and so forth. In this way the new transaction is propagated throughout the network of blockchain nodes 104.
  • the definition of whether a given output is assigned (e.g. spent) is whether it has yet been validly redeemed by the input of another, onward transaction 152j according to the blockchain node protocol.
  • Another condition for a transaction to be valid is that the output of the preceding transaction 152i which it attempts to redeem has not already been redeemed by another transaction. Again if not valid, the transaction 152j will not be propagated (unless flagged as invalid and propagated for alerting) or recorded in the blockchain 150. This guards against double-spending whereby the transactor tries to assign the output of the same transaction more than once.
  • An account-based model on the other hand guards against double-spending by maintaining an account balance. Because again there is a defined order of transactions, the account balance has a single defined state at any one time.
  • blockchain nodes 104 In addition to validating transactions, blockchain nodes 104 also race to be the first to create blocks of transactions in a process commonly referred to as mining, which is supported by "proof-of-work".
  • mining which is supported by "proof-of-work”.
  • new transactions are added to an ordered pool 154 of valid transactions that have not yet appeared in a block 151 recorded on the blockchain 150.
  • the blockchain nodes then race to assemble a new valid block 151 of transactions 152 from the ordered set of transactions 154 by attempting to solve a cryptographic puzzle. Typically this comprises searching for a "nonce" value such that when the nonce is concatenated with a representation of the ordered pool of pending transactions 154 and hashed, then the output of the hash meets a predetermined condition.
  • a "nonce" value such that when the nonce is concatenated with a representation of the ordered pool of pending transactions 154 and hashed, then the output of the hash meets a predetermined condition.
  • the predetermined condition may be that the output of the hash has a certain predefined number of leading zeros. Note that this is just one particular type of proof-of- work puzzle, and other types are not excluded. A property of a hash function is that it has an unpredictable output with respect to its input. Therefore this search can only be performed by brute force, thus consuming a substantive amount of processing resource at each blockchain node 104 that is trying to solve the puzzle.
  • the first blockchain node 104 to solve the puzzle announces this to the network 106, providing the solution as proof which can then be easily checked by the other blockchain nodes 104 in the network (once given the solution to a hash it is straightforward to check that it causes the output of the hash to meet the condition).
  • the first blockchain node 104 propagates a block to a threshold consensus of other nodes that accept the block and thus enforce the protocol rules.
  • the ordered set of transactions 154 then becomes recorded as a new block 151 in the blockchain 150 by each of the blockchain nodes 104.
  • a block pointer 155 is also assigned to the new block 151n pointing back to the previously created block 151n-l in the chain.
  • the significant amount of effort, for example in the form of hash, required to create a proof-of-work solution signals the intent of the first node 104 to follow the rules of the blockchain protocol.
  • rules include not accepting a transaction as valid if it assigns the same output as a previously validated transaction, otherwise known as double-spending.
  • the block 151 cannot be modified since it is recognized and maintained at each of the blockchain nodes 104 in the blockchain network 106.
  • the block pointer 155 also imposes a sequential order to the blocks 151. Since the transactions 152 are recorded in the ordered blocks at each blockchain node 104 in a network 106, this therefore provides an immutable public ledger of the transactions.
  • a protocol also exists for resolving any "fork” that may arise, which is where two blockchain nodesl04 solve their puzzle within a very short time of one another such that a conflicting view of the blockchain gets propagated between nodes 104. In short, whichever prong of the fork grows the longest becomes the definitive blockchain 150. Note this should not affect the users or agents of the network as the same transactions will appear in both forks.
  • a node that successfully constructs a new block 104 is granted the ability to newly assign an additional, accepted amount of the digital asset in a new special kind of transaction which distributes an additional defined quantity of the digital asset (as opposed to an inter-agent, or inter-user transaction which transfers an amount of the digital asset from one agent or user to another).
  • This special type of transaction is usually referred to as a "coinbase transaction", but may also be termed an "initiation transaction” or "generation transaction”. It typically forms the first transaction of the new block 151n.
  • the proof-of-work signals the intent of the node that constructs the new block to follow the protocol rules allowing this special transaction to be redeemed later.
  • the blockchain protocol rules may require a maturity period, for example 100 blocks, before this special transaction may be redeemed.
  • a regular (non-generation) transaction 152 will also specify an additional transaction fee in one of its outputs, to further reward the blockchain node 104 that created the block 151n in which that transaction was published. This fee is normally referred to as the "mining fee", and is discussed blow.
  • each of the blockchain nodes 104 takes the form of a server comprising one or more physical server units, or even whole a data centre.
  • any given blockchain node 104 could take the form of a user terminal or a group of user terminals networked together.
  • each blockchain node 104 stores software configured to run on the processing apparatus of the blockchain node 104 in order to perform its respective role or roles and handle transactions 152 in accordance with the blockchain node protocol. It will be understood that any action attributed herein to a blockchain node 104 may be performed by the software run on the processing apparatus of the respective computer equipment.
  • the node software may be implemented in one or more applications at the application layer, or a lower layer such as the operating system layer or a protocol layer, or any combination of these.
  • Some or all of the parties 103 may be connected as part of a different network, e.g. a network overlaid on top of the blockchain network 106.
  • Users of the blockchain network (often referred to as “clients") may be said to be part of a system that includes the blockchain network 106; however, these users are not blockchain nodes 104 as they do not perform the roles required of the blockchain nodes. Instead, each party 103 may interact with the blockchain network 106 and thereby utilize the blockchain 150 by connecting to (i.e. communicating with) a blockchain node 106.
  • Two parties 103 and their respective equipment 102 are shown for illustrative purposes: a first party 103a and his/her respective computer equipment 102a, and a second party 103b and his/her respective computer equipment 102b. It will be understood that many more such parties 103 and their respective computer equipment 102 may be present and participating in the system 100, but for convenience they are not illustrated.
  • Each party 103 may be an individual or an organization. Purely by way of illustration the first party 103a is referred to herein as Alice and the second party 103b is referred to as Bob, but it will be appreciated that this is not limiting and any reference herein to Alice or Bob may be replaced with "first party" and "second "party” respectively.
  • the computer equipment 102 of each party 103 comprises respective processing apparatus comprising one or more processors, e.g. one or more CPUs, GPUs, other accelerator processors, application specific processors, and/or FPGAs.
  • the computer equipment 102 of each party 103 further comprises memory, i.e. computer-readable storage in the form of a non-transitory computer-readable medium or media.
  • This memory may comprise one or more memory units employing one or more memory media, e.g. a magnetic medium such as hard disk; an electronic medium such as an SSD, flash memory or EEPROM; and/or an optical medium such as an optical disc drive.
  • the memory on the computer equipment 102 of each party 103 stores software comprising a respective instance of at least one client application 105 arranged to run on the processing apparatus.
  • any action attributed herein to a given party 103 may be performed using the software run on the processing apparatus of the respective computer equipment 102.
  • the computer equipment 102 of each party 103 comprises at least one user terminal, e.g. a desktop or laptop computer, a tablet, a smartphone, or a wearable device such as a smartwatch.
  • the computer equipment 102 of a given party 103 may also comprise one or more other networked resources, such as cloud computing resources accessed via the user terminal.
  • the client application 105 may be initially provided to the computer equipment 102 of any given party 103 on suitable computer-readable storage medium or media, e.g. downloaded from a server, or provided on a removable storage device such as a removable SSD, flash memory key, removable EEPROM, removable magnetic disk drive, magnetic floppy disk or tape, optical disk such as a CD or DVD ROM, or a removable optical drive, etc.
  • suitable computer-readable storage medium or media e.g. downloaded from a server, or provided on a removable storage device such as a removable SSD, flash memory key, removable EEPROM, removable magnetic disk drive, magnetic floppy disk or tape, optical disk such as a CD or DVD ROM, or a removable optical drive, etc.
  • the client application 105 comprises at least a "wallet” function.
  • This has two main functionalities. One of these is to enable the respective party 103 to create, authorise (for example sign) and send transactions 152 to one or more bitcoin nodes 104 to then be propagated throughout the network of blockchain nodes 104 and thereby included in the blockchain 150. The other is to report back to the respective party the amount of the digital asset that he or she currently owns.
  • this second functionality comprises collating the amounts defined in the outputs of the various 152 transactions scattered throughout the blockchain 150 that belong to the party in question.
  • client functionality may be described as being integrated into a given client application 105, this is not necessarily limiting and instead any client functionality described herein may instead be implemented in a suite of two or more distinct applications, e.g. interfacing via an API, or one being a plug-in to the other. More generally the client functionality could be implemented at the application layer or a lower layer such as the operating system, or any combination of these. The following will be described in terms of a client application 105 but it will be appreciated that this is not limiting.
  • the instance of the client application or software 105 on each computer equipment 102 is operatively coupled to at least one of the blockchain nodes 104 of the network 106. This enables the wallet function of the client 105 to send transactions 152 to the network 106.
  • the client 105 is also able to contact blockchain nodes 104 in order to query the blockchain 150 for any transactions of which the respective party 103 is the recipient (or indeed inspect other parties' transactions in the blockchain 150, since in embodiments the blockchain 150 is a public facility which provides trust in transactions in part through its public visibility).
  • each computer equipment 102 is configured to formulate and send transactions 152 according to a transaction protocol.
  • each blockchain node 104 runs software configured to validate transactions 152 according to the blockchain node protocol, and to forward transactions 152 in order to propagate them throughout the blockchain network 106.
  • the transaction protocol and the node protocol correspond to one another, and a given transaction protocol goes with a given node protocol, together implementing a given transaction model.
  • the same transaction protocol is used for all transactions 152 in the blockchain 150.
  • the same node protocol is used by all the nodes 104 in the network 106.
  • a given party 103 say Alice, wishes to send a new transaction 152j to be included in the blockchain 150, then she formulates the new transaction in accordance with the relevant transaction protocol (using the wallet function in her client application 105). She then sends the transaction 152 from the client application 105 to one or more blockchain nodes 104 to which she is connected. E.g. this could be the blockchain node 104 that is best connected to Alice's computer 102.
  • any given blockchain node 104 receives a new transaction 152j, it handles it in accordance with the blockchain node protocol and its respective role. This comprises first checking whether the newly received transaction 152j meets a certain condition for being "valid", examples of which will be discussed in more detail shortly.
  • condition for validation may be configurable on a per-transaction basis by scripts included in the transactions 152.
  • condition could simply be a built-in feature of the node protocol, or be defined by a combination of the script and the node protocol.
  • any blockchain node 104 that receives the transaction 152j will add the new validated transaction 152 to the ordered set of transactions 154 maintained at that blockchain node 104. Further, any blockchain node 104 that receives the transaction 152j will propagate the validated transaction 152 onward to one or more other blockchain nodes 104 in the network 106. Since each blockchain node 104 applies the same protocol, then assuming the transaction 152j is valid, this means it will soon be propagated throughout the whole network 106.
  • Different blockchain nodes 104 may receive different instances of a given transaction first and therefore have conflicting views of which instance is 'valid' before one instance is published in a new block 151, at which point all blockchain nodes 104 agree that the published instance is the only valid instance. If a blockchain node 104 accepts one instance as valid, and then discovers that a second instance has been recorded in the blockchain 150 then that blockchain node 104 must accept this and will discard (i.e. treat as invalid) the instance which it had initially accepted (i.e. the one that has not been published in a block 151).
  • An alternative type of transaction protocol operated by some blockchain networks may be referred to as an "account-based" protocol, as part of an account-based transaction model.
  • each transaction does not define the amount to be transferred by referring back to the UTXO of a preceding transaction in a sequence of past transactions, but rather by reference to an absolute account balance.
  • the current state of all accounts is stored, by the nodes of that network, separate to the blockchain and is updated constantly.
  • transactions are ordered using a running transaction tally of the account (also called the "position"). This value is signed by the sender as part of their cryptographic signature and is hashed as part of the transaction reference calculation.
  • an optional data field may also be signed the transaction. This data field may point back to a previous transaction, for example if the previous transaction ID is included in the data field.
  • FIG. 2 illustrates an example transaction protocol.
  • This is an example of a UTXO-based protocol.
  • a transaction 152 (abbreviated "Tx") is the fundamental data structure of the blockchain 150 (each block 151 comprising one or more transactions 152). The following will be described by reference to an output-based or "UTXO" based protocol. However, this is not limiting to all possible embodiments. Note that while the example UTXO-based protocol is described with reference to bitcoin, it may equally be implemented on other example blockchain networks.
  • each transaction (“Tx") 152 comprises a data structure comprising one or more inputs 202, and one or more outputs 203.
  • Each output 203 may comprise an unspent transaction output (UTXO), which can be used as the source for the input 202 of another new transaction (if the UTXO has not already been redeemed).
  • the UTXO includes a value specifying an amount of a digital asset. This represents a set number of tokens on the distributed ledger.
  • the UTXO may also contain the transaction ID of the transaction from which it came, amongst other information.
  • the transaction data structure may also comprise a header 201, which may comprise an indicator of the size of the input field(s) 202 and output field(s) 203.
  • the header 201 may also include an ID of the transaction. In embodiments the transaction ID is the hash of the transaction data (excluding the transaction ID itself) and stored in the header 201 of the raw transaction 152 submitted to the nodes 104.
  • Alice 103a wishes to create a transaction 152j transferring an amount of the digital asset in question to Bob 103b.
  • Alice's new transaction 152j is labelled "Txi”. It takes an amount of the digital asset that is locked to Alice in the output 203 of a preceding transaction 152i in the sequence, and transfers at least some of this to Bob.
  • the preceding transaction 152i is labelled "Tc ⁇ ' in Figure 2.
  • 73 ⁇ 4and 73 ⁇ 4 are just arbitrary labels. They do not necessarily mean that 73 ⁇ 4is the first transaction in the blockchain 151, nor that Txi is the immediate next transaction in the pool 154. Txi could point back to any preceding (i.e. antecedent) transaction that still has an unspent output 203 locked to Alice.
  • the preceding transaction Txo may already have been validated and included in a block 151 of the blockchain 150 at the time when Alice creates her new transaction Txi, or at least by the time she sends it to the network 106. It may already have been included in one of the blocks 151 at that time, or it may be still waiting in the ordered set 154 in which case it will soon be included in a new block 151. Alternatively Txo and Txi could be created and sent to the network 106 together, or Txo could even be sent after Txi if the node protocol allows for buffering "orphan" transactions.
  • One of the one or more outputs 203 of the preceding transaction 73 ⁇ 4 comprises a particular UTXO, labelled here UTXOo.
  • Each UTXO comprises a value specifying an amount of the digital asset represented by the UTXO, and a locking script which defines a condition which must be met by an unlocking script in the input 202 of a subsequent transaction in order for the subsequent transaction to be validated, and therefore for the UTXO to be successfully redeemed.
  • the locking script locks the amount to a particular party (the beneficiary of the transaction in which it is included). I.e. the locking script defines an unlocking condition, typically comprising a condition that the unlocking script in the input of the subsequent transaction comprises the cryptographic signature of the party to whom the preceding transaction is locked.
  • the locking script (aka scriptPubKey) is a piece of code written in the domain specific language recognized by the node protocol. A particular example of such a language is called "Script" (capital S) which is used by the blockchain network.
  • the locking script specifies what information is required to spend a transaction output 203, for example the requirement of Alice's signature. Unlocking scripts appear in the outputs of transactions.
  • the unlocking script (aka scriptSig) is a piece of code written the domain specific language that provides the information required to satisfy the locking script criteria. For example, it may contain Bob's signature. Unlocking scripts appear in the input 202 of transactions.
  • UTXOo ' m the output 203 of 73 ⁇ 4 comprises a locking script [Checksig PA] which requires a signature Sig PA of Alice in order for UTXOo to be redeemed (strictly, in order for a subsequent transaction attempting to redeem UTXOo to be valid).
  • [Checksig PA] contains a representation (i.e. a hash) of the public key PA from a public- private key pair of Alice.
  • the input 202 of Txi comprises a pointer pointing back to Txi (e.g. by means of its transaction ID, TxIDo, which in embodiments is the hash of the whole transaction Txd).
  • the input 202 of Txi comprises an index identifying UTXOo within Txo, to identify it amongst any other possible outputs of Txo.
  • the input 202 of Txi further comprises an unlocking script ⁇ Sig PA> which comprises a cryptographic signature of Alice, created by Alice applying her private key from the key pair to a predefined portion of data (sometimes called the "message" in cryptography).
  • the data (or "message") that needs to be signed by Alice to provide a valid signature may be defined by the locking script, or by the node protocol, or by a combination of these.
  • the node applies the node protocol. This comprises running the locking script and unlocking script together to check whether the unlocking script meets the condition defined in the locking script (where this condition may comprise one or more criteria). In embodiments this involves concatenating the two scripts:
  • the signed data comprises the whole of Txi (so a separate element does not need to be included specifying the signed portion of data in the clear, as it is already inherently present).
  • the details of authentication by public-private cryptography will be familiar to a person skilled in the art. Basically, if Alice has signed a message using her private key, then given Alice's public key and the message in the clear, another entity such as a node 104 is able to authenticate that the message must have been signed by Alice.
  • Signing typically comprises hashing the message, signing the hash, and tagging this onto the message as a signature, thus enabling any holder of the public key to authenticate the signature.
  • any reference herein to signing a particular piece of data or part of a transaction, or such like can in embodiments mean signing a hash of that piece of data or part of the transaction.
  • the blockchain node 104 deems Txi valid. This means that the blockchain node 104 will add Txi to the ordered pool of pending transactions 154. The blockchain node 104 will also forward the transaction 73 ⁇ 4to one or more other blockchain nodes 104 in the network 106, so that it will be propagated throughout the network 106. Once Txi has been validated and included in the blockchain 150, this defines UTXOo om Txoas spent. Note that Txi can only be valid if it spends an unspent transaction output 203.
  • Txi will be invalid even if all the other conditions are met.
  • the blockchain node 104 also needs to check whether the referenced UTXO in the preceding transaction Txo is already spent (i.e. whether it has already formed a valid input to another valid transaction). This is one reason why it is important for the blockchain 150 to impose a defined order on the transactions 152.
  • a given blockchain node 104 may maintain a separate database marking which UTXOs 203 in which transactions 152 have been spent, but ultimately what defines whether a UTXO has been spent is whether it has already formed a valid input to another valid transaction in the blockchain 150.
  • UTXO-based transaction models a given UTXO needs to be spent as a whole. It cannot "leave behind" a fraction of the amount defined in the UTXO as spent while another fraction is spent. However the amount from the UTXO can be split between multiple outputs of the next transaction. E.g. the amount defined in UTXOo ⁇ x ⁇ 73 ⁇ 4can be split between multiple UTXOs in Txi. Hence if Alice does not want to give Bob all of the amount defined in UTXOo, she can use the remainder to give herself change in a second output of Txi, or pay another party.
  • the transaction fee does not require its own separate output 203 (i.e. does not need a separate UTXO). Instead any difference between the total amount pointed to by the input(s) 202 and the total amount of specified in the output(s) 203 of a given transaction 152 is automatically given to the blockchain node 104 publishing the transaction.
  • Txi has only one output UTXOi. If the amount of the digital asset specified in UTXOo is greater than the amount specified in UTXOi, then the difference may be assigned by the node 104 that wins the proof-of-work race to create the block containing UTXOi. Alternatively or additionally however, it is not necessarily excluded that a transaction fee could be specified explicitly in its own one of the UTXOs 203 of the transaction 152.
  • Alice and Bob's digital assets consist of the UTXOs locked to them in any transactions 152 anywhere in the blockchain 150.
  • the assets of a given party 103 are scattered throughout the UTXOs of various transactions 152 throughout the blockchain 150.
  • script code is often represented schematically (i.e. not using the exact language).
  • operation codes opcodes
  • "OP_" refers to a particular opcode of the Script language.
  • OP_RETURN is an opcode of the Script language that when preceded by OP_FALSE at the beginning of a locking script creates an unspendable output of a transaction that can store data within the transaction, and thereby record the data immutably in the blockchain 150.
  • the data could comprise a document which it is desired to store in the blockchain.
  • an input of a transaction contains a digital signature corresponding to a public key PA. In embodiments this is based on the ECDSA using the elliptic curve secp256kl.
  • a digital signature signs a particular piece of data. In some embodiments, for a given transaction the signature will sign part of the transaction input, and some or all of the transaction outputs. The particular parts of the outputs it signs depends on the SIGHASH flag.
  • the SIGHASH flag is usually a 4-byte code included at the end of a signature to select which outputs are signed (and thus fixed at the time of signing).
  • the locking script is sometimes called "scriptPubKey” referring to the fact that it typically comprises the public key of the party to whom the respective transaction is locked.
  • the unlocking script is sometimes called “scriptSig” referring to the fact that it typically supplies the corresponding signature.
  • the scripting language could be used to define any one or more conditions. Hence the more general terms “locking script” and “unlocking script” may be preferred.
  • the client application on each of Alice and Bob's computer equipment 102a, 120b, respectively, may comprise additional communication functionality.
  • This additional functionality enables Alice 103a to establish a separate side channel 301 with Bob 103b (at the instigation of either party or a third party).
  • the side channel 301 enables exchange of data separately from the blockchain network.
  • Such communication is sometimes referred to as "off-chain" communication.
  • this may be used to exchange a transaction 152 between Alice and Bob without the transaction (yet) being registered onto the blockchain network 106 or making its way onto the chain 150, until one of the parties chooses to broadcast it to the network 106.
  • Sharing a transaction in this way is sometimes referred to as sharing a "transaction template".
  • a transaction template may lack one or more inputs and/or outputs that are required in order to form a complete transaction.
  • the side channel 301 may be used to exchange any other transaction related data, such as keys, negotiated amounts or terms, data content, etc.
  • the side channel 301 may be established via the same packet-switched network 101 as the blockchain network 106. Alternatively or additionally, the side channel 301 may be established via a different network such as a mobile cellular network, or a local area network such as a local wireless network, or even a direct wired or wireless link between Alice and Bob's devices 102a, 102b. Generally, the side channel 301 as referred to anywhere herein may comprise any one or more links via one or more networking technologies or communication media for exchanging data "off-chain", i.e. separately from the blockchain network 106. Where more than one link is used, then the bundle or collection of off-chain links as a whole may be referred to as the side channel 301. Note therefore that if it is said that Alice and Bob exchange certain pieces of information or data, or such like, over the side channel 301, then this does not necessarily imply all these pieces of data have to be send over exactly the same link or even the same type of network.
  • FIG 3A illustrates an example implementation of the client application 105, also referred to herein as an electronic signature application, for implementing embodiments of the presently disclosed scheme.
  • the client application 105 comprises a transaction engine 401 and a user interface (Ul) layer 402.
  • the transaction engine 401 is configured to implement the underlying transaction-related functionality of the client 105, such as to formulate transactions 152, receive and/or send transactions and/or other data over the side channel 301, and/or send transactions to one or more nodes 104 to be propagated through the blockchain network 106, in accordance with the schemes discussed above and as discussed in further detail shortly.
  • the transaction engine 401 of each client 105 comprises a function 403 for generating a linking transaction.
  • the Ul layer 402 is configured to render a user interface via a user input/output (I/O) means of the respective user's computer equipment 102, including outputting information to the respective user 103 via a user output means of the equipment 102, and receiving inputs back from the respective user 103 via a user input means of the equipment 102.
  • the user output means could comprise one or more display screens (touch or non touch screen) for providing a visual output, one or more speakers for providing an audio output, and/or one or more haptic output devices for providing a tactile output, etc.
  • the user input means could comprise for example the input array of one or more touch screens (the same or different as that/those used for the output means); one or more cursor-based devices such as mouse, trackpad or trackball; one or more microphones and speech or voice recognition algorithms for receiving a speech or vocal input; one or more gesture-based input devices for receiving the input in the form of manual or bodily gestures; or one or more mechanical buttons, switches or joysticks, etc.
  • the various functionality herein may be described as being integrated into the same client application 105, this is not necessarily limiting and instead they could be implemented in a suite of two or more distinct applications, e.g. one being a plug-in to the other or interfacing via an API (application programming interface).
  • the functionality of the transaction engine 401 may be implemented in a separate application than the Ul layer 402, or the functionality of a given module such as the transaction engine 401 could be split between more than one application.
  • some or all of the described functionality could be implemented at, say, the operating system layer.
  • Figure 3B gives a mock-up of an example of the user interface (Ul) 500 which may be rendered by the Ul layer 402 of the client application 105a on Alice's equipment 102a. It will be appreciated that a similar Ul may be rendered by the client 105b on Bob's equipment 102b, or that of any other party.
  • Ul user interface
  • FIG. 3B shows the Ul 500 from Alice's perspective.
  • the Ul 500 may comprise one or more Ul elements 501, 502, 502 rendered as distinct Ul elements via the user output means.
  • the Ul elements may comprise one or more user-selectable elements 501 which may be, such as different on-screen buttons, or different options in a menu, or such like.
  • the user input means is arranged to enable the user 103 (in this case Alice 103a) to select or otherwise operate one of the options, such as by clicking or touching the Ul element on-screen, or speaking a name of the desired option (N.B. the term "manual" as used herein is meant only to contrast against automatic, and does not necessarily limit to the use of the hand or hands).
  • the options enable the user (Alice) to generate a linking transaction by authorising with a signature modifications or and/or linkages between documents.
  • the Ul elements may comprise one or more data entry fields 502, through which the user can generate a linking transaction.
  • These data entry fields are rendered via the user output means, e.g. on-screen, and the data can be entered into the fields through the user input means, e.g. a keyboard or touchscreen.
  • the data could be received orally for example based on speech recognition.
  • the Ul elements may comprise one or more information elements 503 output to output information to the user. E.g. this/these could be rendered on screen or audibly.
  • the information elements 503 may render a visual representation of an existing document which is to be authorised with a signature by the user. The user can view the document and decide whether or not to authorise the document with a signature. The user may indicate that they wish to sign the document via the electable elements 501 or the data entry field 502 as discussed below.
  • the user can indicate a supplementary document to be linked to the existing document by providing an input via the user selectable elements 501 or the data entry fields 502.
  • the user may upload supplementary documents to the electronic signature application 105, or to a database accessible by the electronic signature application 105, prior to generating a linking transaction, such that a library of supplementary document is stored, with a unique reference for each of the stored supplementary documents also stored.
  • the unique references are presented to the user in, for example, a drop-down menu format on the Ul 500 for the user to select form.
  • the supplementary document associated with the selected unique reference is then linked to the existing document in the linking transaction.
  • the user may be able to upload a supplementary document while generating the linking transaction.
  • the user provides another input, via the selectable elements 501 for example, which instigates a computation of document signature data associated with the linking transaction.
  • This second user input comprises at least one private key associated with the user (such as a passcode or biometric used for document signing).
  • the private key(s) of the user are then used to compute document signature data, used to authorise a portion of the linking transaction.
  • the user may be required to enter their private key(s) in the data entry fields 502.
  • the private key(s) may be stored in the electronic signature application 105, or at some location accessible to the electronic signature application 105, such that the user provides some other user verification, such as a password or user biometric, which authorises the electronic signature application 105 to use the stored private key(s).
  • the private key(s) may be stored in either encrypted or unencrypted form. If in an encrypted form, the second user input comprises data for decryption the private key required to compute the document signature data.
  • the electronic signature application 105 uses the blockchain transaction to render the existing document on the Ul 500.
  • the blockchain transaction may comprise either document data of the existing document or a reference to the existing document.
  • the existing document can therefore be rendered using the blockchain transaction either by accessing the document data from the blockchain transaction if stored there or accessing data relating to a previous blockchain transaction in which the existing document data is stored.
  • the existing document may be stored on the blockchain in encrypted, e.g. a hash of the document, or unencrypted form, e.g. plaintext.
  • the existing document may be received by the electronic signature application 105 from an off-chain source, such as the last actor to authorise the document or the actor responsible for creating the document, and rendered to the user.
  • the electronic signature application 105 can use the blockchain transaction to verify the received existing document. A copy or a hash of the document is stored on the blockchain and can be used for this verification. In the case of the document being stored, the electronic signature application 105 can compare the two document directly. If they are identical, the received version is verified. In the case of the hash of the document being stored on the blockchain, the electronic signature application 105 generates a hash of the received existing document. If the hash generated by the electronic signature application 105 matches that retrieved from the blockchain transaction, the received document is verified.
  • the electronic signature application 105 locates the blockchain transaction in a blockchain maintained by a blockchain network.
  • the electronic signature application 105 applied at least one validity check to the blockchain transaction before rending the existing document to the user on the Ul for the user to authorise with a signature.
  • An example of a validity check which may be implemented by the electronic signature application 105 comprises checking the blockchain transaction has been immutably committed to the blockchain before rendering the existing document to the user for authorising with a signature.
  • the electronic signature application 105 provides means for verifying the verifying document modifications. The user may verify these modifications themself by checking who has previously signed the document and comparing this to known rules. The name of the previous singer is displayed to the user on the in the information element 503.
  • An indication that the previous signer has been verified by a third party may be indicated to the user via the electronic signature application 105, for example by rendering a symbol indicating the third party verification next to the pervious signer's name.
  • the modification performed by the previous signer may also be displayed to the user for them to check against known rules.
  • the electronic signature application 105 may provide a verification function itself.
  • the known rules are known to the electronic signature application 105.
  • the verification function of the electronic signature application 105 checks the data retrieved from the blockchain against the known rules.
  • the electronic signature application 105 indicated to the user whether or not the retrieved data meets the requirements set out by the known rules.
  • the document is only presented to the user for signing if the requirements are met.
  • a symbol or some other verification message may be rendered to the user indicating whether or not the rule requirements have been satisfied.
  • the known rules referenced above may be, for example, rules defining which parties can sign a document, the types of modifications each party can make to the document, the order in which parties must sign the document, and/or if any additional documents need to be linked to the document. It will be appreciated that the rules for each different type of document may be different.
  • Figure 4 illustrates an example of the node software 450 that is run on each blockchain node 104 of the network 106, in the example of a UTXO- or output-based model. Note that another entity may run node software 450 without being classed as a node 104 on the network 106, i.e. without performing the actions required of a node 104.
  • the node software 450 may contain, but is not limited to, a protocol engine 451, a script engine 452, a stack 453, an application-level decision engine 454, and a set of one or more blockchain-related functional modules 455.
  • Each node 104 may run node software that contains, but is not limited to, all three of: a consensus module 455C (for example, proof-of-work), a propagation module 455P and a storage module 455S (for example, a database).
  • the protocol engine 401 is typically configured to recognize the different fields of a transaction 152 and process them in accordance with the node protocol.
  • a transaction 152j Tx j
  • the protocol engine 451 identifies the unlocking script in Tx j and passes it to the script engine 452.
  • the protocol engine 451 also identifies and retrieves Txi based on the pointer in the input of Tx j .
  • Txi may be published on the blockchain 150, in which case the protocol engine may retrieve Tx ⁇ from a copy of a block 151 of the blockchain 150 stored at the node 104. Alternatively, Tx ⁇ may yet to have been published on the blockchain 150. In that case, the protocol engine 451 may retrieve Tx ⁇ from the ordered set 154 of unpublished transactions maintained by the nodel04. Either way, the script engine 451 identifies the locking script in the referenced output of Tx ⁇ and passes this to the script engine 452.
  • the script engine 452 thus has the locking script of Tx ⁇ and the unlocking script from the corresponding input of Tx j .
  • transactions labelled Tx Q and Tx 1 are illustrated in Figure 2, but the same could apply for any pair of transactions.
  • the script engine 452 runs the two scripts together as discussed previously, which will include placing data onto and retrieving data from the stack 453 in accordance with the stack-based scripting language being used (e.g. Script). By running the scripts together, the script engine 452 determines whether or not the unlocking script meets the one or more criteria defined in the locking script - i.e. does it "unlock" the output in which the locking script is included? The script engine 452 returns a result of this determination to the protocol engine 451. If the script engine 452 determines that the unlocking script does meet the one or more criteria specified in the corresponding locking script, then it returns the result "true”. Otherwise it returns the result "false”.
  • the result "true” from the script engine 452 is one of the conditions for validity of the transaction.
  • protocol-level conditions evaluated by the protocol engine 451 that must be met as well; such as that the total amount of digital asset specified in the output(s) of Tx j does not exceed the total amount pointed to by its inputs, and that the pointed-to output of Txi has not already been spent by another valid transaction.
  • the protocol engine 451 evaluates the result from the script engine 452 together with the one or more protocol-level conditions, and only if they are all true does it validate the transaction Tx j .
  • the protocol engine 451 outputs an indication of whether the transaction is valid to the application-level decision engine 454.
  • the decision engine 454 may select to control both of the consensus module 455C and the propagation module 455P to perform their respective blockchain-related function in respect of Tx j .
  • This comprises the consensus module 455C adding Tx j to the node's respective ordered set of transactions 154 for incorporating in a block 151, and the propagation module 455P forwarding Tx j to another blockchain node 104 in the network 106.
  • the application-level decision engine 454 may apply one or more additional conditions before triggering either or both of these functions.
  • the decision engine may only select to publish the transaction on condition that the transaction is both valid and leaves enough of a transaction fee.
  • true and “false” herein do not necessarily limit to returning a result represented in the form of only a single binary digit (bit), though that is certainly one possible implementation. More generally, “true” can refer to any state indicative of a successful or affirmative outcome, and “false” can refer to any state indicative of an unsuccessful or non-affirmative outcome. For instance in an account-based model, a result of "true” could be indicated by a combination of an implicit, protocol-level validation of a signature and an additional affirmative output of a smart contract (the overall result being deemed to signal true if both individual outcomes are true).
  • embodiments of the present disclosure provide a method of recording modifications to documents and linking different documents on the blockchain.
  • a number of possible real-world use cases that could benefit from the digital signature technology taught herein.
  • the blockchain provides an immutable record of the documents, recording any modifications, such as transfers, endorsements, and cancellations, and by whom the modifications to the documents were made.
  • the blockchain can provide identification, authentication, authorization, linkability between different documents and traceability as each document is developed. It will be appreciated that the present disclosure is not limited to use with Bitcoin and other similar blockchain based spendable coins may be used.
  • the disclosed method exploits the double-spending prevention feature of cryptocurrency such as Bitcoin and similar coins.
  • cryptocurrency such as Bitcoin and similar coins.
  • the implication of the inability of double spending is the single use of any unspent output of a bitcoin transaction.
  • the single-use property can be applied to negotiable instruments.
  • the disclosed method increases the difficulty to forge any of the mapped documents to a high level. This is essential when using digital copies of these documents. Mapping between a document and an unspent transaction output is provided. Any change in the status of the document, such as transferring ownership, replacing the document, or cancelling the document, is done by spending the transaction output in a new transaction whose outputs reflect the new status of the document. Thus, it is very easy to check the current status of the document by checking the unspent output that contains the document. It is computationally infeasible to use an expired document, forge a document, or change a document without having the authorization to do so.
  • unlocking scripts in bitcoin transactions include digital signatures for the purpose of authorizing the assignment of BSV from one locking script to another.
  • identity of the UTXO owner is irrelevant.
  • the method provided herein repurposes the digital signatures in the unlocking script to be meaningful digital signature for the data (such as documents) inserted in the transaction.
  • the identity of the signer becomes relevant.
  • a public key certificate is required to provide an authenticated link between the public key and the identity of the owner. However, since it is recommended that a public key value is not to be used in more than one transaction - otherwise the private key may be leaked when the ephemeral key is not generated random enough - it is not ideal to use the certificate public key in signing transactions.
  • Linkable signatures uses "linkable signatures" to overcome this problem.
  • Linkable signatures will be described in more detail below.
  • the signer can prove knowing the secret key of P ⁇ A , if she can provide the signatures for the public keys P si and P/.
  • a linkable digital signature can be in the form of a single transaction input that contains two signatures, where the locking script is given by [P2PKH P si P2PKH P/].
  • the locking script is given by [P2PKH P si P2PKH P/].
  • the present disclosure provides a method of linking the spendable outputs of a transaction to documents.
  • the ownership is mapped to the owner of the unspent transaction output.
  • the owner of the unspent output is referred to as a current authorised actor of the document linked to the spendable output.
  • the document can be modified by the current authorised actor in a new transaction.
  • the authorised actor modifies and authorises the new transaction with their linkable signature.
  • negotiable instruments are used as an example of documents which may be modified and linked to other documents.
  • a negotiable instrument is a document of title or evidence of indebtedness that is freely transferable in trading as a substitute for money.
  • Negotiable instruments are unconditional orders or promise to pay, and include cheques, drafts, bearer bonds, some certificates of deposit, promissory notes, bills of exchange and bank notes.
  • the process of transferring the right to be paid, i.e. the document that contains the order or undertaking to pay money, is called negotiation.
  • Documents of contracts may be modified in a number of different ways. The possible modifications include: creating or issuing; • replacing or editing;
  • the transferor (the current owner of the Nl who is passing the Nl ownership), also referred to herein as the current authorised actor;
  • negotiable instrument issuer who acts as a transferor when the instrument is first created.
  • the transferor has to authorise with their signature a transaction input, whereas the transferee would know the unlocking script that can unlock the transaction output.
  • linkable signatures are used to authorise transactions.
  • Each new transaction has at least one input, which comprises a reference to an unspent transaction output and the corresponding unlocking script associated with that output, where the unlocking script is a signature of a pair of child keys associated with the certificate public key of the authorised actor.
  • Each new transaction also has at least one spendable output.
  • Each output comprises either document data itself or a reference to the document, an identifier of the next authorised actor, i.e. the actor who can modify the document associated with the output, and a refence to a certificate public key of the next authorised actor.
  • the reference to the certificate public key is some form of a pair of child keys associated with the certificate public key of the next authorised actor.
  • a state may also be inserted into the output of the transaction which indicates the type of modification performed by the authorised actor authorising the transaction with a signature.
  • the document When the document is first created, it is inserted in a transaction output with the state of "create” or "issue". Whenever the document is modified, the state of the document in the output of the transaction in which the modification is recorded is changed to indicate the modification.
  • the negotiable instrument is transferred from the issuer to the transferee (Alice).
  • the data inserted in TxID Issue would typically include the following:
  • NI Data which includes: a. a flag on the type of data, and the standard used, such as Universal
  • UDL Business Language
  • b a description of the instrument
  • c terms and conditions of the Nl or a reference to them
  • d a uniform resource identifier
  • ⁇ flag issue > a flag to indicate the state of the Nl. In the above example it is of type issue.
  • the data inserted in ⁇ W AUce > would include: a. identification of the next owner or authorised actor (Alice); and b. a reference to the issuer certificate and identification.
  • the data inserted in ⁇ P A u ce > is the linkable address of Alice (the transferee) that could be in the form [P2PKH P A ii DC P2PKH P A u ce .] or a 2 of 2 multi-sig, for example.
  • Alice may then pass the Nl to Bob in a transaction by authorising with a signature TxID Issue ⁇ ⁇ 0.
  • TxID TranS f er would typically differ from TxID Issue in that:
  • the identification of the next authorised actor has changed to that of Bob. It will be appreciated that the new owner identification may, in some transactions, not changed. For example, if an authorised actor edits or replaces the document data, the same actor may still be authorised to modify the edited or replaced document.
  • An observer can easily trace TxID TranS f er to the parent transaction TxID Issue , and check the authentication of the issuer and confirm that there is no double spending of the Nl.
  • the Nl can change hands to many owners. Each time it is recorded on a transaction TxIDi, where TxIDi would have Tc ⁇ ! as an input (i.e. parent transaction).
  • the data contained in TxIDi would typically include a state transfer, the next authorised actor and a reference to the valid Nl data transaction TxID Issue .
  • FIG. 5 shows an example of a modification transaction 500 in accordance with the present invention.
  • TxID TranS f er and TxID Issue are examples of modification transactions 500.
  • the modification transaction 500 can be identified by its unique transaction ID 502.
  • the unique transaction ID 502 can be used to track a document and its modifications on the blockchain.
  • the modification transaction 500 comprises an input list comprising at least one input and an output list comprising at least one output. Two inputs 506a, 506b and four outputs 504a- c are shown in the example of Figure 5, however it will be appreciated that any number of inputs and outputs may be used in a single transaction. A single modification transaction 500 can therefore be used to modify multiple document.
  • Each input 506a, 506b of the modification transaction 500 comprises an outpoint and a locking script.
  • the outpoint references an output of a previous modification transaction.
  • the previous modification transaction need not be published to the blockchain at the time the modification transaction 500 is propagated.
  • Each input 506a, 506b also comprises a locking script.
  • the locking script comprises the linkable signature of the current authorised actor of the output referenced by the outpoint.
  • the locking scrip may also comprise the SIGHASH flag, which indicates which of the outputs of the modification transaction the current authorised actor associated with the linkable signature is authorising. For example, if the SIGHASH flag is set to SIGHASH_ALL, the current authorised actor authorises all of the modifications of the modification transaction 500, i.e. they authorise all of the modifications in the transaction output list. However, if set to SIGHASH_SINGLE, the current authorised actor only authorises the modification of a single output of the modification transaction 500.
  • Each output 504a, 504b, 504c, 504d of the modification transaction 500 is a spendable output.
  • Each output 504a, 504b, 504c, 504d has an associated value, here shown as an amount in satoshi. It will be appreciated that any blockchain currency and any unit of the currency may be used to assign a value to the output.
  • Each output 504a, 504b, 504c, 504d can be assigned separately in one or more subsequent modification transactions.
  • Each output 504a, 504b, 504c, 504d comprises a locking script.
  • the locking script has two components: that data to be stored to the blockchain and the identity of the next authorised actor of the document associated with the output.
  • the data to be stored to the blockchain comprises either the document data of the negotiable instrument or a reference to the negotiable instrument.
  • the document data does not need to be stored to the blockchain in every transaction, only those in which the document data is changed, for example when the document is issued or replaced.
  • the document data can be found, if required, by tracing the modifications of the document back through the blockchain using the document reference and the outpoints of each transaction.
  • there are two outputs 504a, 504d which comprise document data
  • two outputs 504b, 504c which comprise a reference to a document.
  • the document data of the document referenced in outputs 504b and 504c is published to the blockchain in a previous modification transaction.
  • the data to be stored to the blockchain also comprises the state of the document.
  • the state indicates the type of modification the negotiable instrument has undergone in the transaction.
  • the modification is performed by the current authorised actor who authorises the transaction with a signature.
  • the current actor of input 506a authorises all of the outputs 504a, 504b, 504c, 504d of the modification transition 500. This is indicated by the SIGHASH_ALL flag in the locking script.
  • the current authorised actor of input 506b only authorises output 504b, as indicated by the SIGHASH_SINGLE flag.
  • the state of the documents in outputs 504a, 504c and 504d corresponds to the modification performed by the authorised actor of inputs 506a
  • the state of the document in output 504b corresponds to the modification performed by the authorised actors of inputs 506a and 506b.
  • SIGHASH flags may be used.
  • SIGHASH_AnyOneCanPay may be used if two actors are required to authorise a modification but only one of the two actors authorises the transaction. That is, more inputs can be added at a later date by the second signing actor.
  • the data to be stored to the blockchain is inserted using an OP_PUSHDATA script opcode.
  • This opcode pushes the data onto the stack in a way in which the output is spendable. This differs from instances where an OP_RETURN script opcode, in which the data is pushed to the stack but the output is not spendable. It will be appreciated that the data may be inserted using the OP_RETURN script rather than the OP_PUSHDATA script.
  • the unlocking script of each output 504a-d also comprises an identifier of the next authorised actor(s) of the document associated with the output 504a-d.
  • the next authorised actor is an actor who is authorised to modify the document in a subsequent modification transaction.
  • the identifier may comprise the certificate public key of the next authorised actor and/or a pair of child public keys of the next authorised actor.
  • the identifier of the next authorised actor may be in the form of a pay to public key (P2PK) or pay to public key hash (P2PKH).
  • P2PKH is used in the examples used herein.
  • outputs 504a and 504c only identify a single next authorised actor. However, outputs 504b and 504c identify two next authorised actors. It will be appreciated that any number of next authorised actors may be identified for a single output.
  • the outputs 504b and 504c identify two next authorised actors.
  • Output 504d requires a multi-sign 1 of 2. This allows one or other of the two identified next authorised actors to modify the document without the authorisation of the other identified next actor. There may be restrictions on the modifications that the next authorised actors can perform. For example, the actor identified by P next s may only be able to authorise a modification to Document A if the actor identified by P next6 has not yet modified the document.
  • Output 504b requires a multi-sign 2 of 2. That is, both of the identified next authorised actors are required to authorise a modification to Documenty. The next authorised actor who modifies a document in a subsequent modification transaction is the current authorised actor for that document in the subsequent transaction.
  • Each actor may be authorised to perform only one or some types of modifications to a document.
  • a current authorised user may be authorised to replace or endorse a document, but not mark it as complete.
  • the modifications which an authorised actor is authorised to perform may depend on whether or not another authorised actor has performed a certain modification to the document.
  • a multi-sign 1 of 2 can be used here.
  • a first current authorised actor may be authorised to cancel a document only if a second current authorised actor has not yet endorsed it.
  • exporter There are six main actors in the export-import process: exporter, importer, shipper, carrier, bank, and Chamber of Commerce.
  • the exporter is the person who has the goods. This is also known as the seller or manufacturer. In this paper we use the term exporter. She/He is required to fill out: a commercial invoice, and a certificate of origin (COO).
  • COO certificate of origin
  • the importer is the person or the company that is buying the goods, also known as buyer. It applies for letter of credit in case that is the agreed method of payment.
  • the shipper is the party responsible to book the carrier and arrange the shipping. This could be an owner of the cargo or an agent. It can be the exporter or the importer. This is also known as consignor, or transport user. This party is required to fill out: a packing list, and a Shipper Letter of Instruction.
  • the carrier is also known as a transport service provider. They are responsible for the physical transportation of the goods.
  • the Chamber of Commerce may need to sign the certificate of origin.
  • the certificate of origin is submitted to the Local chamber of commerce for endorsement.
  • the Chamber of Commerce must have access to relevant documents such as a commercial invoice (Cl) and Bill of Lading (BoL) in order to verify the exporter's claims.
  • Figure 6 shows an example process of import and export between an importer 604 and an exporter 602.
  • Figure 6 emits any other actors for simplicity. The roles of other actors will be discussed later.
  • the importer 604 makes an inquiry with regards to importing goods from the exporter 602.
  • the exporter screens the potential importer 604 and the country to which the goods are to be imported. This step may involve determining if there are import restrictions or taxes.
  • the exporter 602 provides the importer 604 with a proforma invoice.
  • the sale is then finalized between the importer 604 and exporter 602.
  • This step comprises the two parties 602, 604 agreeing on the following: payment terms, terms of sale, how goods will be shipped, who is responsible for shipping, who is responsible for hiring a freight forwarder or carrier, who is responsible for filing, how the transaction will be paid e.g. letter of credit, and other documents required by the regulations.
  • the exporter prepares the goods.
  • the shipping documents are also prepared at this step.
  • the shipping documents include: a commercial invoice, a packing list, a certificate of origin (COO), a shipper's letter of instruction, and a bill of lading (BoL). These documents are described in Annex A. The possible states of the documents are set out in Annexes B-E.
  • the goods are shipped to the importer 604 at step S620 and the exporter 602 performs recordkeeping tasks at step S622.
  • the Bill of Lading (BoL) can serve three functions:
  • a carrier usually issues 3 original BoL in addition to 3 copies.
  • a BoL must accompany the shipped products and must be signed by authorised representatives of the carrier, the shipper and the receiver (consignee).
  • Shipper also known as Consignor. This is the person who enters into a contract of carriage with the carrier. This can be the importer or the exporter depending on their agreed terms of sale.
  • Carrier The transport company representative, or the ship master. This is the party who provides the physical transportation services.
  • Consignee the person entitled to take delivery of the goods under a contract of carriage indicated on a bill of Lading. This could be the importer, importer's bank or the bank issuing the Letter of Credit.
  • Figure 7 shows a diagram of Bill of Lading.
  • the BoL comprises fields for stating the type of goods in the cargo, the quantity of each specific good, and the destination of the goods.
  • the Bill of Lading is to be signed by the shipper, the carrier, and the consignee.
  • Bill of Ladings may be negotiable, where the name of the consignee can be changed such that the BoL can be transferred multiple times, or non-negotiable, such that the goods are consigned to a specified person and it cannot be transferred.
  • Figure 8 shows an example sequence for the use of a Bill of Lading in the export-import process.
  • the shipper 804 transfers goods to be shipped to the carrier 802, who loads the goods at step S812 and issues a BoL at step S814.
  • the carrier 802 signs it.
  • the carrier 802 provides the BoL to the shipper 804, who signs the BoL at step S816.
  • the carrier 802 transports the goods to the destination at step S818.
  • the BoL is signed by the importer 604 at step S820.
  • the BoL is not signed by all three parties 802, 804, 604.
  • the importer 602 shows the BoL signed by the three parties to the carrier 802 at step S822. This acts as proof that the importer 604 is entitled to the goods. The carrier 802 then releases the goods to the importer 604 at step S824.
  • the letter of credit guarantees that the exporter gets paid either by the importer or by the bank. In case of the latter, it is also known as a documentary LOC or documentary credit.
  • a documentary LOC is a contract under which a bank agrees to pay the exporter, in connection with the export of specific goods, against the presentation of specified documents relating to those goods. The documentary LOC is issued at the request of the importer (the applicant for the credit) in favour of the exporter (the beneficiary of the credit.
  • a letter of credit is typically a negotiable instrument, as the issuing bank pays the beneficiary or any bank nominated by the beneficiary.
  • Figure 9 shows an example process of using a letter of credit in the context of an export- import shipment. There are four main parties in the process.
  • a beneficiary 904 is the party in whose favour a credit is issued. In the context of shipping, this is the exporter 602 of the goods in the underlaying contract.
  • An applicant 902 is the party on whose request the credit is issued. In the context of shipping, this is the importer 604.
  • the applicant 902 and beneficiary 904 agree the terms of the sale and exchange electronic sale contract at step S911.
  • the applicant 902 applies for an electronic LOC from an issuing bank 906 at step S912.
  • the issuing bank 906 is a bank which opens and finalizes the LOC. It is the bank that issues a credit at the request of an applicant 902 or on its own behalf. It is the ultimate payer of the LOC. An issuing bank 906 is irrevocably bound to honor a complying presentation as of the time it issues the credit. Issuing banks 906 evaluate LOC applications mainly in two categories: compliance with the issuing bank policies; and correctness of the instructions of the applicant.
  • the issuing bank 906 issues the LOC to an advising bank 908.
  • This may be subject to a set of rules, such as the eRules for the Uniform Customs & Practice for Documentary Credits (eUCP).
  • eUCP Uniform Customs & Practice for Documentary Credits
  • the advising bank 908 and the exporter 602 are located at the same country and have a business relationship with each other.
  • the exporter 602 informs his advising bank 908 preferences to the importer 604 during the negotiation phase of the transaction.
  • the advising bank 908 has two main responsibilities:
  • the advising bank 908 advises the LOC to the beneficiary 904 at step S914.
  • the beneficiary 904 then ships the goods to the applicant 902 at step S915 and, at step S916, sends dispatching e-documents to the advising bank 908 as proof of shipping.
  • the advising bank 908 presents the e-documents to the issuing bank 906 at step S917.
  • the issuing bank 906 implements a documents control process and then releases the payment associated with the shipped goods to the beneficiary 904 at step S918. This payment may be sent to the beneficiary 904 via the advising bank 908.
  • the issuing bank 906 releases the electronic documents to the applicant 902 at step S919.
  • Figure 11 shows an example a set of transactions, comprising three "linking" transactions, for use in shipping.
  • the linking transactions TxlD2, TxlD3, and TXID4 are created sequentially over time, followed by blockchain transactions TxIDs and TcI ⁇ e respectively.
  • Transactions TXID2 and TXID3 are linking transactions that link one or more new supplementary documents to an existing documents, contained or referenced in an earlier transaction.
  • Transaction TXID4 links at least two existing documents (both contained or referenced in previous blockchain transactions).
  • modification transaction is used herein, to refer to a transaction that modifies the content or status of an existing document.
  • the linking transactions TxlD 2 , TXID 3 , and TXID 4 are also modification transactions in this sense, but in general, a linking transaction need not necessarily be a modification transaction, and modification transactions may or may not be linking transactions.
  • Alice is a manufacturer and exporter of tennis balls in country A
  • Bob is an importer in country B.
  • Shipping documents including the Bill of Lading would be on the blockchain. There are four stages:
  • Stage 1 - Alice and Bob agree the terms of sale and Alice issues an invoice.
  • TxID prt L expor Strukturter is a transaction made by 1 Alice, 9 where she creates a transaction outp r ut that references her public key certificate.
  • TxID ⁇ Alice maps the issued commercial invoice in a transaction.
  • the transaction TxID ⁇ spends TxID Cert ,
  • the locking script ⁇ P exp orter > in TxID ⁇ O can also be linked to the certificate of Alice by appending the certificate to it. Thus, the locking script looks like:
  • TxID 2 that has the following documents: Shipper Letter of Instructions, Certificate of Origin and Packing List. She also spends TxID ⁇ 0 in the input of TxW 2 t us linking the commercial invoice to the shipping documents.
  • the right to change the invoice data or status is transferred from the output TxID ⁇ 0 to the output TxW 2 1
  • the Certificate of Origin (COO) is also inserted in this transaction.
  • the Chamber of Commerce (COC) signature is inserted in the second input.
  • the TxID Certcoc is a transaction that links to the COC public certificate (i.e. The TxlD Certcoc ⁇ s similar to TxID Certexporter ). Note that the COO is issued and endorsed by the signature of both the exporter and the COC. On the other hand, since the output TxW 2 1
  • the packing list (PL), and SLI documents are issued by the exporter but not yet endorsed by the carrier. Being issued and not yet endorsed, we want to allow the exporter alone to be able to cancel or replace any of them without having the carrier signature. Thus, Multi-sig 1 of 2 is used. This allows the carrier alone to spend the output when endorsing the documents, or the exporter to replace or cancel the documents as long as the carrier has not already endorsed them.
  • Stage 3 - Carol - who has a Carrier company- is responsible for transportation. She receives the cargo from Alice, and issues Alice the Bill of Lading. In TxW 3 Carol spends TxW 2
  • TxW 3 can be put in the blockchain only when parent transaction TxW 2 is sent. Also note that the unlocking script of TxW 3 contains the PL and the SLI references with the status flags changed from issued to endorsed. To change the status of any of SLI or PL requires spending the outputs TxW 3 1
  • Stage 4 - Alice is paid by the bank after providing proofs of shipping
  • the bank also optionally signs the transaction to indicate his endorsement.
  • the bank's input 110 is a transaction that provides a link to the bank certificate (similar to TxID Cert L expor ,ter of Alice) '.
  • Stage 5 - Bob settles with the bank and gets the BOL transferred to him.
  • Bob pays the bank and gets the BOL transferred to him, so that he can use it to release the goods.
  • the bank creates a transaction that spends TxW 4 1
  • Stage 6 - Bob gets the cargo released from Carol using the BOL.
  • mapping modifications to the blockchain a document can be traced to its current state and all modifications to the document since it was created can be tracked.
  • Embodiments of the technology leverage transaction verifications mechanisms used to secure the blockchain to additionally provide an additional document signature verification function.
  • the document signatures take the form of transaction signatures for validating transactions, and in particular for validating spending relationships between transactions. This has the benefit that the existing work performed by node to validate blockchain transactions also assists in the verification of the document signature requirements.
  • the system actors i.e. the actors signing the documents
  • Figure 10 illustrates how modifications can be validated both on and off the blockchain using the modification transactions 500 disclosed herein.
  • a transaction 1002, 1004, 1006 is created, it is transmitted to a node of the blockchain, which validates the transaction and publishes it to the blockchain in a block. This process is set out in more detail above.
  • the node checks that the actor authorising the transaction with a signature is authorised to do so by checking the actor's signature in the transaction input with the next authorised actor identified in the output of the previous transaction, i.e. that identified by the outpoint of the transaction input.
  • the blockchain can act as a backup for the documents.
  • the blockchain node does not validate that the actor authorising the transaction is legally authorised to make the modification. This step is performed off the blockchain.
  • Figure 10 shows Entity X, an entity external to the blockchain.
  • Entity X accesses the transaction 1006 in which the modification is performed. The outpoint of the relevant input of the transaction is identified.
  • Entity X uses the outpoint to locate a previous transaction 1004 of which the input of transaction 1006 is a spendable output. Entity X accesses the previous transaction 1004. The identity of the actor is determined form the output of the previous transaction 1004 identified by the outpoint. That is, Entity X accesses the child public keys of the actor in the output of the previous transaction 1004. Entity X then locates the certificate transaction 1002 of the actor who is legally authorised to make the modification. This transaction 1002 is accessed and the certificate public key extracted. Entity X can then check that the relationship between the child public keys from the transaction output and the certificate public key is met. If it is, the actor is legally authorised to make the modification.
  • Entity X accesses a transaction 1006 on the blockchain. This may be a transaction with an unspent spendable output associated with the document to be tracked.
  • the outpoint of the input associated with the document is identified and used to locate the previous transaction 1004 of which the input is a spendable output.
  • Entity X can access this previous transaction 1004, locate the relevant spendable output, determine the modification made to the document in the transaction 1004 by the state of the output, and determine by whom the modification was made by checking which signatures were used to authorise the transaction.
  • the transaction 1004 is that in which the document was issued such that there are no other previous transactions comprising modifications to the document.
  • Entity X can find these other previous transactions in a similar way, by identifying the outpoint of the associated input in the transaction 1004 and then using the outpoint to locate the previous transaction in which the document was modified. This can be continued until the issuing transaction is located.
  • a similar process can be performed to trace the document to its current state.
  • the spendable outputs associated with the document are followed through the blockchain until an unspent spendable output associated with the document is found. Recording the modifications of the documents to the blockchain as described herein provides a mechanism for robustly checking the state of a document.
  • the bitcoin node or some other trusted third party may provide an extra service of enforcing rules relating to the modifications a next actor can perform on a document.
  • Such an embodiment may be achieved by, for example, configuring all clients (or wallets) used by the actors in authorising transactions to connect to the blockchain via a gateway (a trusted server) that ensures only transaction comprising allowable modifications to go onto the blockchain.
  • the trusted server could be another signer in the transaction, who would add his signature only when the correct flags are used, i.e. only when the actor is authorised to perform the modification signified by the flag.
  • the clients (or wallets) used could be certified such that they adhere to the system configuration, for example use of correct flags, and to ensure that the user understands exactly what he is doing, for example what documents he is authorising and what modification he is making to the document.
  • the bitcoin nodes may compare the status flag in the outpoint and the output to ensure conformity with the rules.
  • linkable signatures have been described in the above description, it will be appreciated that the signer does not have to link their public key to the transaction. That is, ownership of the document can be passed anonymously. There may be rules and regulations for certain use cases which determine if such an implementation is allowable, or which have to be implemented via some other verification method when such an implementation is used.
  • documents are inserted into the inputs of transactions as part of the unlocking script.
  • the documents can be inserted as a pre-hash that is revealed only when spending the transaction.
  • a transaction would have in its output the locking script ⁇ hashOftheDocument> and, when spending that transaction, the ⁇ Document> is inserted to unlock.
  • the data inserted in transactions may be in an encrypted form depending on the confidentiality requirements of the use case. It is also expected that different items may have different authorization access requirements. In such cases, the above disclosed method may be modified to provide selected access to this data. For example, it is possible also to insert the hash of the documents or Nl instead of the document itself. This method would provide confidentiality as well as allow documents of any size to be inserted without conflicting with the bitcoin layer limitations. A typical insertion would have proper flags and identifiers in addition to the hash of the document. The system should be designed such that signers should always be aware of what they sign.
  • An on blockchain export solution can help to make sure that templates used are up to date, by being in the UTXO, before getting filled.
  • the process and documentation can all be described in the blockchain and maintained as updates take place.
  • the actor's wallet that provides the correct interface to the blockchain can always look for up to date forms and process and guide the actor while filling forms on chain.
  • OP_PUSHDATA is used to insert data.
  • OP_RETURN can also be used.
  • An output containing OP_RETURN is necessarily invalid (unspendable), so that output would not define a signature requirement.
  • the document or reference in this case, could be contained in an unspendable output, associated with a separate spendable output defining the signature requirement.
  • Metanet Protocol may be used as an alternative to the method set out above.
  • An example is given below.
  • a Node is a transaction
  • an edge is an association between two nodes (i.e. transactions), where one transaction (child) contains the identifier of the other transaction (parent). Accordingly, an update to the child transaction can only be accepted if it is signed by the parent transaction secret key.
  • the above transaction is a Metanet transaction, where the index of the node and its parent
  • the BOL data can be inserted on the blockchain using the Metanet protocol as follows.
  • a Metanet transaction is made between both parties, signed by both of them. That could be a transaction without a parent node, a.k.a orphan transaction.
  • TxID shippin g is an example.
  • TxID receiving When the carrier reaches the receiver, a transaction is made between the carrier and the receiver, for example TxID receiving below. It may be associated to the TxIDshipping as a child. The carrier knows P S hipping private key.
  • bitcoin network 106 For instance, some embodiments above have been described in terms of a bitcoin network 106, bitcoin blockchain 150 and bitcoin nodes 104.
  • the bitcoin blockchain is one particular example of a blockchain 150 and the above description may apply generally to any blockchain. That is, the present invention is in by no way limited to the bitcoin blockchain. More generally, any reference above to bitcoin network 106, bitcoin blockchain 150 and bitcoin nodes 104 may be replaced with reference to a blockchain network 106, blockchain 150 and blockchain node 104 respectively.
  • the blockchain, blockchain network and/or blockchain nodes may share some or all of the described properties of the bitcoin blockchain 150, bitcoin network 106 and bitcoin nodes 104 as described above.
  • the blockchain network 106 is the bitcoin network and bitcoin nodes 104 perform at least all of the described functions of creating, publishing, propagating and storing blocks 151 of the blockchain 150. It is not excluded that there may be other network entities (or network elements) that only perform one or some but not all of these functions. That is, a network entity may perform the function of propagating and/or storing blocks without creating and publishing blocks (recall that these entities are not considered nodes of the preferred bitcoin network 106). In non-preferred embodiments of the invention, the blockchain network 106 may not be the bitcoin network. In these embodiments, it is not excluded that a node may perform at least one or some but not all of the functions of creating, publishing, propagating and storing blocks 151 of the blockchain 150. For instance, on those other blockchain networks a "node" may be used to refer to a network entity that is configured to create and publish blocks 151 but not store and/or propagate those blocks 151 to other nodes.
  • any reference to the term “bitcoin node” 104 above may be replaced with the term “network entity” or “network element”, wherein such an entity/element is configured to perform some or all of the roles of creating, publishing, propagating and storing blocks.
  • the functions of such a network entity/element may be implemented in hardware in the same way described above with reference to a blockchain node 104.
  • a computer-implemented method of cryptographically linking multiple documents, having multiple electronic signature requirements, via a sequence of blockchain transactions comprising: computing document signature data satisfying a first signature requirement for an existing document, the first signature requirement defined in a blockchain transaction containing or referencing the existing document; wherein the document signature data signs a portion of a linking transaction containing or referencing a supplementary document, the linking transaction comprising an input for validly spending a spendable output of the blockchain transaction, whereby the document signature cryptographically links the supplementary document with the existing document; and wherein the signed portion comprises multiple outputs of the linking transaction, wherein a first of the multiple signed outputs is spendable and associated with the existing document, the signed portion defining a second signature requirement for the existing document, and wherein a second of the multiple signed outputs is spendable and associated with the supplementary document, the signed portion defining a signature requirement for the supplementary document.
  • Statement 2 The method of statement 1, wherein the first signature requirement is defined in the spendable output of the blockchain transaction and must be satisfied in order to spend that spendable output, and the document signature data takes the form of transaction signature data to be included in the input of the linking transaction for validly spending the spendable output of the blockchain transaction; wherein the second signature requirement for the existing document is defined in the first spendable output and must be satisfied in order to spend the first spendable output of the linking transaction; and wherein the second signature requirement for the supplementary document is defined in the second spendable output and must be satisfied in order to spend the second spendable output of the linking transaction.
  • Statement 3 The method of statement 1 or statement 2, wherein at least one of the signature requirements of the linking transaction comprises at least one public key.
  • Statement 4 The method of statement 3, wherein the public key is verifiable from a public key certificate of a certifying transaction, the signed portion of the linking transaction identifying the certifying transaction.
  • Statement 5 The method of statement 4, wherein the linking transaction is directly or indirectly associated with the certifying transaction via one or more transaction spending relationships, thereby identifying the certifying transaction.
  • Statement 6 The method of any of statements 3 to 5, wherein the public key certifies a master public key, but the signature requirement does not require direct use of the corresponding private key, and instead comprises a transient public key and a composite public key derived from the transient public key and the master public key.
  • Statement 7 The method of any preceding statement, wherein the blockchain transaction comprises a first status flag associated with the existing document, and the signed portion of the linking transaction contains a second status flag associated with the existing document and a status flag associated with the supplementary document.
  • Statement 8 The method of any preceding claim, wherein the existing document is contained or referenced in the spendable output of the blockchain transaction; wherein the first spendable output of the linking transaction contains a reference to the existing document, and the second spendable output of the linking transaction contains data of the subsequent document.
  • Statement 9 The method of statement 8 when dependent on statement 7, wherein the first status flag of the existing document is contained in said spendable output of the blockchain transaction, the second status flag of the existing document is contained in the first spendable output of the linking transaction, and the status flag of the subsequent document is contained in the second spendable output of the linking transaction.
  • Statement 10 The method of any of statements 1 to 7, wherein the existing document is contained in an unspendable output of the blockchain transaction, wherein the signed portion of the linking transaction comprises one or more unspendable outputs containing a reference to the existing document and data of the subsequent document.
  • Statement 11 The method of any of statements 1 to 8, wherein data of the existing document is contained in said input of the linking transaction, so as to satisfy an existing document challenge of the spendable output of the blockchain transaction.
  • Statement 12 The method of statement 11 when dependent on statement 7, wherein the second status flag of the existing document is contained in said input of the linking transaction.
  • Statement 13 The method of any preceding statement, wherein at least one of the signature requirements of the linking transaction requires transaction signatures from multiple parties.
  • Statement 14 The method of any preceding statement, wherein at least one of the signature requirements of the linking transaction identifies multiple parties, but only requires transaction signatures from a subset of the identified parties.
  • Statement 15 The method of any preceding statement, wherein the supplementary document is a further existing document, and the linking transaction comprises a second input for validly spending a spendable output of a second blockchain transaction, the second blockchain transaction containing or referencing the further existing document; wherein said signature requirement for the further existing document is a second signature requirement for the further existing document, the method comprising: computing further document signature data satisfying a first signature requirement for the further existing document, as defined in the second blockchain transaction.
  • Statement 16 The method of statement 15 when dependent on statement 2, wherein the first signature requirement for the further existing document is defined in the spendable output of the second blockchain transaction, wherein the further document signature data takes the form of further transaction signature data for the second input of the linking transaction for validly spending the spendable output of the second blockchain transaction.
  • An electronic signature application for linking and signing multiple documents having multiple signature requirements, the digital signature application embodied as program instructions in non-transitory media and configured, when executed on a computer, to implement the method of any preceding statement.
  • Statement 18 The electronic signature application of statement 17, further configured to render a visual document signing interface for linking and signing the documents, by: using the blockchain transaction to render a visual representation of the existing document to be signed, receiving first user input denoting the supplementary document to be linked to the existing document; receiving second user input for computing the document signature data.
  • Statement 19 The electronic signature application of statement 18, configured to locate the blockchain transaction in a blockchain maintained by a blockchain network, and apply at least one validity check to the blockchain transaction before rendering the existing document for signing.
  • Statement 20 The electronic signature application of statement 19, wherein the at least one validity check comprises checking the blockchain transaction has been immutably committed to the blockchain before rendering the existing document for signing.
  • Statement 21 The electronic application of statement 19 or 20, configured to use the blockchain transaction to retrieve the existing document from the blockchain for rendering in the document signing interface, the existing document stored in the blockchain in encrypted or unencrypted form.
  • Statement 22 The electronic signature application of statement 19 or 20, configured to receive the existing document for rendering from an off-chain source, and use the blockchain transaction to verify the received existing document, the blockchain storing a copy or hash of the existing document for performing said verification.
  • Statement 23 The electronic signature application of any of statements 18 to 22, wherein the second user input comprises at least one private key for computing the document signature data.
  • Statement 24 The electronic signature application of any of statement 18 to 22, wherein the second user input comprises data for decrypting at least one private key required to compute the document signature data, the encrypted private key stored in a location accessible to the electronic signature application.
  • Statement 25 The electronic signature application of any of statement 17 to 24 when dependent on statement 3, configured to verify the public key against a public key certificate of a certifying transaction associated with the public key.
  • Statement 26. A user device comprising: one or more processors configured to implement the electronic signature application of any of claims 17 to 25; and a user interface for receiving user input.
  • a linking transaction for a blockchain comprising an input for validly spending a spendable output of a blockchain transaction containing or referencing an existing document, and multiple outputs; wherein document signature data signs a portion of the linking transaction containing or referencing a supplementary document, whereby the document signature cryptographically links the supplementary document with the existing document; and wherein a signed portion comprises multiple outputs of the linking transaction; wherein a first of the multiple signed outputs is spendable and associated with the existing document, the signed portion defining a second signature requirement for the existing document, and wherein a second of the multiple signed outputs is spendable and associated with the supplementary document, the signed portion defining a signature requirement for the supplementary document.
  • a node for a blockchain network comprising one or more processors configured to verify the linking transaction of any preceding claim by checking document signature data signing the signed portion of the linking transaction satisfies the first signature requirement defined in the blockchain transaction.
  • Statement 29 A computer system for implementing the method of any of statement 1 to 16, the computer system comprising the user device according to statement 26 and the node according to statement 28.
  • the commercial invoice has the following states:
  • the table below illustrates how the modifications to the commercial invoice can be mapped to transactions on the blockchain.
  • the table below illustrates how the modifications to the packing list and shipper's letter of instructions can be mapped to transactions on the blockchain.
  • a transaction for an endorsed document can be spent:
  • the certificate of origin has the following states:
  • the table below illustrates how the modifications to the certificate of origin can be mapped to transactions on the blockchain.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Economics (AREA)
  • Computing Systems (AREA)
  • Development Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
PCT/EP2021/064909 2020-07-02 2021-06-03 Electronic document signatures Ceased WO2022002526A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US18/011,083 US12401519B2 (en) 2020-07-02 2021-06-03 Electronic document signatures
EP21731106.7A EP4143723A1 (en) 2020-07-02 2021-06-03 Electronic document signatures
CN202180047276.3A CN116097264A (zh) 2020-07-02 2021-06-03 电子文件签名
JP2022581409A JP7765156B2 (ja) 2020-07-02 2021-06-03 電子文書署名

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB2010177.0A GB202010177D0 (en) 2020-07-02 2020-07-02 Electronic document signatures
GB2010177.0 2020-07-02

Publications (1)

Publication Number Publication Date
WO2022002526A1 true WO2022002526A1 (en) 2022-01-06

Family

ID=72050340

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2021/064909 Ceased WO2022002526A1 (en) 2020-07-02 2021-06-03 Electronic document signatures

Country Status (6)

Country Link
US (1) US12401519B2 (https=)
EP (1) EP4143723A1 (https=)
JP (1) JP7765156B2 (https=)
CN (1) CN116097264A (https=)
GB (1) GB202010177D0 (https=)
WO (1) WO2022002526A1 (https=)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2023535354A (ja) * 2020-07-30 2023-08-17 エヌチェーン ライセンシング アーゲー ブロックチェーンベースの税金メカニズム
US12174576B2 (en) 2021-06-04 2024-12-24 Canon Kabushiki Kaisha Cleaning member and elastic member
WO2025002725A1 (en) * 2023-06-29 2025-01-02 Nchain Licensing Ag Blockchain transaction
JP2025538946A (ja) * 2022-10-28 2025-12-03 アップル インコーポレイテッド モバイル身分証明技術

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102568418B1 (ko) * 2021-08-26 2023-08-18 하이파이브랩 주식회사 다중 서명을 지원하는 전자 인증 시스템 및 방법
US11995215B2 (en) * 2021-12-03 2024-05-28 International Business Machines Corporation Verification of authenticity of documents based on search of segment signatures thereof
KR102829467B1 (ko) * 2021-12-08 2025-07-03 고려대학교 산학협력단 블록체인 기반 증거자료 공증 시스템의 제어방법, 이를 수행하기 위한 기록매체 및 시스템
US11960579B2 (en) * 2022-02-17 2024-04-16 Bank Of America Corporation Smart glass and blockchain digital signature implementation
US12361368B2 (en) * 2022-05-13 2025-07-15 Secro, Inc. System for international goods and commodities trading and management and related methods
US20250094912A1 (en) * 2022-08-01 2025-03-20 Highway App, Inc. Secured platform for managing transportation logistics load compliance

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190057362A1 (en) * 2016-02-23 2019-02-21 nChain Holdings Limited Blockchain-based exchange with tokenisation
US20190057382A1 (en) * 2016-02-23 2019-02-21 nChain Holdings Limited Registry and automated management method for blockchain-enforced smart contracts

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2013192125A (ja) 2012-03-15 2013-09-26 Hitachi Ltd 電子署名システム、電子署名や追記の方法
US10097356B2 (en) * 2015-07-02 2018-10-09 Nasdaq, Inc. Systems and methods of secure provenance for distributed transaction databases
US12323524B2 (en) * 2015-07-14 2025-06-03 Fmr Llc Social aggregating, fractionally efficient transfer guidance, conditional triggered transaction, datastructures, apparatuses, methods and systems
US10108812B2 (en) 2016-01-28 2018-10-23 Nasdaq, Inc. Systems and methods for securing and disseminating time sensitive information using a blockchain
EP3433811A1 (en) 2016-03-21 2019-01-30 Mastercard International Incorporated Method and system for recording point to point transaction processing
US20180158035A1 (en) 2016-12-06 2018-06-07 Sap Se Independent processing streams for event data
US11544708B2 (en) * 2017-12-29 2023-01-03 Ebay Inc. User controlled storage and sharing of personal user information on a blockchain
US20210320806A1 (en) * 2018-08-30 2021-10-14 Neuralia Technologies Inc. System and method for improved blockchain-implemented smart contract
US20200394651A1 (en) * 2019-06-13 2020-12-17 Gridplus, Inc. Dynamic off-chain digital currency transaction processing
WO2021061415A1 (en) * 2019-09-26 2021-04-01 Rui Wang Blockchain hot wallet based on secure enclave and multi-signature authorization
US11544252B2 (en) * 2019-12-17 2023-01-03 Akamai Technologies, Inc. High performance distributed system of record with extended transaction processing capability
US11720453B2 (en) * 2020-04-28 2023-08-08 Akamai Technologies, Inc. High performance distributed system of record with unspent transaction output (UTXO) database snapshot integrity

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190057362A1 (en) * 2016-02-23 2019-02-21 nChain Holdings Limited Blockchain-based exchange with tokenisation
US20190057382A1 (en) * 2016-02-23 2019-02-21 nChain Holdings Limited Registry and automated management method for blockchain-enforced smart contracts

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
COPIGNEAUX BERTRAND ET AL: "Blockchain for supply chains and international trade", 31 May 2020 (2020-05-31), pages 1 - 172, XP055819944, Retrieved from the Internet <URL:https://www.europarl.europa.eu/RegData/etudes/STUD/2020/641544/EPRS_STU(2020)641544_EN.pdf> [retrieved on 20210630] *
GANNE EMMANUELLE: "Can blockchain revolutionize international trade?", 31 December 2018 (2018-12-31), pages 1 - 163, XP055819956, ISBN: 978-92-8-704761-8, Retrieved from the Internet <URL:https://www.wto.org/english/res_e/booksp_e/blockchainrev18_e.pdf> [retrieved on 20210630] *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2023535354A (ja) * 2020-07-30 2023-08-17 エヌチェーン ライセンシング アーゲー ブロックチェーンベースの税金メカニズム
US12614165B2 (en) 2020-07-30 2026-04-28 Nchain Licensing Ag Blockchain based tax mechanism
US12174576B2 (en) 2021-06-04 2024-12-24 Canon Kabushiki Kaisha Cleaning member and elastic member
JP2025538946A (ja) * 2022-10-28 2025-12-03 アップル インコーポレイテッド モバイル身分証明技術
WO2025002725A1 (en) * 2023-06-29 2025-01-02 Nchain Licensing Ag Blockchain transaction

Also Published As

Publication number Publication date
JP7765156B2 (ja) 2025-11-06
JP2023536396A (ja) 2023-08-25
EP4143723A1 (en) 2023-03-08
CN116097264A (zh) 2023-05-09
GB202010177D0 (en) 2020-08-19
US12401519B2 (en) 2025-08-26
US20230231725A1 (en) 2023-07-20

Similar Documents

Publication Publication Date Title
US12401519B2 (en) Electronic document signatures
CN115880074A (zh) 用于在区块链上记录多个交易的方法和系统
GB2598945A (en) Commensal token system
US20230230076A1 (en) Agreements on the blockchain
US20230316272A1 (en) Divisible tokens
US20250069076A1 (en) Methods and systems for recipient-facilitated blockchain transactions
CN116194940A (zh) 基于区块链的税收机制
US20230325825A1 (en) Methods and systems for synchronised and atomic tracking
US12361395B2 (en) Method and system for synchronising user event streams with dust-based rendezvous transactions
US20240095692A1 (en) Computer implemented method and system
JP7802800B2 (ja) トランザクション署名フラグ
EP4454194A1 (en) Blockchain transaction
US20250139618A1 (en) A computer implemented method and system
US20240313952A1 (en) Message exchange system
EP4629150A1 (en) Computer-implemented methods and systems
US12619982B2 (en) Single-use tokens
WO2026068332A1 (en) File management with blockchain
WO2026068335A1 (en) File management with blockchain
CN119948805A (zh) 对区块链事务强制执行约束

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21731106

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2021731106

Country of ref document: EP

Effective date: 20221130

ENP Entry into the national phase

Ref document number: 2022581409

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWG Wipo information: grant in national office

Ref document number: 18011083

Country of ref document: US