WO2023123153A1

WO2023123153A1 - Systems and methods for miner fee settlement between wallets

Info

Publication number: WO2023123153A1
Application number: PCT/CN2021/142827
Authority: WO
Inventors: Liwei ZHAO; Zhenchun WU
Original assignee: Shanghai Wanxiang Block Chain Co., Ltd.
Priority date: 2021-12-30
Filing date: 2021-12-30
Publication date: 2023-07-06

Abstract

A system for wallets holding digital assets is disclosed. The system may provide a temporary wallet, a first hot wallet and a second hot wallet. The system may initiate an on-chain transaction for a digital asset associated with at least one of the temporary wallet or the first hot wallet. The system may execute a miner fee reimbursement payment process in response to the on-chain transaction and may transfer a miner fee reimbursement payment from the second hot wallet to one of the first hot wallet or the temporary wallet.

Description

SYSTEMS AND METHODS FOR MINER FEE SETTLEMENT BETWEEN WALLETS

FIELD

This disclosure generally relates to transacting in digital assets, and more particularly to secure asset custody systems for digital assets.

BACKGROUND

Cryptocurrency or digital asset networks such as, for example, the Bitcoin network may be a peer-to-peer payment system having a plurality of nodes that are connected to one another. Digital asset exchange computer systems allow for users to exchange local currency into or out of a desired cryptocurrency. Users send payments by broadcasting digitally signed messages to the cryptocurrency network. Users may, for example, send and receive payments using mobile applications on mobile devices, client software or a web browser. Transactions do not explicitly identify the payor and payee by name or wallet. Instead, a bitcoin transaction transfers ownership to a new address, referred to as a "currency address" . The currency address is derived from the public portion of one or more cryptographic key pairs. The private portion of a key pair is not disclosed to the public. To send a cryptocurrency to an address, a user broadcasts a payment message that is digitally signed with the associated private key.

Host computer systems reside at various nodes and may host accounts or "wallets" that allow users to make and accept payments using cryptocurrency. The wallet stores the public key of the cryptocurrency address and its associated private key. The transfer of cryptocurrency may be an onerous task if the entire public key of the cryptocurrency address has to be copied and transmitted. When a transaction is made between two wallets at the same or different host computer systems, the transaction is broadcast to the cryptocurrency network for verification. The cryptocurrency network may be a Distributed Ledger Technology (DLT) network such as a blockchain network. Network participants may verify the transaction and append the transaction to a shared database of transactions.

It may be a security concern for users that their cryptocurrency addresses may be stolen from their wallets. Existing systems do not provide a solution for maintaining security of cryptocurrency addresses while still allowing the users to use cryptocurrency addresses within their wallets for transacting with other users. In order for a user to access their wallet, the user may log into their account through the website using a user name and password. If the user name and password become compromised then it may be possible for cryptocurrency to be stolen out of the wallet. Users may therefore be reluctant to store cryptocurrency in their wallets without any additional security features. Cryptocurrency transacting requires the use of a public key and a private key. The private key is used to sign an authorization and the public key is used to verify the signature. Some users may require control over their private keys in order to ensure to such users that the cryptocurrency transacting will not take place without their express authorization.

SUMMARY

A system, method, and computer readable medium (collectively, the “system” ) is disclosed for wallets holding digital assets. In various embodiments, the system may provide a temporary wallet a first hot wallet and a second hot wallet. The system may initiate an on-chain transaction for a digital asset associated with at least one of the temporary wallet or the first hot wallet. The system may execute a miner fee reimbursement payment process in response to the on-chain transaction and may transfer a miner fee reimbursement payment from the second hot wallet to one of the first hot wallet or the temporary wallet.

In various embodiments, the system may receive a request to transfer the digital asset from a sending address to a receiving address. The system may determine whether the balance of a prepaid miner fee address associated with the sending address exceeds a prepayment threshold value. The system may execute the on-chain transaction in response to the balance of the prepaid miner fee address exceeding the prepayment threshold value.

In various embodiments, the system may determine the prepayment threshold value. The system may increase the prepayment threshold value in response to at least one of a transaction volume or a transaction volume rate. The system may decrease the prepayment threshold value in response to at least one of a transaction volume or a transaction volume rate.

In various embodiments, the system may generate an insufficient fee notice where the balance of the prepaid miner fee address associated with the sending address is less than the prepayment threshold value. The system may an instruction to pay miner fees. The system may transfer the miner fee reimbursement payment from the second hot wallet to the prepaid miner fee address associated with the sending address in response to the instruction to pay miner fees.

In various embodiments, the system may take a transaction fee. The system may segregate a portion of the transaction fee to generate a miner payment reserve. The system may pay a miner fee from the miner payment reserve and pull additional assets from a sending address in response to the miner fee exceeding the miner payment reserve.

In various embodiments, the system may generate an instruction to make a supplemental miner fee payment. The system may transfer the supplemental miner fee payment from the second hot wallet to the first hot wallet. The system may calculate a supplemental miner fee. The system may transfer the supplemental miner fee from the first hot wallet to the second hot wallet where the supplemental miner fee is greater than zero. The system may apply an absolute value function to the supplemental miner fee in response to the supplemental miner fee being less than zero. The system may transfer the absolute value of the supplemental miner fee from the second hot wallet to the first hot wallet in response to the supplemental miner fee being less than zero

The forgoing features and elements may be combined in various combinations without exclusivity, unless expressly indicated herein otherwise. These features and elements as well as the operation of the disclosed embodiments will become more apparent in light of the following description and accompanying drawings.

BRIEF DESCRIPTION

The subject matter of the present disclosure is particularly pointed out and distinctly claimed in the concluding portion of the specification. However, a more complete understanding of the present disclosure may be obtained by referring to the detailed description and claims when considered in connection with the drawing figures, wherein like numerals denote like elements.

FIGs. 1A through 1G are a block diagram illustrating an exchange platform system, in accordance with various embodiments;

FIG. 2 is a block diagram illustrating the access control system, in accordance with various embodiments;

FIG. 3 is flowchart illustrating a transaction process of a cold wallet, in accordance with various embodiments;

FIG. 4 is a diagram illustrating an independent wallet and a temporary wallet, in accordance with various embodiments;

FIG. 5 is flowchart illustrating a deposit process, in accordance with various embodiments;

FIG. 6 is flowchart illustrating a transaction process, in accordance with various embodiments;

FIGs. 7A through 7C are a flowchart illustrating a withdrawal process, in accordance with various embodiments;

FIG. 8 illustrates an optical communication process, in accordance with various embodiments;

FIG. 9 illustrates a key security process, in accordance with various embodiments;

FIG. 10 illustrates a wallet generation process and an address generation process, in accordance with various embodiments;

FIG. 11 illustrates an optical communications and signature process, in accordance with various embodiments;

FIG. 12 illustrates an encryption process of an exchange platform system, in accordance with various embodiments;

FIG. 13 illustrates an decryption process of an exchange platform system, in accordance with various embodiments;

FIG. 14 illustrates an account creation and data importation process, in accordance with various embodiments;

FIG. 15 illustrates a wallet structure, in accordance with various embodiments;

FIG. 16 illustrates a miner fee reimbursement payment process, in accordance with various embodiments; and

FIG. 17 illustrates a miner fee reimbursement payment process, in accordance with various embodiments.

DETAILED DESCRIPTION

The detailed description of various embodiments herein makes reference to the accompanying drawings and pictures, which show various embodiments by way of illustration. While these various embodiments are described in sufficient detail to enable those skilled in the art to practice the disclosure, it should be understood that other embodiments may be realized and that logical and mechanical changes may be made without departing from the spirit and scope of the disclosure. Thus, the detailed description herein is presented for purposes of illustration only and not of limitation. For example, the steps recited in any of the method or process descriptions may be executed in any order and are not limited to the order presented. Moreover, any of the functions or steps may be outsourced to or performed by one or more third parties. Furthermore, any reference to singular includes plural embodiments, and any reference to more than one component may include a singular embodiment.

With the development of the cryptocurrency/blockchain/digital asset industry, the compliance and security of online exchanges have attracted more and more attention. On one hand, as the management system of an exchange's core assets, the asset custody system is considered as the corner stone of an exchange; on the other hand, the cold wallet retains and keeps most digital asset of the exchange center. Therefore, the security of the cold wallet is of great importance to online exchange systems. Existing solutions for cold wallet struggle to meet enterprise level needs such as, for example, managing large amount and quantity of digital asset transactions, in transaction security management, and in fulfilling government/legally required ethics and compliance program requirements.

A cryptocurrency wallet may be a device, a physical media, a program, or a web service which stores the public and/or private keys for cryptocurrency transactions. The cryptocurrency wallet can be an online wallet, an offline wallet, or a combination thereof. An offline cryptocurrency wallet is also called a ‘cold’ wallet (in contrast to ‘hot’ wallet, which refers to the online cryptocurrency wallet) . Sometimes, a cold wallet is provided as a program, a software, or an application. In addition, a cold wallet may be provided as hardware (or a physical device) , such as USB-Key, and other hardware based on Near-Field Communication (NFC) technology such as

Wallets provided as hardware or a physical device are often referred to as a hardware wallet (or ‘hard’ wallet) . Such hardware wallets tend to be suited for individual and personal use. Hardware wallets tend to be limited in the amount and frequency of transactions which can be processed. In this regard, hard wallets and cold wallets tend to be unable to handle corporate level cryptocurrency transaction volumes. In order to meet corporate level transaction volumes, existing cold wallet systems tend to compromise with regard to security as described below.

Furthermore, in existing online trading platforms (e.g. exchanges or exchange platforms) of digital assets, all of the users’ assets are separated by different types of cryptocurrencies and then stored in related cryptocurrency addresses of the exchange, so that a certain user’s asset does not have any substantive settlement in the exchange. Therefore, except the exchange, a third party (such as a government compliance agency or a securities regulatory commission) cannot monitor a specific user’s digital assets and asset details of different cryptocurrencies, nor can it review the entire trading history of the specific user’s assets on the chain, because the trading history of the specific user’s assets is mixed with other users’ assets trading history in the same wallet address.

To unlock (or authorize transaction of) the digital asset (or cryptocurrency) , the existing cold wallet system are physically connected with the online cryptocurrency networks (for example, via an exchange system) through wireless networks, near-field communication (e.g.,

) , or physical ports such as, for example USB. Therefore, current cold wallet systems are not completely offline, they still need to be connected with the internet at some point during the transaction.

Furthermore, in enterprise level settings, more than one employee may be assigned permissions to transact digital assets (e.g., cryptocurrency) in order to help manage the large transaction volume. Additionally, some cold wallets may be limited in storage capacity. For example, some cold wallets can only store keys for certain digital assets (e.g., a Bitcoin wallet may not be able to store Ethereum. An Ethereum wallet may not be able to store Dash) . Where multiple employees have access to a cold wallet security concerns arise, but where a single employee has access throughput issues arise.

Moreover, in the existing DLT transaction structure, a transaction processed on cryptocurrency networks, such as outbound/outgoing transactions (e.g., from user A to user B, or a withdrawal from an exchange account to personal account. ) , incurs a network fee. These network fees are also called a miner fee. The miner fee is paid to cryptocurrency ‘miners’ , i.e. those systems which process the transactions and secure the network. Miner fees are usually generated during both the creation of a digital asset and the transaction of the digital asset. Typically, the miner fee cannot be accurately determined in advance of a transaction settlement. In some instances, the type of digital asset in the principal transaction is different from the type of digital asset the miner requests to process the transaction. For example, the asset in transaction may be cryptocurrency A (e.g., USDT ERC20) , and the miner may request cryptocurrency B (e.g., ETH) for payment of the miner fee.

Such instances tend to complicate audit and compliance process which may be mandated by governments and regulators. For example, anti-money laundering compliance for an exchange platform may require that each transaction be accurate and clear (as to transacting party, amount, time, types of asset, etc. ) and also that assets of the exchange platform be strictly separated from platform user assets to maintain isolation between the accounts and settlements.

Furthermore, where amounts are transferred between wallets owned by a common user within an exchange platform a problem exists where the user will not receive the full requested transaction value because the miner fee may be automatically deducted from the transaction value by the network. For example, a user initiates a transaction (e.g., for 10 ETH) from address A to address B where both addresses are related to the user’s own wallets within the exchange platform (i.e., an internal transaction) . The transfer amount (e.g., 10 ETH) from address A may be different than the received amount (e.g., 9 ETH) at address B because of the miner fee (e.g., 1 ETH) which may be deducted by the network in processing the transaction.

As such, the present system may solve the problem of user’s not receiving the full value of internal transactions and of providing enhanced transparency of transactions to regulators by enabling a pre-payment mechanism within the exchange platform to settle miner fee payments across multiple digital assets. The system may increase data reliability or accuracy by enabling data logging. The system may increase data security by enabling separation to between online and offline storage elements and by segregating permissions between differing sets of users. Benefits of the present disclosure may apply to any suitable trading environment. For example, the present disclosure may apply in equity trading, currencies trading, futures trading, and/or any other financial instrument, as well as in information analysis or fraud prevention contexts.

This process improves the functioning of the computer. For example, the systems and processes described herein may tend to accelerate secure storage and transfer operations of digital assets thereby reducing network processing overhead.

As used herein, “electronic communication” means communication of at least a portion of the electronic signals with physical coupling (e.g., “electrical communication” or “electrically coupled” ) and/or without physical coupling and via an electromagnetic field (e.g., “inductive communication” or “inductively coupled” or “inductive coupling” ) . As used herein, “transmit” may include sending at least a portion of the electronic data from one system component to another (e.g., over a network connection) . Additionally, as used herein, “data, ” “information, ” or the like may include encompassing information such as commands, queries, files, messages, data for storage, and the like in digital or any other form.

As used herein, “satisfy, ” “meet, ” “match, ” “associated with” , or similar phrases may include an identical match, a partial match, meeting certain criteria, matching a subset of data, a correlation, satisfying certain criteria, a correspondence, an association, an algorithmic relationship, and/or the like. Similarly, as used herein, “authenticate” or similar terms may include an exact authentication, a partial authentication, authenticating a subset of data, a correspondence, satisfying certain criteria, an association, an algorithmic relationship, and/or the like.

Systems, methods, and computer program products are provided. In the detailed description herein, references to “various embodiments, ” “one embodiment, ” “an embodiment, ” “an example embodiment, ” etc., indicate that the embodiment described may include a particular feature, structure, or characteristic, but every embodiment may not necessarily include the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described. After reading the description, it will be apparent to one skilled in the relevant art (s) how to implement the disclosure in alternative embodiments.

With reference to FIGs. 1A through 1G, an exchange platform system 100 is depicted according to various embodiments. System 100 may include various computing devices, software modules, networks, and data structures in communication with one another. System 100 may also contemplate uses in association with web services, utility computing, pervasive and individualized computing, security and identity solutions, autonomic computing, cloud computing, commodity computing, mobility and wireless solutions, open source, biometrics, grid computing and/or mesh computing.

In various embodiments, system 100 may comprise a client service module 102, an asset custody module 104, a data center module 106, an exchange system module 108 (i.e., exchange module) , a basic services module 110, and a web client interface module 112. In various embodiments, the system may include a settlement service 178 configured to provide settlement data 180 to the data center module 106. The system may include a risk management system 182 configured to communicate with the asset custody module 104, the exchange system module 108 and the client service module 102. The risk management module 182 may provide risk data 184 to the data center module 106. System 100 may be computer based, and may comprise a processor, a tangible non-transitory computer-readable memory, and/or a network interface, along with other suitable system software and hardware components. Instructions stored on the tangible non-transitory memory may allow system 100 to perform various functions, as described herein. In various embodiments, system 100 may be configured as a central network element or hub to access various systems, engines, and components of system 100. System 100 may comprise a network, computer-based system, and/or software components configured to provide an access point to various systems, engines, and components of the system.

Web client interface 112 may be in operative and/or electronic communication with the client service module 102, asset custody module 104, data center module 106, exchange system module 108, and basic services module 110. In this regard, the web client interface 112 may allow communication from a user 114 to systems, engines, and components of system 100. In various embodiments, the user may communicate with the web client interface 112 via a user device. The user device may comprise software and/or hardware in communication with the web client interface 112 via a network comprising hardware and/or software configured to allow an account owner, an administrator, a user, a customer, a super admin and/or the like, access service provider 102. User device 104 may comprise any suitable device that is configured to allow a user to communicate with a network and the system 100. The user device may include, for example, a personal computer, personal digital assistant, cellular phone, kiosk, a mobile device, and/or the like and may allow a user to transmit voice communications and/or data. In various embodiments the user device includes a camera and a display screen.

In various embodiments, the client service module 102 may be configured to provide various client services such as, for example, client identity management. Client service module 102 may include user services 116 such as, for example, user interfaces to the exchange system, deposit and withdrawal services, transaction services and/or the like. Client service module 102 may be configured perform Know Your Customer (KYC) services 118 including background checking 120 and identity authentication 122 services.

In various embodiments, data center module 106 may include any number of database structures 124 or data elements such, for example, exchange data, client data, marketing data, and operation data. Data center module 106 may be configured to maintain exchange data such as, for example, data sets relating to exchange platform transactions such an exchange, a transaction type, a financial instrument, a currency, a price, a quantity, a date, a timestamp, risk management data, financial data, and/or the like. Any of the database structures 124 may include metadata and system 100 performance data and event logs and/or the like. Data center module 106 may be configured to maintain client data such as, for example, past orders, past transactions, bills, user information, client service module data, and/or the like. Data center module 106 may be configured to maintain marketing data such as, for example, event tracking statistics, external data, referral data, partner data, promotional data, and/or the like. Data center module 106 may be configured to maintain operations data such as, for example, monitoring statistics, devops statistics, performance data, and/or the like. In various embodiments, the data center module 106 may provide a historical data query service 126 and a reporting service 128.

Asset custody center module 104 may be configured to provide physical control over one or more virtual assets such as, for example, cryptocurrencies, tokens, and/or the like. In various embodiments, the virtual asset may comprise one of reward points such as, for example, those associated with a reward program, coupons, credit cards, hotels, frequent flyer program, online services, and/or the like. In various embodiments, the virtual asset may comprise a token of or representation of a fiat currency, or a relatively closed currency such as, for example, a currency of a game economy. In various embodiments, the virtual asset includes cryptocurrencies which may be supported by a distributed ledger and/or blockchain network such as, for example, Bitcoin,

Bitcoin Cash, EOS, Litecoin, Tron, Ripple, DASH ^TM, Monero, and/or the like The asset custody center module 104 may be configured to provide various asset related services such as, for example, deposit and withdrawal service 130, Anti-Money Laundering (AML) service 132, whitelist service 134 and custody account service 136. Custody account service 136 may include one or more wallets such as a hot wallet or a cold wallet configured to communicate with an asset custody database 138.

In various embodiments, the exchange system module 108 may comprise hardware or software configured to process market transactions in a plurality of virtual assets. The exchange system module 108 may comprise or interact with an order service 140 and a clearing service 142 via an exchange mainline 144 to match orders and execute transactions based on the matching orders. In various embodiments, exchange mainline 144 may be configured to generate market data such as, for example, price data and volume associated with the order book and may provide the market data to a market data service 146. In various embodiments, the exchange mainline 144 may be supported by one or more mainline services 148 such as a main order service and a primary matching engine 150 and a standby matching engine 152. In this regard the exchange mainline 144 may be configured to match order book entries received form order service 140 and enable redundant operations tending thereby to enhance transaction reliability and system uptime. Exchange system module 108 may be accessible via a trading account service 154 configured to communicate with the various systems, engines, and components of the exchange system module 108. In various embodiments, the trading account service 154 may be configured to record data in an internal storage database 156 and communicate with a persistence service 158. In various embodiments, clearing service 142 may be configured to provide cleared transaction data 160.

In various embodiments, the basic services module 110 may be configured to provide operations staff with command and control functions of the system 100. The basic service module may include one or more web client interfaces 164 having features, processes, and architecture similar to the web client interface module 112. The web client interface 164 may be tailored to administration, command, and control functions of system 100. Basic services module 110 includes one or more administrative services such as product configuration service 166, exchange configuration service 168, review service 170, operator audit service 172, message center 174, and access control service 176. The web client interface 164 may be configured to provide the operations staff 162 access to each of the

services

166, 168, 170, 172, 174, and 176.

Referring now to FIGs. 2-14, the process flows depicted are merely embodiments and are not intended to limit the scope of the disclosure. For example, the steps recited in any of the method or process descriptions may be executed in any order and are not limited to the order presented. It will be appreciated that the following description makes appropriate references not only to the steps depicted in FIGs. 2-15, but also to the various system components as described above with reference to FIG. 1A-1G.

In various embodiments, and with reference to FIG. 2 an access control system 200 may be established in system 100 by giving different permissions of the system (such as, for example, a wallet system) to various users. The access control system may have permission levels, including a super admin 210 and a user 212. The super admin 210 may have user management controls 236, including management of the user maintenance 240, the permission management 238, and the audit log 234. The user 212 may have the ability to conduct wallet management 224, address management 226, perform transactions 228, system setup 230, and conduct currency management 232. Each of these user permissions may include sets of associated actions which may be requested by the user and execute by the system such as wallet management actions 214, address management actions 216, transaction related actions 218, system management actions 220, and currency management actions 222.

In various embodiments, a user is created by the super admin. The super admin may have control of user management. Each user may be given relevant permissions by the super admin. Each user can only access the relevant sets of actions (or individual actions within the set) and the associated GUI that he or she has been assigned access to (i.e., permissioned for) , and cannot access the part that he or she does not have.

In various embodiments, when using a cold wallet in a transaction, the user records/initiates the transaction, the managers (e.g. five mangers or corporate executives) authorize/approves the transaction, respectively, using their keys. For example, as a preset condition, if at least any three of the five keys are provided, this transaction may complete.

In various embodiments, an audit log may be managed. For example, the system may create an audit log (or activity log) of events in the cold wallet, and trace what events happened, when the events occurred, and who caused the events, if necessary, auditors (e.g., the administrator of the exchange platform) can locate problems and accountability through the audit log afterwards. The activity log may include records of actions taken by the super admin. For example, the system may create an activity log associated with the cold wallet and the user. The system may record each of an action (e.g., delete a file, publish a transaction, create an address) , the user associated with the action, and a timestamp in the activity log. In various embodiments, the action may be an operation performed via the cold wallet application and in response to a user request. A benefit of the access control system is that the system tends to avoid the risks inherent to centralized control in which only one or a limited set of persons have the permission of approving the transaction.

In various embodiments and with reference to FIG. 3, a cold wallet process 300 of system 100 is illustrated. With combined reference to FIG. 14, the process 300 may start in response to receiving an access request comprising a login information from a first super admin at a cold wallet application 1400 (step 302) . The system may create a user account for a user in the cold wallet application in response to receiving a user creation request 1402 from the first super admin 1410 account (step 304) . The cold wallet application 1400 may return an account creation success message 1404 do the first super admin 1410. The system may set one or more permissions for the user account in response to receiving a permissions setting 1406 from the first super admin 1410 (step 306) . In various embodiments, the permissions include enabling a request to create a wallet, In various embodiments, the permissions may include assignments of address management. For example, Employee A may be assigned the responsibility of trading and Employee B may be assigned permissions for address management. In the event Employee B departs, the admin could assign a temporary permission to Employee A for address management until a permanent replacement for Employee B is found. Then, the temporary permission of Employee A for address management would be revoked. The cold wallet application 1400 may return a permission setting success message 1408 to the first super admin 1410. In this regard, after a super admin creates a user, and then assigns permissions for the user, the corresponding information and permissions of the user will be saved as a list in the cold wallet application. The cold wallet application may check the user's permission list after login, and may present only those functions that the user has received permission to use. Thus, the user can only see the operation interface and buttons according to the assigned permissions, and those not assigned are not presented to the user.

With additional reference to FIG. 10, the process 300 may continue in response to receiving an access request comprising a login information from the user at the cold wallet application (step 308) . The system may generate a wallet of the cold wallet application in response to receiving a request to create a wallet 1002 form the user 1000 (step 310) . In response, the system may start a wallet generation process 1004. The cold wallet application 1400 may send a key generation request message 1006 to a security proxy 1008. The security proxy 1008 may pass a forwarding message 1010 to a hardware security module 1012. In response to receiving the forwarding message 1010, the hardware security module may generate a wallet keyname 1014. The hardware security module may return the wallet keyname 1014 to the security proxy 1008. The security proxy 1008 may forward the wallet keyname via a forward message 1016 to the cold wallet application 1400. In response, the cold wallet application may return a wallet creation success message 1018 to the user 1000.

In various embodiments, process 300 may continue by generating a cold wallet cryptocurrency address of the cold wallet application (step 312) . Cold wallet application 1400 may receive a create address request 1020 from the user 1000 and start an address generation process 1030. In response the cold wallet application 1400 may pass a generate address message 1022 to the security proxy 1008. The security proxy 1008 may pass a forwarding message 1024 to the hardware security module 1012. In response to receiving the forwarding message 1024, the hardware security module 1012 may generate an address keyname 1026. The hardware security module 1012 may return the address keyname 1026 to the security proxy 1008. The security proxy 1008 may forward the address keyname 1026 via a forward message 1028 to the cold wallet application 1400. The cold wallet application may return an address creation success message 1032 to the user 1000.

The system may import a hot wallet cryptocurrency address to the cold wallet application (step 314) . For example, with renewed reference to FIG. 14, a user (e.g., user 100) or the super admin 1400 may send a hot wallet cryptocurrency address 1412 to the cold wallet application 1400. The cold wallet application 1400 may return an import success message 1414. In various embodiments the system may import transaction data of the exchange platform to the cold wallet application 1400 (step 316) . For example, the system may obtain transaction data from exchange system module 108 via the trading account service 154.

With additional reference to FIGs 8 and 11,

steps

314 and 316 may include optical communication process 800. The system may generate a QR code 804 such as a first QR code 1104 comprising the hot wallet cryptocurrency address of the hot wallet 802 and the transaction data of the exchange system. The first QR code 1104 may be generated by comprising the data via a zstd algorithm (step 806) . The system may receive the hot wallet cryptocurrency address and the transaction data of the exchange system module at the cold wallet application 1400 in response to optical recognition of the first QR code 1104. For example, the cold wallet application may be native to a mobile device 1102 of the system which may recognize the displayed QR code via a camera of the mobile device and, in response, may decompress the first QR code 1104 via the zstd algorithm (step 808) . In various embodiments, prior to applying the zstd algorithm, the system may apply a binary message exchange protocol (e.g., protobuf) for message encoding. In this regard the zstd algorithm may be used to compress the binary data gain. In various embodiments, the system may employ a low binary loss encoding algorithm (e.g., base64) for transcoding. The optical communication process tends to ensure complete physical separation of any hot wallet of the exchange system module and any cold wallets of the asset custody module.

In various embodiments, the user 1000 may login to the cold wallet application 1400 (step 318) . It will be appreciated that the cold wallet application 1400 may be a micro- app as discussed below. The user 1000 may login via a mobile device (e.g., mobile device 1102) may sign a transaction (signature request 1106) of the imported transaction data via the cold wallet application to generate a signed transaction. For example, the signature request 1106 may be provided to the security proxy which may forward the request to the hardware security module and/or a keystore 1108. In various embodiments, the cold wallet application may generate a second QR code 1110 comprising the signed transaction. The cold wallet application may display the second QR code 1110. For example, the cold wallet application may be native to a mobile device (e.g., mobile device 1102) of the system and may display the second QR code 1110 via a display screen of mobile device. The system may scan the QR code via the cold wallet application 1400 (step 320) . In this regard the system may receive the signed transaction at the exchange system module in response to optical recognition of the second QR code. In various embodiments, the system may send the transaction to the blockchain 1112 (step 322) .

In various embodiments, each of platform A 1114 and platform B 1116 may receive the signed transaction from the mobile device 1102. Each of platform A 1114 and platform B 1116 needs to accept the signed transaction thereby tending to improve transaction security and fidelity. The system may provide a transaction confirmation to the mobile device. In response to each of platform A 1114 and platform B 1116 accepting the signed transaction, the system may send the transaction to the blockchain 1112. The cold wallet application 1400 may be configured to communicate with platform B 1116 to authenticate the transaction, only in response to receiving a transaction request from platform A 1114. In this regard, the system may tend to inhibit forged transactions in the event platform A 1114 is compromised. An attacker must compromise both platform A 1114 and platform B 11116 at the same time to forge a transaction. In various embodiments, platform A 1114 and platform B 11116 may be deployed in different networks, tending thereby to reduce the possibility of simultaneous attack. The transaction may be signed and encrypted in the transmission process, which tends to ensure that the transaction message cannot be intercepted or altered during the process.

With additional reference to FIG. 4, in various embodiments, the asset custody module includes a wallet system 400. System 400 may include

temporary wallets

402, 418, 434 and

cold wallets

410, 426, 442. A plurality of

temporary wallets

402, 418, 434 may be associated with a plurality of

cold wallets

410, 426, 442. The wallet system 400 may include a temporary wallet 402 associated with a cold wallet 410. Client A may own at least one wallet address. For example, Client A is associated with Address A 404, and Address B 406 of the temporary wallet 402. Address A 404 may be associated with a cryptocurrency, such as Bitcoin. Address B 406 may be associated with a cryptocurrency, such as Ethereum. The temporary wallet 402 may have a plurality of digital assets stored at locations accessible to the temporary wallet 402. The wallet system 400 may contain a temporary wallet 418 associated with a cold wallet 426.

In various embodiments, the exchange platform system 100 may, via wallet system 400, support three types of cold wallets, namely Hardware Security Module (HSM) -Hierarchical Deterministic (HD) wallets, HSM-random wallets, and software wallets. Key management and signatures of the software wallets may be based on a software keystore, while HSM-HD wallets and HSM-random wallets may be based on HSM. Among them, all addresses under HSM-HD wallet are derived from one seed; however, all addresses of HSM-random wallet are randomly generated without seeds. Assets in the cold wallet application may only be transferred to the hot address (i.e., the address generated by the hot wallet, which contains the private key and can be connected to the Internet) registered in the cold wallet application. In this regard the wallet system 400 may ensure that the transfer destination of the assets is controllable. Such hot addresses are listed in a whitelist of the cold wallet.

With additional reference to FIGs. 9, 10, and 14, a key security process 900 of the wallet system 400 is illustrated in accordance with various embodiments. Process 900 includes a multi-component key generation process 902 and a key recovery process 904. A plurality of users 906 may each enter an independent key component associated on a one to one basis with each of the plurality of users. The system may receive five key components 908 at the cold wallet application 1400. The cold wallet application 1400 may start process 902 and pass a key generation request 910 to the security proxy 1008. Security proxy 1008 may pass a forward message 912 to the keystore 1108. In response to receiving the forward message 912 the keystore 1108 returns a keyname 914 to the security proxy 1008. In response to receiving the keyname 914, security proxy 1008 passes a forward message 916 including the keyname to the cold wallet application 1400. In response, the cold wallet application 1400 returns a create success massage 918 to the users 906.

With additional reference to FIG. 12, an encryption process 1200 of system 100 is illustrated in accordance with various embodiments. Keys generated by wallet system 400 may be protected via process 1200. Process 1200 may be described by the following pseudocode:

keys=<key1, key2, …keym>

saults=<sault1, sault2, …saultm>

keys’ = keys + saults = <key1’, key2’, …keym’>

keymatrix = keys’nm = [ {key1’, key2’, …, keyn’} , …, {key2’, key3’, …, keym’} ]

finalkeys= [ {key1’ XOR key2’ XOR …keyn’} , …, {key2’ XOR key3’ XOR …keym’} ] = <finalkey1, finalkey2, finalkeyk) , k= C nm

encrypteddatas = finalkeys encrypt data = {encrypteddata1, encrypteddata2…, encrypteddatak}

The system may add salt values 1202 to the keys 1204 and then hash them via a hashing algorithm 1206 to generate a corresponding hash 1208. The purpose of hash is to make the passwords of different lengths entered by the user get the same length of AES keys, The purpose of adding salt values is to make the key deviate from the original track to prevent the person who entered the key from using the vulnerability of XOR to control the result of the final merged key. They system XOR every two keys among three keys is to generate three final keys 1210 for encrypting data 1212 (the same as the number of keys used for decryption) . The system may apply an encryption algorithm 1214 to encrypt the seeds with the three keys which are merged to obtain the seeds of the final ciphertext. The hash of the seed may be calculated by the system to ensure the integrity of the seed, that is, the hash calculated from the decrypted data must be consistent with this hash to prove that the seed has been decrypted normally.

With additional reference to FIG. 13, a decryption process 1300 of system 100 is illustrated in accordance with various embodiments. Process 1300 may be used to recover the keys and corresponding key seeds of the wallet system 400. Process 1200 may be described by the following pseudocode:

keys=<key1, key2, …keyn>

saults=<sault1, sault2, …saultn>

keys1=keys+ saults = <key1’, key2’, keyn’>

finalkey=key1’ XOR key2’ …XOR keyn’

finalkey decrypt encrypteddatas = data

The system may add salt values 1302 to two keys 1304 and hash them via hashing algorithm 1306 to generate hashes 1308. The hashes 1308 may be combined in order to recover one of the final keys 1310 used in encryption of process 1200. The system may use the recovered keys 1310 to decrypt the encrypted data (such as, for example, key seeds) one by one in order to parse out a match (e.g., a key seed matching the reconstructed final key) . The process may generate decryption errors 1312 where there is no match. After the decryption is successful, the system may to calculate whether the hash of the seed is consistent with the previously saved hash. Where they are consistent, the system may determine decryption is successful, and that the two keys are correct.

In various embodiments, the system may enable an M-of-N protection mechanism. N number of people, each input a part of the key. The system may then discretize the N key components (e.g., via SHA256) , and then combine the key components of each of the N parts to obtain a total of X different keys. In various embodiments, the system may then separate the X keys. The system may encrypt the seed (e.g., via AES256) to get X different key seeds and may save the X key seeds. In this regard, for use of the seed the system need only receive M (M<X, M<N) keys. For components, the system may combine the M keys into one key and try to decrypt X key seeds. The system may then compare them with the key component of the seeds. Where they are consistent, the system may determine that the input components are correct.

In various embodiments, for software wallets of system 400, the key component may be entered when the seed is created and used, and the key may be deleted after use by the system. The data layer may only save its security seed and corresponding discrete value. For a software wallet, the key is entered when the seed is created and used, and then destroyed (the key plaintext will be covered) . Under this condition, only the seed and its discrete values of the ciphertext are saved. Therefore, the seed can be unlocked only when the physical device, the keys controlled by external personnel (i.e., multiple keys) , and the key algorithm are mastered at the same time. In this regard, security of the seed is enhanced by the methods and process of system 400. For example, when the software wallet is backed up by the system, a number of key seeds (e.g., 10) protected by N key components (e.g. 10) in the KeyStore will be backed up. The completeness/integrity of the ten key seeds may be verified through checking any three of the ten key components. The system may, record the backed up data to at least three non-rewritable ROMs and store the ROMs in three different locations. In this regard, physical security of the backed up data is enhanced. For example, once one or two of the ROMs in somewhere are destroyed by natural disasters, the left copy or copies of ROM (s) may still work and the stored data (key seeds) of the ROM (s) could be obtained to back up and recovery the keys. If the current wallet is damaged (e.g. data is manually deleted and not recoverable, the hard drive for storing data is damaged, and other situations that data is not recoverable) , it may be restored through the backup seed combined with the cold wallet application.

In various embodiments, wallet system 400 may maintain information such as, for example, audit logs which may be stored in local data files of the wallet (for example, the cold wallet application) . In various embodiments, the cold wallet application may be able to access the data files only when it is running. In this regard, users of the Cold Wallet Application are inhibited from altering or destroying the data file. For example, an user who has performed an improper operation may want to delete the audit log and destroy the record of the improper operation.

The system may enable enhanced data quality and security by allowing only a root user to set permissions for data files to be ‘accessible during runtime’ . In various embodiments, the system may receive and access request form each of a first super admin, a second super admin, and a third super admin at the cold wallet application. The system may assign a root user in response to receiving each of the access requests from the super users. having assigned the root user, the system may enable an accessible during runtime status of the data file in response to a request from the root user.

In various embodiments, the cold wallet application may receive three key components 920 at the cold wallet application 1400. In response the cold wallet application may start process 904 and pass a generate address request message 922 to the security proxy 1008. In response, security proxy 1008 may send forward message 924 to keystore 1008. The key store 1008 may unlock the key (e.g., generated in by process 902) and provide a return address 926 to the security proxy 1008. In response to receiving the return address, security proxy 1008 may send a forward message 928 comprising the return address to the cold wallet application 1400. In response, the cold wallet application 1400 may return a create success message 930 to the users 906. In various embodiments, the logical processing functions may be centralized in the cold wallet application, while sensitive information is stored in the HSM or keystore. In various embodiments, the HSM and the keystore may be both physically and logically separated.

With renewed reference to FIG. 4, in various embodiments, a review of the digital asset may be performed to transfer the digital asset from a

temporary wallet

402, 418, 434 to the associated

cold wallet

410, 426, 442. In various embodiments, the review of the digital asset may be an Anti-Money Laundering review (AML) . In various embodiments, if the digital asset passes the review the digital asset may be transferred to a cold wallet (See FIGs 5 and 6) . The

cold wallet

410, 426, 442 may be a be a client wallet. The

cold wallet

410, 426, 442 may be an offline wallet. In various embodiments, the

cold wallet

410, 426, 442 may be connected to a network or the internet. In various embodiments, a benefit of using temporary wallet may be to separate client’s asset to be transferred and reviewed from the other assets. The temporary wallet may be used for anti-money laundering review or audit when the client deposit new funds. The temporary wallet may be arranged in the asset custody module 104 as an online or hot wallet.

In various embodiments, the exchange platform system may verify the digital asset by checking the hash (or other features related to the source of the funds) to determine that it meets certain standards. For example, the system may check the addresses of the incoming funds against a whitelist of addresses. In another example, the system may mark or report source features such as large inflows or outflows of assets from a client account. In another example, the system may check behavioral features such as an increase in the number of withdrawals from a previously low activity account. For example, the system may calculate an average rate variance for an account over a selectable time horizon (e.g., transactions per minute per week) and may generate an alert where the rate variance exceeds a rate variance threshold value. The exchange platform system may store the hash of digital asset associated with the temporary wallet. The exchange platform may then submit the hash to a third-party administration agency (e.g., risk management system 182) . The third party administration agency may be a secondary review system. The third-party administration agency may run AML review using the hash of the wallet. The third-party administration agency may return a YES or NO result to the exchange platform based on the AML review. The third-party administration agency may use the hash as a key. The hash may enable the third-party review system to review AML required information, such as transactional records without having to receive the associated private keys. If the review result is YES, the system tags the digital asset as passed AML review, and enables transfer to the cold wallet. If the review result is NO, it fails AML review, and the digital asset does not transfer to the cold wallet. If the asset meets the AML requirement, the asset may be transferred to a wallet address of the system.

In various embodiments, the temporary wallet is associated with a user, and a cold wallet is associated with a user. The temporary wallet may comprise many addresses where data can be stored. For example, a digital asset may be stored at an address in the temporary wallet. In various embodiments, the digital asset is stored at an address using an identifier or key that is used to assess the digital asset. As discussed above, the digital asset may be a cryptocurrency.

With reference to FIG. 5, in various embodiments, a deposit process 500 of the exchange platform system 100 is illustrated. In various embodiments, steps marked in the ‘exchange’ lane may be performed by the exchange system module 108 and steps marked in the ‘asset custody system lane’ may be performed by asset custody module 104. In various embodiments, the exchange system module 108 and asset custody module 104 are separate servers connected to the exchange system platform 100 via a network.

In various embodiments, a client may start process 500 and by initiating a deposit (step 502) . The system may receive the digital asset or data related to the digital asset. The system may complete a KYC process (step 504) (i.e. know your client/customer, a form of system-client authentication) . The system may deposit the cryptocurrency or digital asset to the temporary wallet allocated by the exchange for the client. The asset custody system may detect the transfer of digital assets (step 506) and subsequently notify the exchange of the transfer (step 508) .

In various embodiments, the system conducts an Anti-Money Laundering (AML) review process on the digital asset in the temporary wallet (step 510) . The system will determine whether the digital asset passes the review (step 512) . If the digital asset does not pass the AML review, the system may freeze the assets and accounts under the client’s name and notify the operation specialist to deal with it (step 514) . If the digital asset does pass the AML review, then the review of the digital asset may also comprise determining whether the incoming fund is accepted by the system (step 516) . The acceptance by the system may be based on whether the assets are supported by the exchange system module 108. If the assets are not supported by the exchange system module 108, the assets may not be included in the account and the system may notify the operations specialist to deal with it (step 518) . If the assets are supported by the exchange system module 108, the digital asset may then pass to an additional review process. The system may determine whether the amount of incoming digital assets is less than the minimum deposit amount required (step 520) . If the amount of incoming digital assets is less than a minimum deposit amount, the digital assets may not be included in the account and the system may notify the operations specialist to address the issue (step 522) .

In various embodiments, if the digital asset passes each part of the review, the system may notify the asset custody system to transfer the assets to a corresponding cold wallet (step 524) . The system may then transfer the digital assets to the cold wallet pre-configured for the client (step 526) . The system may display that the clients’ assets have increase correspondingly on (step 528) , the system may then send a notification message to the client regarding the increase (step 530) , and the client may receive the notification of the increase (step 532) . If the digital asset does not pass the review, the corresponding account and digital assets may be frozen by the system so that it temporarily stays at the buffer address and may not be collected or merged to permanent wallet address of the asset custody module such as, for example, a cold wallet address. A notification may be triggered by the system and forwarded to a regulatory agency such as, for example, the Securities and Financial Commission (SFC) or other government agencies functioned similarly as the SFC in response to a digital asset not passing review.

With reference to FIG. 6, in various embodiments, a transaction process 600 may be performed by an independent wallet of the system 100. Process 600 may be started where a buyer conducts an entrusted transaction at the exchange system module 108 (step 602) and/or a seller conducts an entrusted transaction at the exchange system module 108 (step 604) . The buyer and seller may both engage in a transaction, and entrust the exchange system module 108 to perform the transaction. The system may check whether both parties have sufficient underlying assets to cover the transaction value and the transaction fees. If there are insufficient underlying assets and fees the exchange system module 108 may freeze the buyer’s corresponding underlying assets and transaction fees of the transaction (step 606) . Similarly, where the seller conducts an entrusted transaction, the exchange system module 108 may freeze the corresponding target assets and transaction fees of the transaction (step 608) . Where both the buyer and seller have sufficient assets to cover the transaction and the transaction fees, the exchange system module 108 may perform a transaction matchmaking process (step 610) . In response, the exchange system module 108 may generate an order ID associated with desired transaction (step 611) .

In various embodiments, the exchange system module 108 may conduct transaction clearing process whereby, after the clearing, the asset may be kept in a frozen state until the settlement is completed (step 612) . Exchange system module 108 may notify the asset custody module 104 of the settlement completion (step 614) . In response, the asset custody module 104 may then transfer the underlying assets from the buyer’s wallet to the seller’s wallet (step 616) and/or transfer the target assets from the seller’s wallet to the buyer’s wallet (step 618) . The system may transfer the underlying assets from the buyer's wallet address to the seller's address and transfers the target assets from the seller's wallet to the buyer's wallet, simultaneously, or in an order, or step-by-step. The asset custody module 104 may then notify the exchange system module 108 of the settlement success, the corresponding results, and the on-chain transaction hash (step 620) . The exchange system module 108 then may bind the on-chain transaction hash to the order ID associated with the transaction (step 622) . After the settlement, the exchange system module 108 may update the asset accounts, transaction fee accounts, and miner fee accounts of the clients (step 624) . The exchange system module 108 may then notify the clients that the transaction is complete (step 626) .

With reference to FIGs. 7A-7C, in various embodiments, a withdrawal process 700 of system 100 is illustrated. The withdraw process 700 includes a plurality of withdrawal steps, the of the withdrawal process 700 may be conducted in any order.

The client may initiate a withdraw via the web client interface 112 (step 702) . The client might also select a withdrawal address from a saved withdrawal address whitelist. The client may enter a cryptocurrency type and amount (step 704) and chose a withdraw address from the whitelist (step 706) . The client may add an address for withdrawal. Specifically, if it is the first time for a client to initiate a withdrawal, the client may input the withdrawal address manually. The client may then confirm the withdrawal (step 708) .

In various embodiments, the exchange system module 108 may then conduct a review process. The review process may include, determining by the exchange system module 108 whether the market is closed (step 710) . The review process may include, determining by the exchange system module 104 whether the client account is frozen (step 714) . The review process may include, determining by the exchange system module 104 whether withdrawals are disabled (step 718) . If the market is closed, the exchange system module 108 will notify the client (via the web client interface 112) that the market is closed (step 712) . If the account is frozen the exchange system module 108 may notify the client via the web client interface 112) , the account is frozen (step 716) . Similarly, where withdrawals are disabled, the exchange system module 108 may notify the client via the web client interface 112 that withdrawals are disabled (step 720) . The exchange system module 108 may determine if a password free period is used (step 722) . If a password free period is not used the exchange system module 108 may be configured to wait for entry of the withdrawal password (step 724) . The exchange system module 108 may further determine if the type of currency is restricted to be withdrawn (step 728) . If so, the exchange system module 108 may notify the client this type of currency is restricted (step 726) .

If not, the exchange system module 108 may then determine if there are sufficient assets to enable the withdrawal (step 730) . If the assets are not sufficient, the system may notify the client of insufficient assets (step 732) . The exchange system module 108 may determine if the assets exceed daily withdrawal maximum (e.g., an asset outflow threshold) (step 733) . If the assets exceed a daily withdrawal maximum then the exchange system module 108 will notify the client that he/she exceeds the daily withdrawal maximum (step 734) . The exchange may determine if the digital asset exceeds the face ID-free limit for daily use or single use withdrawal (step 736) . If so, the system proceeds to perform facial authentication (step 738) . The system may then freeze the relevant assets in the account pending withdrawal (step 740) . The system may also be configured to conduct an AML review process on the pending withdrawal (step 742) . If the withdrawal does not pass the AML review 742, the system will unfreeze the corresponding assets in real time (step 744) , update the status: to withdraw failed (step 748) and notify the client that withdrawal failed (step 750) . If the withdrawal passes AML Review, exchange system module 108 may to notify the asset custody module 104 to transfer the assets (step 746) .

In various embodiments, if the withdrawal process passes each step of the review passes, the address may be added to the systems withdrawal whitelist which may be maintained by the asset custody module 104. The asset custody module 104 may notify the operations specialist to initiate withdrawal in the cold wallet (step 760) . The ops specialist may perform the optical communications process described above herein to conduct a manual withdrawal from the cold wallet (step 758) . The asset custody module 104 may notify the result to the exchange system module 108 (step 756) . The exchange system module 108 may then deduct the amount frozen in assets (step 754) , and notify the client of the transaction result (step 752) .

In various embodiments and with additional reference to FIG 15, a wallet structure 1500 for prepaid miner fees in system 100 is illustrated. Users (e.g., Client A and Client B) may initiate a deposit transaction 1502. The deposit transaction 1502 may move assets from the user’s external wallet 1504 (e.g., a bank account) into a wallet of the system 100 such as a temporary wallet 1506. In response to receiving the assets in the temporary wallet 1506 the system may determine the transferred value and the miner fee. Once the miner fee is determined, the system may initiate a miner fee reimbursement payment process. The reimbursement payment process may send a reimbursement payment 1508 (i. e, the prepaid miner fee) to the temporary wallet 1506 associated with the user from a central wallet 1516 associated with an administrator and/or the exchange module 108. The central wallet 1516 associated with the administration and/or exchange module 108 may be used for quick withdrawals. In various embodiments, the central wallet 1516 may be a hot wallet or may be a cold wallet thereby tending to enhance security in contrast to the hot wallet. Alternatively, the system may initiate an AML process 1510 in response to receiving the assets in the temporary wallet 1508. The AML process 1510 may complete by transferring the assets from the temporary wallet 1506 to a central wallet 1512 associated with the user. In various embodiments, the central wallet 1512 may be used by the exchange module 108 to execute transactions on behalf of the user. In various embodiments, the central wallet 1512 may be a hot wallet or may be a cold wallet thereby tending to enhance security in contrast to the hot wallet. The system may start the miner fee reimbursement payment process in response to completion of the AML process 1510 and may send a reimbursement payment 1514 to the central wallet 1512 from the central wallet 1516.

In various embodiments and with additional reference to FIG 16, a miner fee reimbursement payment process 1600 of system 100 is illustrated. Exchange module 108 may initiate an on-chain asset transfer (step 1602) . For example, the exchange module 108 may receive a request to transfer assets 1604 from a first address (i.e., a sending address) to a second address (i.e., a receiving address) of a user’s wallet (i.e., an independent wallet internal to the system 100) . The system may initiate the transfer in response to the request. The system may determine whether the balance of a prepaid miner fee address associated with the sending address exceeds a prepayment threshold value (step 1606) . The prepayment threshold value may be a configuration setting or may be determined automatically by the system. In various embodiments, the prepayment threshold value may be determined dynamically based on one or more inputs such as transaction volume, transaction volume rate, and/or the like. For example, where many transactions (i.e., more than 80 transactions) are executed by exchange module 108 in a short period (i.e., one minute) the prepayment threshold value may be increased. Conversely, where few transactions (i.e., less than 20 transaction per minute) are executed the prepayment threshold value may be decreased. It will be appreciated that each address of a user’s wallet may have a prepayment threshold value associated therewith. In this regard, the prepayment threshold value may be tailored to improve transaction efficiency. Similarly, each address of a user’s wallet may have a prepaid miner fee addresses associated therewith to receive the reimbursement payments of the prepaid miner fees.

Where the balance of the prepaid miner fee address associated with the sending address exceeds the prepayment threshold value, the system may execute the on-chain asset transfer (step 1608) . For example, the asset custody module 104 may execute the on-chain asset transfer by recording the transaction to the blockchain network of the associated asset. The system may receive a confirmation from the blockchain network that the asset transfer has processed. In response, the asset custody module 104 may notify the exchange module 108 that the on-chain asset transfer was successful (step 1610) . The exchange module 108 may receive the notification and update a transfer status with the successful result (step 1612) .

Where the balance of the prepaid miner fee address associated with the sending address is less than the prepayment threshold value, the system generates an insufficient fee notice (step 1614) . For example, the asset custody module 104 may generate the insufficient fee notice and send the notice to the exchange module 108 for further processing. The exchange module 104 may receive the insufficient fee notice and, in response, generate an instruction to pay miner fees (step 1616) . In response to the instruction to pay miner fees, the asset custody module 104 may determine the required miner fees and transfer the required miner fees from a hot wallet (e.g., central hot wallet 1512) of the exchange module 108 to the prepaid miner fee address associated with the sending address (step 1618) . The process may then proceed to step 1068.

In various embodiments and with additional reference to FIG 17, a miner fee reimbursement payment process 1700 of system 100 is illustrated. Process 1700 may differ from process 1600 in that process 1700 executes the reimbursement payment to the user after the user’s requested transactions are settled. In this regard, the system takes a transaction fee from the assets transacted by the user. A portion of the transaction fee is reserved and set aside to cover the miner fee. In this regard, the system segregates a portion of the transaction fee to generate a miner payment reserve. The system may pay incurred miner fees from the miner payment reserve portion. If the miner fee exceeds the transaction fee or the miner payment reserved portion of the transaction fee, the system pulls additional assets from the user’s sending address to cover the miner fee. The system then executes a reimbursement transaction from the system’s hot wallet (e.g., hot wallet 1516) to true up the users sending address (e.g., hot wallet 1512) . Stated another way, if a user’s internal wallet address is used to pay the miner fee in whole or in part, the system reimburses the user’s wallet address with for the miner fee by making a supplemental miner fee payment from the system’s wallet.

The system may calculate a supplemental miner fee Z-value by subtracting the miner fee generated by the user’s requested transaction from the transaction fee incurred by the user’s requested transaction. Where the Z-value is greater than zero, the system may transfer that value from the user’s hot wallet 1512 to the exchange module 108 hot wallet (e.g., hot wallet 1516) . Where the Z-value is less than zero, the system may apply an absolute value function to the Z-value and transfer the resulting amount from the hot wallet of the exchange module 108 to the user’s hot wallet. Where the Z-value is equal to zero, the system may take no action. The system may batch transactions by, for example, keeping a running ledger of the Z-value and settling the difference periodically through a single transaction event. In this regard, transaction efficiency may be improved by reducing the number of transfers between wallets and by limiting transactions to periods of low volume.

The exchange module 108 may initiate an on-chain transfer (step 1702) . In response the asset custody module 104 may execute the transfer of the on-chain assets (step 1704) . The asset custody module 104 may notify the exchange module 108 of the completion of the on-chain asset transfer and of the amount of miner fees paid by the sending address (e.g. transfer-out address) (step 1706) . In response the notice, the exchange module 108 may update a transfer status with the successful result (step 1708) . The exchange module 108 may generate an instruction to make a supplemental miner fee payment (step 1710) . The system may transfer the supplemental miner fee payment from the hot wallet to the user’s wallet (step 1712) . For example, the asset custody module 104 may calculate the Z-value and may transfer the Z-value from the central hot wallet 1516 of the exchange module 108 to an inbound address of the user’s wallet 1512 associated with the sending address. In response to completing transfer of the supplemental miner fee payment, the system may generate a supplemental miner fee payment notice (step 1714) . For example, the notice may be generated by the asset custody module 104 and provided to the exchange module 108.

Benefits, other advantages, and solutions to problems have been described herein with regard to specific embodiments. However, the benefits, advantages, solutions to problems, and any elements that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as critical, required, or essential features or elements of the disclosure. The scope of the disclosure is accordingly limited by nothing other than the appended claims, in which reference to an element in the singular is not intended to mean "one and only one" unless explicitly so stated, but rather “one or more. ” Moreover, where a phrase similar to 'at least one of A, B, and C' or 'at least one of A, B, or C' is used in the claims or specification, it is intended that the phrase be interpreted to mean that A alone may be present in an embodiment, B alone may be present in an embodiment, C alone may be present in an embodiment, or that any combination of the elements A, B and C may be present in a single embodiment; for example, A and B, A and C, B and C, or A and B and C. Although the disclosure includes a method, it is contemplated that it may be embodied as computer program instructions on a tangible computer-readable carrier, such as a magnetic or optical memory or a magnetic or optical disk. All structural, chemical, and functional equivalents to the elements of the above-described various embodiments that are known to those of ordinary skill in the art are expressly incorporated herein by reference and are intended to be encompassed by the present claims. Moreover, it is not necessary for a device or method to address each and every problem sought to be solved by the present disclosure for it to be encompassed by the present claims. Furthermore, no element, component, or method step in the present disclosure is intended to be dedicated to the public regardless of whether the element, component, or method step is explicitly recited in the claims. No claim element is intended to invoke 35 U.S.C. § 112 (f) unless the element is expressly recited using the phrase “means for” or “step for” . As used herein, the terms “comprises, ” “comprising, ” or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.

Terms and phrases similar to “associate” and/or “associating” may include tagging, flagging, correlating, using a look-up table or any other method or system for indicating or creating a relationship between elements, such as, for example, (i) a transaction account and (ii) an item (e.g., offer, reward, discount) and/or digital channel. Moreover, the associating may occur at any point, in response to any suitable action, event, or period of time. The associating may occur at pre-determined intervals, periodically, randomly, once, more than once, or in response to a suitable request or action. Any of the information may be distributed and/or accessed via a software enabled link, wherein the link may be sent via an email, text, post, social network input, and/or any other method known in the art.

The term “non-transitory” is to be understood to remove only propagating transitory signals per se from the claim scope and does not relinquish rights to all standard computer-readable media that are not only propagating transitory signals per se. Stated another way, the meaning of the term “non-transitory computer-readable medium” and “non-transitory computer-readable storage medium” should be construed to exclude only those types of transitory computer-readable media which were found in In re Nuijten to fall outside the scope of patentable subject matter under 35 U.S.C. § 101.

In various embodiments, components, modules, and/or engines of system 100 may be implemented as micro-applications or micro-apps. Micro-apps are typically deployed in the context of a mobile operating system, including for example, a

mobile operating system, an

operating system, an

iOS operating system, a

company’s operating system, and the like. The micro-app may be configured to leverage the resources of the larger operating system and associated hardware via a set of predetermined rules which govern the operations of various operating systems and hardware resources. For example, where a micro-app desires to communicate with a device or network other than the mobile device or mobile operating system, the micro-app may leverage the communication protocol of the operating system and associated device hardware under the predetermined rules of the mobile operating system. Moreover, where the micro-app desires an input from a user, the micro-app may be configured to request a response from the operating system which monitors various hardware components and then communicates a detected input from the hardware to the micro-app.

The system and method may be described herein in terms of functional block components, screen shots, optional selections, and various processing steps. It should be appreciated that such functional blocks may be realized by any number of hardware and/or software components configured to perform the specified functions. For example, the system may employ various integrated circuit components, e.g., memory elements, processing elements, logic elements, look-up tables, and the like, which may carry out a variety of functions under the control of one or more microprocessors or other control devices. Similarly, the software elements of the system may be implemented with any programming or scripting language such as C, C++, C#,

Object Notation (JSON) , VBScript, Macromedia COLD FUSION, COBOL,

company’s Active Server Pages, assembly,

PHP, awk,

Visual Basic, SQL Stored Procedures, PL/SQL, any

shell script, and extensible markup language (XML) with the various algorithms being implemented with any combination of data structures, objects, processes, routines or other programming elements. Further, it should be noted that the system may employ any number of conventional techniques for data transmission, signaling, data processing, network control, and the like. Still further, the system could be used to detect or prevent security issues with a client-side scripting language, such as

VBScript, or the like.

The system and method are described herein with reference to screen shots, block diagrams and flowchart illustrations of methods, apparatus, and computer program products according to various embodiments. It will be understood that each functional block of the block diagrams and the flowchart illustrations, and combinations of functional blocks in the block diagrams and flowchart illustrations, respectively, can be implemented by computer program instructions

Accordingly, functional blocks of the block diagrams and flowchart illustrations support combinations of means for performing the specified functions, combinations of steps for performing the specified functions, and program instruction means for performing the specified functions. It will also be understood that each functional block of the block diagrams and flowchart illustrations, and combinations of functional blocks in the block diagrams and flowchart illustrations, can be implemented by either special purpose hardware-based computer systems which perform the specified functions or steps, or suitable combinations of special purpose hardware and computer instructions. Further, illustrations of the process flows and the descriptions thereof may make reference to user

applications, webpages, websites, web forms, prompts, etc. Practitioners will appreciate that the illustrated steps described herein may comprise, in any number of configurations, including the use of

applications, webpages, web forms, popup

applications, prompts, and the like. It should be further appreciated that the multiple steps as illustrated and described may be combined into single webpages and/or

applications but have been expanded for the sake of simplicity. In other cases, steps illustrated and described as single process steps may be separated into multiple webpages and/or

applications but have been combined for simplicity.

In various embodiments, the software elements of the system may also be implemented using a

run-time environment configured to execute

code outside of a web browser. For example, the software elements of the system may also be implemented using

components.

programs may implement several modules to handle various core functionalities. For example, a package management module, such as

may be implemented as an open source library to aid in organizing the installation and management of third-party

programs.

programs may also implement a process manager, such as, for example, Parallel Multithreaded Machine ( “PM2” ) ; a resource and performance monitoring tool, such as, for example, Node Application Metrics ( “appmetrics” ) ; a library module for building user interfaces, and/or any other suitable and/or desired module.

Middleware may include any hardware and/or software suitably configured to facilitate communications and/or process transactions between disparate computing systems. Middleware components are commercially available and known in the art. Middleware may be implemented through commercially available hardware and/or software, through custom hardware and/or software components, or through a combination thereof. Middleware may reside in a variety of configurations and may exist as a standalone system or may be a software component residing on the internet server. Middleware may be configured to process transactions between the various components of an application server and any number of internal or external systems for any of the purposes disclosed herein.

MQTM (formerly MQSeries) by

Inc. (Armonk, NY) is an example of a commercially available middleware product. An Enterprise Service Bus ( “ESB” ) application is another example of middleware

The computers discussed herein may provide a suitable website or other internet-based graphical user interface which is accessible by users. In one embodiment,

company’s Internet Information Services (IIS) , Transaction Server (MTS) service, and an SQL

database, are used in conjunction with

operating systems, WINDOWS

web server software, SQL

database, and

Commerce Server. Additionally, components such as

software, SQL

database,

software,

software, etc., may be used to provide an Active Data Object (ADO) compliant database management system. In one embodiment, the

web server is used in conjunction with a

operating system, a

database, and

PHP, Ruby, and/or

programming languages.

For the sake of brevity, conventional data networking, application development, and other functional aspects of the systems (and components of the individual operating components of the systems) may not be described in detail herein. Furthermore, the connecting lines shown in the various figures contained herein are intended to represent exemplary functional relationships and/or physical couplings between the various elements. It should be noted that many alternative or additional functional relationships or physical connections may be present in a practical system.

In various embodiments, the methods described herein are implemented using the various particular machines described herein. The methods described herein may be implemented using the below particular machines, and those hereinafter developed, in any suitable combination, as would be appreciated immediately by one skilled in the art. Further, as is unambiguous from this disclosure, the methods described herein may result in various transformations of certain articles.

In various embodiments, the system and various components may integrate with one or more smart digital assistant technologies. For example, exemplary smart digital assistant technologies may include the

system developed by the

company, the GOOGLE

system developed by Alphabet, Inc., the

system of the

company, and/or similar digital assistant technologies. The

system, GOOGLE

system, and

system, may each provide cloud-based voice activation services that can assist with tasks, entertainment, general information, and more. All the

devices, such as the AMAZON

AMAZON ECHO

AMAZON

and AMAZON

TV, have access to the

system. The

system, GOOGLE

system, and

system may receive voice commands via its voice activation technology, activate other functions, control smart devices, and/or gather information. For example, the smart digital assistant technologies may be used to interact with music, emails, texts, phone calls, question answering, home improvement information, smart home communication/activation, games, shopping, making to-do lists, setting alarms, streaming podcasts, playing audiobooks, and providing weather, traffic, and other real time information, such as news. The

GOOGLE

and

systems may also allow the user to access information about eligible transaction accounts linked to an online account across all digital assistant-enabled devices.

The various system components discussed herein may include one or more of the following: a host server or other computing systems including a processor for processing digital data; a memory coupled to the processor for storing digital data; an input digitizer coupled to the processor for inputting digital data; an application program stored in the memory and accessible by the processor for directing processing of digital data by the processor; a display device coupled to the processor and memory for displaying information derived from digital data processed by the processor; and a plurality of databases. Various databases used herein may include: client data; merchant data; financial institution data; and/or like data useful in the operation of the system. As those skilled in the art will appreciate, user computer may include an operating system (e.g.,

etc. ) as well as various conventional support software and drivers typically associated with computers.

The present system or any part (s) or function (s) thereof may be implemented using hardware, software, or a combination thereof and may be implemented in one or more computer systems or other processing systems. However, the manipulations performed by embodiments may be referred to in terms, such as matching or selecting, which are commonly associated with mental operations performed by a human operator. No such capability of a human operator is necessary, or desirable, in most cases, in any of the operations described herein. Rather, the operations may be machine operations or any of the operations may be conducted or enhanced by artificial intelligence (AI) or machine learning. AI may refer generally to the study of agents (e.g., machines, computer-based systems, etc. ) that perceive the world around them, form plans, and make decisions to achieve their goals. Foundations of AI include mathematics, logic, philosophy, probability, linguistics, neuroscience, and decision theory. Many fields fall under the umbrella of AI, such as computer vision, robotics, machine learning, and natural language processing. Useful machines for performing the various embodiments include general purpose digital computers or similar devices.

In various embodiments, the embodiments are directed toward one or more computer systems capable of carrying out the functionalities described herein. The computer system includes one or more processors. The processor is connected to a communication infrastructure (e.g., a communications bus, cross-over bar, network, etc. ) . Various software embodiments are described in terms of this exemplary computer system. After reading this description, it will become apparent to a person skilled in the relevant art (s) how to implement various embodiments using other computer systems and/or architectures. The computer system can include a display interface that forwards graphics, text, and other data from the communication infrastructure (or from a frame buffer not shown) for display on a display unit.

The computer system also includes a main memory, such as random access memory (RAM) , and may also include a secondary memory. The secondary memory may include, for example, a hard disk drive, a solid-state drive, and/or a removable storage drive. The removable storage drive reads from and/or writes to a removable storage unit in a well-known manner. As will be appreciated, the removable storage unit includes a computer usable storage medium having stored therein computer software and/or data.

In various embodiments, secondary memory may include other similar devices for allowing computer programs or other instructions to be loaded into a computer system. Such devices may include, for example, a removable storage unit and an interface. Examples of such may include a program cartridge and cartridge interface (such as that found in video game devices) , a removable memory chip (such as an erasable programmable read only memory (EPROM) , programmable read only memory (PROM) ) and associated socket, or other removable storage units and interfaces, which allow software and data to be transferred from the removable storage unit to a computer system.

The terms “computer program medium, ” “computer usable medium, ” and “computer readable medium” are used to generally refer to media such as removable storage drive and a hard disk installed in hard disk drive. These computer program products provide software to a computer system.

The computer system may also include a communications interface. A communications interface allows software and data to be transferred between the computer system and external devices. Examples of such a communications interface may include a modem, a network interface (such as an Ethernet card) , a communications port, etc. Software and data transferred via the communications interface are in the form of signals which may be electronic, electromagnetic, optical, or other signals capable of being received by communications interface. These signals are provided to communications interface via a communications path (e.g., channel) . This channel carries signals and may be implemented using wire, cable, fiber optics, a telephone line, a cellular link, a radio frequency (RF) link, wireless and other communications channels.

In various embodiments, the server may include application servers (e.g.,

POSTGRES PLUS ADVANCED

etc. ) . In various embodiments, the server may include web servers (e.g., Apache, IIS,

Web Server,

System Web Server,

Virtual Machine running on

or

operating systems) .

A web client includes any device or software which communicates via any network, such as, for example any device or software discussed herein. The web client may include internet browsing software installed within a computing unit or system to conduct online transactions and/or communications. These computing units or systems may take the form of a computer or set of computers, although other types of computing units or systems may be used, including personal computers, laptops, notebooks, tablets, smart phones, cellular phones, personal digital assistants, servers, pooled servers, mainframe computers, distributed computing clusters, kiosks, terminals, point of sale (POS) devices or terminals, televisions, or any other device capable of receiving data over a network. The web client may include an operating system (e.g.,

WINDOWS

operating systems,

operating system,

operating systems,

operating systems, etc. ) as well as various conventional support software and drivers typically associated with computers. The web-client may also run

INTERNET

software,

software, GOOGLE CHROME ^TM software,

software, or any other of the myriad software packages available for browsing the internet.

As those skilled in the art will appreciate, the web client may or may not be in direct contact with the server (e.g., application server, web server, etc., as discussed herein) . For example, the web client may access the services of the server through another server and/or hardware component, which may have a direct or indirect connection to an internet server. For example, the web client may communicate with the server via a load balancer. In various embodiments, web client access is through a network or the internet through a commercially-available web-browser software package. In that regard, the web client may be in a home or business environment with access to the network or the internet. The web client may implement security protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) . A web client may implement several application layer protocols including HTTP, HTTPS, FTP, and SFTP.

The various system components may be independently, separately, or collectively suitably coupled to the network via data links which includes, for example, a connection to an Internet Service Provider (ISP) over the local loop as is typically used in connection with standard modem communication, cable modem, DISH

ISDN, Digital Subscriber Line (DSL) , or various wireless communication methods. It is noted that the network may be implemented as other types of networks, such as an interactive television (ITV) network. Moreover, the system contemplates the use, sale, or distribution of any goods, services, or information over any network having similar functionality described herein.

The system contemplates uses in association with web services, utility computing, pervasive and individualized computing, security and identity solutions, autonomic computing, cloud computing, commodity computing, mobility and wireless solutions, open source, biometrics, grid computing, and/or mesh computing.

Any of the communications, inputs, storage, databases or displays discussed herein may be facilitated through a website having web pages. The term “web page” as it is used herein is not meant to limit the type of documents and applications that might be used to interact with the user. For example, a typical website might include, in addition to standard HTML documents, various forms,

applets,

programs, active server pages (ASP) , common gateway interface scripts (CGI) , extensible markup language (XML) , dynamic HTML, cascading style sheets (CSS) , AJAX (Asynchronous JAVASCRIPT And XML) programs, helper applications, plug-ins, and the like. A server may include a web service that receives a request from a web server, the request including a URL and an IP address (192.168.1.1) . The web server retrieves the appropriate web pages and sends the data or applications for the web pages to the IP address. Web services are applications that are capable of interacting with other applications over a communications means, such as the internet. Web services are typically based on standards or protocols such as XML, SOAP, AJAX, WSDL and UDDI. Web services methods are well known in the art, and are covered in many standard texts. For example, representational state transfer (REST) , or RESTful, web services may provide one way of enabling interoperability between applications.

The computing unit of the web client may be further equipped with an internet browser connected to the internet or an intranet using standard dial-up, cable, DSL, or any other internet protocol known in the art. Transactions originating at a web client may pass through a firewall in order to prevent unauthorized access from users of other networks. Further, additional firewalls may be deployed between the varying components of CMS to further enhance security.

Encryption may be performed by way of any of the techniques now available in the art or which may become available-e.g., Twofish, RSA, El Gamal, Schorr signature, DSA, PGP, PKI, GPG (GnuPG) , HPE Format-Preserving Encryption (FPE) , Voltage, Triple DES, Blowfish, AES, MD5, HMAC, IDEA, RC6, and symmetric and asymmetric cryptosystems. The systems and methods may also incorporate SHA series cryptographic methods, elliptic curve cryptography (e.g., ECC, ECDH, ECDSA, etc. ) , and/or other post-quantum cryptography algorithms under development.

The firewall may include any hardware and/or software suitably configured to protect CMS components and/or enterprise computing resources from users of other networks. Further, a firewall may be configured to limit or restrict access to various systems and components behind the firewall for web clients connecting through a web server. Firewall may reside in varying configurations including Stateful Inspection, Proxy based, access control lists, and Packet Filtering among others. Firewall may be integrated within a web server or any other CMS components or may further reside as a separate entity. A firewall may implement network address translation ( “NAT” ) and/or network address port translation ( “NAPT” ) . A firewall may accommodate various tunneling protocols to facilitate secure communications, such as those used in virtual private networking. A firewall may implement a demilitarized zone ( “DMZ” ) to facilitate communications with a public network such as the internet. A firewall may be integrated as software within an internet server or any other application server components, reside within another computing device, or take the form of a standalone hardware component.

Any databases discussed herein may include relational, hierarchical, graphical, blockchain, object-oriented structure, and/or any other database configurations. Any database may also include a flat file structure wherein data may be stored in a single file in the form of rows and columns, with no structure for indexing and no structural relationships between records. For example, a flat file structure may include a delimited text file, a CSV (comma-separated values) file, and/or any other suitable flat file structure. Common database products that may be used to implement the databases include

by

(Armonk, NY) , various database products available from

Corporation (Redwood Shores, CA) , MICROSOFT

or MICROSOFT SQL

by

Corporation (Redmond, Washington) ,

by MySQL AB (Uppsala, Sweden) ,

Redis, APACHE

by

MapR-DB by the

corporation, or any other suitable database product. Moreover, any database may be organized in any suitable manner, for example, as data tables or lookup tables. Each record may be a single file, a series of files, a linked series of data fields, or any other data structure.

As used herein, big data may refer to partially or fully structured, semi-structured, or unstructured data sets including millions of rows and hundreds of thousands of columns. A big data set may be compiled, for example, from a history of purchase transactions over time, from web registrations, from social media, from records of charge (ROC) , from summaries of charges (SOC) , from internal data, or from other suitable sources. Big data sets may be compiled without descriptive metadata such as column types, counts, percentiles, or other interpretive-aid data points.

Association of certain data may be accomplished through any desired data association technique such as those known or practiced in the art. For example, the association may be accomplished either manually or automatically. Automatic association techniques may include, for example, a database search, a database merge, GREP, AGREP, SQL, using a key field in the tables to speed searches, sequential searches through all the tables and files, sorting records in the file according to a known order to simplify lookup, and/or the like. The association step may be accomplished by a database merge function, for example, using a “key field” in pre-selected databases or data sectors. Various database tuning steps are contemplated to optimize database performance. For example, frequently used files such as indexes may be placed on separate file systems to reduce In/Out ( “I/O” ) bottlenecks.

More particularly, a “key field” partitions the database according to the high-level class of objects defined by the key field. For example, certain types of data may be designated as a key field in a plurality of related data tables and the data tables may then be linked on the basis of the type of data in the key field. The data corresponding to the key field in each of the linked data tables is preferably the same or of the same type. However, data tables having similar, though not identical, data in the key fields may also be linked by using AGREP, for example. In accordance with one embodiment, any suitable data storage technique may be utilized to store data without a standard format. Data sets may be stored using any suitable technique, including, for example, storing individual files using an ISO/IEC 7816-4 file structure; implementing a domain whereby a dedicated file is selected that exposes one or more elementary files containing one or more data sets; using data sets stored in individual files using a hierarchical filing system; data sets stored as records in a single file (including compression, SQL accessible, hashed via one or more keys, numeric, alphabetical by first tuple, etc. ) ; data stored as Binary Large Object (BLOB) ; data stored as ungrouped data elements encoded using ISO/IEC 7816-6 data elements; data stored as ungrouped data elements encoded using ISO/IEC Abstract Syntax Notation (ASN. 1) as in ISO/IEC 8824 and 8825; other proprietary techniques that may include fractal compression methods, image compression methods, etc.

In various embodiments, the ability to store a wide variety of information in different formats is facilitated by storing the information as a BLOB. Thus, any binary information can be stored in a storage space associated with a data set. As discussed above, the binary information may be stored in association with the system or external to but affiliated with the system. The BLOB method may store data sets as ungrouped data elements formatted as a block of binary via a fixed memory offset using either fixed storage allocation, circular queue techniques, or best practices with respect to memory management (e.g., paged memory, least recently used, etc. ) . By using BLOB methods, the ability to store various data sets that have different formats facilitates the storage of data, in the database or associated with the system, by multiple and unrelated owners of the data sets. For example, a first data set which may be stored may be provided by a first party, a second data set which may be stored may be provided by an unrelated second party, and yet a third data set which may be stored may be provided by a third party unrelated to the first and second party. Each of these three exemplary data sets may contain different information that is stored using different data storage formats and/or techniques. Further, each data set may contain subsets of data that also may be distinct from other subsets.

As stated above, in various embodiments, the data can be stored without regard to a common format. However, the data set (e.g., BLOB) may be annotated in a standard manner when provided for manipulating the data in the database or system. The annotation may comprise a short header, trailer, or other appropriate indicator related to each data set that is configured to convey information useful in managing the various data sets. For example, the annotation may be called a “condition header, ” “header, ” “trailer, ” or “status, ” herein, and may comprise an indication of the status of the data set or may include an identifier correlated to a specific issuer or owner of the data. In one example, the first three bytes of each data set BLOB may be configured or configurable to indicate the status of that particular data set; e.g., LOADED, INITIALIZED, READY, BLOCKED, REMOVABLE, or DELETED. Subsequent bytes of data may be used to indicate for example, the identity of the issuer, user, transaction/membership account identifier or the like. Each of these condition annotations are further discussed herein.

The data set annotation may also be used for other types of status information as well as various other purposes. For example, the data set annotation may include security information establishing access levels. The access levels may, for example, be configured to permit only certain individuals, levels of employees, companies, or other entities to access data sets, or to permit access to specific data sets based on the transaction, merchant, issuer, user, or the like. Furthermore, the security information may restrict/permit only certain actions, such as accessing, modifying, and/or deleting data sets. In one example, the data set annotation indicates that only the data set owner or the user are permitted to delete a data set, various identified users may be permitted to access the data set for reading, and others are altogether excluded from accessing the data set. However, other access restriction parameters may also be used allowing various entities to access a data set with various permission levels as appropriate.

The data, including the header or trailer, may be received by a standalone interaction device configured to add, delete, modify, or augment the data in accordance with the header or trailer. As such, in one embodiment, the header or trailer is not stored on the transaction device along with the associated issuer-owned data, but instead the appropriate action may be taken by providing to the user, at the standalone device, the appropriate option for the action to be taken. The system may contemplate a data storage arrangement wherein the header or trailer, or header or trailer history, of the data is stored on the system, device or transaction instrument in relation to the appropriate data.

One skilled in the art will also appreciate that, for security reasons, any databases, systems, devices, servers, or other components of the system may consist of any combination thereof at a single location or at multiple locations, wherein each database or system includes any of various suitable security features, such as firewalls, access codes, encryption, decryption, compression, decompression, and/or the like.

Practitioners will also appreciate that there are a number of methods for displaying data within a browser-based document. Data may be represented as standard text or within a fixed list, scrollable list, drop-down list, editable text field, fixed text field, pop-up window, and the like. Likewise, there are a number of methods available for modifying data in a web page such as, for example, free text entry using a keyboard, selection of menu items, check boxes, option boxes, and the like.

The data may be big data that is processed by a distributed computing cluster. The distributed computing cluster may be, for example, a

software cluster configured to process and store big data sets with some of nodes comprising a distributed storage system and some of nodes comprising a distributed processing system. In that regard, distributed computing cluster may be configured to support a

software distributed file system (HDFS) as specified by the Apache Software Foundation at www. hadoop. apache. org/docs.

Any database discussed herein may comprise a distributed ledger maintained by a plurality of computing devices (e.g., nodes) over a peer-to-peer network. Each computing device maintains a copy and/or partial copy of the distributed ledger and communicates with one or more other computing devices in the network to validate and write data to the distributed ledger. The distributed ledger may use features and functionality of blockchain technology, including, for example, consensus-based validation, immutability, and cryptographically chained blocks of data. The blockchain may comprise a ledger of interconnected blocks containing data. The blockchain may provide enhanced security because each block may hold individual transactions and the results of any blockchain executables. Each block may link to the previous block and may include a timestamp. Blocks may be linked because each block may include the hash of the prior block in the blockchain. The linked blocks form a chain, with only one successor block allowed to link to one other predecessor block for a single chain. Forks may be possible where divergent chains are established from a previously uniform blockchain, though typically only one of the divergent chains will be maintained as the consensus chain. In various embodiments, the blockchain may implement smart contracts that enforce data workflows in a decentralized manner. The system may also include applications deployed on user devices such as, for example, computers, tablets, smartphones, Internet of Things devices ( “IoT” devices) , etc. The applications may communicate with the blockchain (e.g., directly or via a blockchain node) to transmit and retrieve data. In various embodiments, a governing organization or consortium may control access to data stored on the blockchain. Registration with the managing organization (s) may enable participation in the blockchain network.

Data transfers performed through the blockchain-based system may propagate to the connected peers within the blockchain network within a duration that may be determined by the block creation time of the specific blockchain technology implemented. For example, on an

anew data entry may become available within about 13-20 seconds as of the writing. On a

Fabric 1.0 based platform, the duration is driven by the specific consensus algorithm that is chosen, and may be performed within seconds. In that respect, propagation times in the system may be improved compared to existing systems, and implementation costs and time to market may also be drastically reduced. The system also offers increased security at least partially due to the immutable nature of data that is stored in the blockchain, reducing the probability of tampering with various data inputs and outputs. Moreover, the system may also offer increased security of data by performing cryptographic processes on the data prior to storing the data on the blockchain. Therefore, by transmitting, storing, and accessing data using the system described herein, the security of the data is improved, which decreases the risk of the computer or network from being compromised.

The particular blockchain implementation described herein provides improvements over conventional technology by using a decentralized database and improved processing environments. In particular, the blockchain implementation improves computer performance by, for example, leveraging decentralized resources (e.g., lower latency) . The distributed computational resources improves computer performance by, for example, reducing processing times. Furthermore, the distributed computational resources improves computer performance by improving security using, for example, cryptographic protocols.

In various embodiments, the system may also reduce database synchronization errors by providing a common data structure, thus at least partially improving the integrity of stored data. The system also offers increased reliability and fault tolerance over traditional databases (e.g., relational databases, distributed databases, etc. ) as each node operates with a full copy of the stored data, thus at least partially reducing downtime due to localized network outages and hardware failures. The system may also increase the reliability of data transfers in a network environment having reliable and unreliable peers, as each node broadcasts messages to all connected peers, and, as each block comprises a link to a previous block, a node may quickly detect a missing block and propagate a request for the missing block to the other nodes in the blockchain network.

As used herein, the term “network” includes any cloud, cloud computing system, or electronic communications system or method which incorporates hardware and/or software components. Communication among the parties may be accomplished through any suitable communication channels, such as, for example, a telephone network, an extranet, an intranet, internet, point of interaction device (point of sale device, personal digital assistant (e.g., an

device, a

device) , cellular phone, kiosk, etc. ) , online communications, satellite communications, off-line communications, wireless communications, transponder communications, local area network (LAN) , wide area network (WAN) , virtual private network (VPN) , networked or linked devices, keyboard, mouse, and/or any suitable communication or data input modality. Moreover, although the system is frequently described herein as being implemented with TCP/IP communications protocols, the system may also be implemented using IPX,

program, IP-6, NetBIOS, OSI, any tunneling protocol (e.g. IPsec, SSH, etc. ) , or any number of existing or future protocols. If the network is in the nature of a public network, such as the internet, it may be advantageous to presume the network to be insecure and open to eavesdroppers. Specific information related to the protocols, standards, and application software utilized in connection with the internet is generally known to those skilled in the art and, as such, need not be detailed herein.

Cloud” or “Cloud computing” includes a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Cloud computing may include location-independent computing, whereby shared servers provide resources, software, and data to computers and other devices on demand.

As used herein, “transmit” may include sending electronic data from one system component to another over a network connection. Additionally, as used herein, “data” may include encompassing information such as commands, queries, files, data for storage, and the like in digital or any other form.

Any communication, transmission, and/or channel discussed herein may include any system or method for delivering content (e.g. data, information, metadata, etc. ) , and/or the content itself. The content may be presented in any form or medium, and in various embodiments, the content may be delivered electronically and/or capable of being presented electronically. For example, a channel may comprise a website, mobile application, or device (e.g.,

AMAZON

GOOGLE CHROMECAST ^TM,

etc. ) a uniform resource locator ( “URL” ) , a document (e.g., a

Word or EXCEL ^TM, an

Portable Document Format (PDF) document, etc. ) , an “ebook, ” an “emagazine, ” an application or microapplication (as described herein) , an short message service (SMS) or other type of text message, an email, a

message, a

tweet, multimedia messaging services (MMS) , and/or other type of communication technology. In various embodiments, a channel may be hosted or provided by a data partner. In various embodiments, the distribution channel may comprise at least one of a merchant website, a social media website, affiliate or partner websites, an external vendor, a mobile device communication, social media network, and/or location based service. Distribution channels may include at least one of a merchant website, a social media site, affiliate or partner websites, an external vendor, and a mobile device communication. Examples of social media sites include

and the like. Examples of affiliate or partner websites include AMERICAN

and the like. Moreover, examples of mobile device communications include texting, email, and mobile applications for smartphones.

Phrases and terms similar to an “item” may include any good, service, information, experience, entertainment, data, offer, discount, rebate, points, virtual currency, content, access, rental, lease, contribution, account, credit, debit, benefit, right, reward, points, coupons, credits, monetary equivalent, anything of value, something of minimal or no value, monetary value, non-monetary value and/or the like. Moreover, the “transactions” or “purchases” discussed herein may be associated with an item. Furthermore, a “reward” may be an item.

A “consumer profile” or “consumer profile data” may comprise any information or data about a consumer that describes an attribute associated with the consumer (e.g., a preference, an interest, demographic information, personally identifying information, and the like) .

In various embodiments, an account number may identify a consumer. In addition, in various embodiments, a consumer may be identified by a variety of identifiers, including, for example, an email address, a telephone number, a cookie id, a radio frequency identifier (RFID) , a biometric, and the like.

Phrases and terms similar to a “party” may include any individual, consumer, customer, group, business, organization, government entity, transaction account issuer or processor (e.g., credit, charge, etc. ) , merchant, consortium of merchants, account holder, charitable organization, software, hardware, and/or any other type of entity. The terms “user, ” “consumer, ” “purchaser, ” and/or the plural form of these terms are used interchangeably throughout herein to refer to those persons or entities that are alleged to be authorized to use a transaction account.

As used herein, the term “end user, ” “consumer, ” “customer, ” “cardmember, ” “business, ” or “merchant” may be used interchangeably with each other, and each shall mean any person, entity, government organization, business, machine, hardware, and/or software. A bank may be part of the system, but the bank may represent other types of card issuing institutions, such as credit card companies, card sponsoring companies, or third party issuers under contract with financial institutions. It is further noted that other participants may be involved in some phases of the transaction, such as an intermediary settlement institution, but these participants are not shown.

The customer may be identified as a customer of interest to a merchant based on the customer’s transaction history at the merchant, types of transactions, type of transaction account, frequency of transactions, number of transactions, lack of transactions, timing of transactions, transaction history at other merchants, demographic information, personal information (e.g., gender, race, religion) , social media or any other online information, potential for transacting with the merchant, and/or any other factors.

Phrases and terms similar to “business” or “merchant” may be used interchangeably with each other and shall mean any person, entity, distributor system, software, and/or hardware that is a provider, broker, and/or any other entity in the distribution chain of goods or services. For example, a merchant may be a grocery store, a retail store, a travel agency, a service provider, an on-line merchant, or the like.

The disclosure and claims do not describe only a particular outcome of a system for cold wallets holding digital assets, but the disclosure and claims include specific rules for implementing the outcome of a cold wallets holding digital assets and that render information into a specific format that is then used and applied to create the desired results of a system for cold wallets holding digital assets, as set forth in McRO, Inc. v. Bandai Namco Games America Inc. (Fed. Cir. case number 15-1080, Sept 13, 2016) . In other words, the outcome of a system for cold wallets holding digital assets can be performed by many different types of rules and combinations of rules, and this disclosure includes various embodiments with specific rules. While the absence of complete preemption may not guarantee that a claim is eligible, the disclosure does not sufficiently preempt the field of a system for cold wallets holding digital assets at all. The disclosure acts to narrow, confine, and otherwise tie down the disclosure so as not to cover the general abstract idea of just a system for cold wallets holding digital assets. Significantly, other systems and methods exist for a system for cold wallets holding digital assets, so it would be inappropriate to assert that the claimed invention preempts the field or monopolizes the basic tools of a system for cold wallets holding digital assets. In other words, the disclosure will not prevent others from a system for cold wallets holding digital assets, because other systems are already performing the functionality in different ways than the claimed invention. Moreover, the claimed invention includes an inventive concept that may be found in the non-conventional and non-generic arrangement of known, conventional pieces, in conformance with Bascom v. AT&T Mobility, 2015-1763 (Fed. Cir. 2016) . The disclosure and claims go way beyond any conventionality of any one of the systems in that the interaction and synergy of the systems leads to additional functionality that is not provided by any one of the systems operating independently. The disclosure and claims may also include the interaction between multiple different systems, so the disclosure cannot be considered an implementation of a generic computer, or just “apply it” to an abstract process. The disclosure and claims may also be directed to improvements to software with a specific implementation of a solution to a problem in the software arts.

Claims

A method comprising:

providing, by a computer based system, a temporary wallet, a first hot wallet, and a second hot wallet;

initiating, by the computer based system, an on-chain transaction for a digital asset associated with at least one of the temporary wallet or the first hot wallet;

executing, by the computer based system, a miner fee reimbursement payment process in response to the on-chain transaction; and

transferring, by the computer based system, a miner fee reimbursement payment from the second hot wallet to one of the first hot wallet or the temporary wallet.
The method of claim 1, further comprising:

receiving, by the computer based system, a request to transfer the digital asset from a sending address to a receiving address;

determining, by the computer based system, whether the balance of a prepaid miner fee address associated with the sending address exceeds a prepayment threshold value; and

executing, by the computer based system, the on-chain transaction in response to the balance of the prepaid miner fee address exceeding the prepayment threshold value.
The method of claim 2, further comprising:

determining, by the computer based system, the prepayment threshold value;

increasing, by the computer based system, the prepayment threshold value in response to at least one of a transaction volume or a transaction volume rate; and

decreasing, by the computer based system, the prepayment threshold value in response to at least one of a transaction volume or a transaction volume rate.
The method of claim 2, further comprising:

generating, by the computer based system, an insufficient fee notice where the balance of the prepaid miner fee address associated with the sending address is less than the prepayment threshold value;

generating, by the computer based system, an instruction to pay miner fees in response to the insufficient fee notice; and

transferring, by the computer based system, the miner fee reimbursement payment from the second hot wallet to the prepaid miner fee address associated with the sending address in response to the instruction to pay miner fees.
The method of claim 1, further comprising:

taking, by the computer based system, a transaction fee;

segregating, by the computer based system, a portion of the transaction fee to generate a miner payment reserve;

paying, by the computer based system, a miner fee from the miner payment reserve; and

pulling, by the computer based system, additional assets from a sending address in response to the miner fee exceeding the miner payment reserve.
The method of claim 5, further comprising:

generating, by the computer based system, an instruction to make a supplemental miner fee payment; and

transferring, by the computer based system, the supplemental miner fee payment from the second hot wallet to the first hot wallet.
The method of claim 6, further comprising:

calculating, by the computer based system, a supplemental miner fee;

transferring, by the computer based system, the supplemental miner fee from the first hot wallet to the second hot wallet where the supplemental miner fee is greater than zero;

applying, by the computer based system, an absolute value function to the supplemental miner fee in response to the supplemental miner fee being less than zero; and

transferring, by the computer based system, the absolute value of the supplemental miner fee from the second hot wallet to the first hot wallet in response to the supplemental miner fee being less than zero.
A computer based system, comprising:

a processor; and

a tangible, non-transitory memory configured to communicate with the processor, the tangible, non-transitory memory having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations comprising:

providing, by the processor, a temporary wallet, a first hot wallet, and a second hot wallet;

initiating, by the processor, an on-chain transaction for a digital asset associated with at least one of the temporary wallet or the first hot wallet;

executing, by the processor, a miner fee reimbursement payment process in response to the on-chain transaction; and

transferring, by the processor, a miner fee reimbursement payment from the second hot wallet to one of the first hot wallet or the temporary wallet.
The system of claim 8, further comprising:

receiving, by the processor, a request to transfer the digital asset from a sending address to a receiving address;

determining, by the processor, whether the balance of a prepaid miner fee address associated with the sending address exceeds a prepayment threshold value; and

executing, by the processor, the on-chain transaction in response to the balance of the prepaid miner fee address exceeding the prepayment threshold value.
The system of claim 9, further comprising:

determining, by the processor, the prepayment threshold value;

increasing, by the processor, the prepayment threshold value in response to at least one of a transaction volume or a transaction volume rate; and

decreasing, by the processor, the prepayment threshold value in response to at least one of a transaction volume or a transaction volume rate.
The system of claim 9, further comprising:

generating, by the processor, an insufficient fee notice where the balance of the prepaid miner fee address associated with the sending address is less than the prepayment threshold value;

generating, by the processor, an instruction to pay miner fees in response to the insufficient fee notice; and

transferring, by the processor, the miner fee reimbursement payment from the second hot wallet to the prepaid miner fee address associated with the sending address in response to the instruction to pay miner fees.
The system of claim 8, further comprising:

taking, by the processor, a transaction fee;

segregating, by the processor, a portion of the transaction fee to generate a miner payment reserve;

paying, by the processor, a miner fee from the miner payment reserve; and

pulling, by the processor, additional assets from a sending address in response to the miner fee exceeding the miner payment reserve.
The system of claim 12, further comprising:

generating, by the processor, an instruction to make a supplemental miner fee payment; and

transferring, by the processor, the supplemental miner fee payment from the second hot wallet to the first hot wallet.
The system of claim 13, further comprising:

calculating, by the processor, a supplemental miner fee;

transferring, by the processor, the supplemental miner fee from the first hot wallet to the second hot wallet where the supplemental miner fee is greater than zero;

applying, by the processor, an absolute value function to the supplemental miner fee in response to the supplemental miner fee being less than zero; and

transferring, by the processor, the absolute value of the supplemental miner fee from the second hot wallet to the first hot wallet in response to the supplemental miner fee being less than zero.
An article of manufacture including a non-transitory, tangible computer readable storage medium having instructions stored thereon that, in response to execution by a computer based system, cause the computer based system to perform operations comprising:

providing, by a computer based system, a temporary wallet, a first hot wallet, and a second hot wallet;

initiating, by the computer based system, an on-chain transaction for a digital asset associated with at least one of the temporary wallet or the first hot wallet;

executing, by the computer based system, a miner fee reimbursement payment process in response to the on-chain transaction; and

transferring, by the computer based system, a miner fee reimbursement payment from the second hot wallet to one of the first hot wallet or the temporary wallet.
The article of manufacture of claim 15, further comprising:

receiving, by the computer based system, a request to transfer the digital asset from a sending address to a receiving address;

determining, by the computer based system, whether the balance of a prepaid miner fee address associated with the sending address exceeds a prepayment threshold value; and

executing, by the computer based system, the on-chain transaction in response to the balance of the prepaid miner fee address exceeding the prepayment threshold value.
The article of manufacture of claim 16, further comprising:

determining, by the computer based system, the prepayment threshold value;

increasing, by the computer based system, the prepayment threshold value in response to at least one of a transaction volume or a transaction volume rate; and

decreasing, by the computer based system, the prepayment threshold value in response to at least one of a transaction volume or a transaction volume rate.
The article of manufacture of claim 16, further comprising:

generating, by the computer based system, an insufficient fee notice where the balance of the prepaid miner fee address associated with the sending address is less than the prepayment threshold value;

generating, by the computer based system, an instruction to pay miner fees in response to the insufficient fee notice; and

transferring, by the computer based system, the miner fee reimbursement payment from the second hot wallet to the prepaid miner fee address associated with the sending address in response to the instruction to pay miner fees.
The article of manufacture of claim 15, further comprising:

taking, by the computer based system, a transaction fee;

segregating, by the computer based system, a portion of the transaction fee to generate a miner payment reserve;

paying, by the computer based system, a miner fee from the miner payment reserve; and

pulling, by the computer based system, additional assets from a sending address in response to the miner fee exceeding the miner payment reserve.
The article of manufacture of claim 19, further comprising:

generating, by the computer based system, an instruction to make a supplemental miner fee payment;

transferring, by the computer based system, the supplemental miner fee payment from the second hot wallet to the first hot wallet;

calculating, by the computer based system, a supplemental miner fee;

transferring, by the computer based system, the supplemental miner fee from the first hot wallet to the second hot wallet where the supplemental miner fee is greater than zero;

applying, by the computer based system, an absolute value function to the supplemental miner fee in response to the supplemental miner fee being less than zero; and

transferring, by the computer based system, the absolute value of the supplemental miner fee from the second hot wallet to the first hot wallet in response to the supplemental miner fee being less than zero.