[go: up one dir, main page]

WO2024074865A1 - Procédé de création d'une identification personnelle jetonisée, programme informatique et système de traitement de données - Google Patents

Procédé de création d'une identification personnelle jetonisée, programme informatique et système de traitement de données Download PDF

Info

Publication number
WO2024074865A1
WO2024074865A1 PCT/IB2022/059407 IB2022059407W WO2024074865A1 WO 2024074865 A1 WO2024074865 A1 WO 2024074865A1 IB 2022059407 W IB2022059407 W IB 2022059407W WO 2024074865 A1 WO2024074865 A1 WO 2024074865A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
verification
computer network
information
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2022/059407
Other languages
English (en)
Inventor
Geoffrey CARR-HARRIS
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cibex Ag
Original Assignee
Cibex Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cibex Ag filed Critical Cibex Ag
Priority to EP22800327.3A priority Critical patent/EP4599343A1/fr
Priority to PCT/IB2022/059407 priority patent/WO2024074865A1/fr
Publication of WO2024074865A1 publication Critical patent/WO2024074865A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present invention relates to a method for creating a tokenized personal identification according to claim 1 , a computer program according to claim 13, and a data processing system according to claim 14.
  • Various embodiments of the present invention concern creation of a tokenized personal identification of a person or an organization in a decentralized computer network, using a computer program and/or a data processing system.
  • EP 3 477 891 A1 disclosing a method for recording a digital identity of a first user, performed by a computing device of a first verification entity identified by a first verification entity identifier: receiving from the first user at least one first user identity document and extracting user personal identifiable information data elements from said user identity document, after verification, encrypting using a public key of the first verification entity and recording said encrypted user personal identifiable information data elements in a first distributed ledger whose access is authorized to a first set of computing devices only, generating a user identifier to be sent to said user and recording a hash of said user identifier in a second distributed ledger and, for each verified user personal identifiable information data element, an attestation including the first verification entity identifier and a hash of said user personal identifiable information data element, and recording each generated attestation in said second distributed ledger, for each generated attestation, recording in said second distributed ledger a relationship between the generated user identifier and said generated attestation, wherein said first and second distributed ledgers are configured such
  • WO 2020/008367 A1 discloses a method for creating a digital ID or digital data storage of a person or an organization using at least one identity document from said person or organization.
  • Said identity document is stored in an encrypted personal data container.
  • Said method calculates a hash code, which is stored in a decentralized network associated with a user ID.
  • the disadvantage of this method is that the user's trustworthiness is insufficiently checked, and the user’s creditworthiness is not checked at all. Thus, said method is insufficient for use in the cryptocurrency world.
  • An object of the present invention is to overcome the disadvantages of the prior art. It is further an object of the present invention to create a tokenized personal identification of a person or an organization in an improved way, so that the contributing parties may work together in a highly trustful manner, especially in the cryptocurrency environment.
  • a method, a computer program and a data processing system are to be provided, which have a high acceptance by users with respect to trustiness, applicability, and usability in the cryptocurrency environment.
  • the object is achieved by a method for creating a tokenized personal identification of a person or an organization in a decentralized computer network.
  • Said method comprises at least the following steps: a) Providing a connection of a first computing device in a computer network; b) Receiving at least two verification requests regarding the person or organization via said first computing device in the computing network; c) Providing of at least one risk management verification data, at least based on information delivered in the at least two verification requests in the computer network; d) Creating at least one tokenized personal identification data in a decentralized computer network, while said tokenized personal identifications data consider at least the risk management verification data.
  • Said method offers a user of the first computing device an easy solution to provide the ownership and the origin of the assets.
  • Said method makes cryptocurrency owners feel safe by making transactions, trading, buying, or withdrawing cryptocurrency.
  • a third party may prove that information from the user afterwards, when participating in the cryptocurrency environment.
  • the solution will work like a decentralized application (DApp) by verifying the user. After the verification process, said method will create a “Cryptographic Passport” (CryptoPass) in a decentralized way - generating a cryptographic token that provides cryptographically proven identification data, providing that a user is a legit person with legal assets, who successfully may go through the verification process.
  • DApp decentralized application
  • Said method provides a tokenized personal identification of a person or an organization with increased secure and reliable properties, such that contributing parties (e.g. a cryptocurrency exchange provider, financial institution, government entities, or others) may work together in a highly trustful manner in many different businesses.
  • contributing parties e.g. a cryptocurrency exchange provider, financial institution, government entities, or others
  • users are required to prove their identity gapless before getting access to data or benefit from services of third parties, which may be a complicated procedure to get finally such a proof.
  • Said risk management verification data creates high convenience between the user and organizations, institutions, and government, because it is tamperproof, which increases the trustfulness of said tokenized personal identification.
  • said tokenized personal identification may be hosted as a cryptographic token on a public blockchain platform, thus said method creates a transparent and reliable possibility to work with third parties.
  • said at least two verification requests comprise a KYC verification request.
  • Said KYC (know your customer) is a first preferred verification possibility in the method, which comprise fundamental information of the user of the first computing device in the computer network.
  • Said KYC verification requires personal data of the user of the first computing device.
  • Said required personal data may comprise passport data or other official personal documents, like biometry data or certificate of birth or comparable authorized documents.
  • Said KYC secures said tokenized personal identification data with respect to a user confusion.
  • Said user can be registered just once for a tokenized personal identification data.
  • Said KYC verification data will be aggregated, and a proof of identity is easily provided.
  • said KYC verification data is saved in said decentralized network, for example in one or many server computers of the decentralized network.
  • said KYC verification data is saved in a blockchain in the decentralized network, which increases the confidentiality of the method.
  • said at least two verification requests comprise an AML verification request.
  • Said AML anti-money laundering
  • An AML provider or said user of the first computing device provides sufficient information of the legal origin of the verification data.
  • Third parties like cryptocurrency exchanges and other financial institutions, can be sure, that the information is compliant with AML regulation and the user’s assets are of safe origin.
  • Said AML may also comprise KYT (know your transaction) data, which is a process employed by financial institutions to monitor the merchants’ businesses through the analysis of transaction data.
  • Examining transaction data allows accurate and data-driven conclusions to be made, as it produces the essential evidence required upon suspicions over any fraudulent merchant activity.
  • Said AML provider or said user of the first computing device must provide sufficient data to pass the AML verification request.
  • Said AML verification data will be aggregated, and a proof of funds is easily provided.
  • said users passes said ALM verification, said ALM verification data is saved in said decentralized network, for example in one or many servers of the decentralized network.
  • said ALM verification data is saved in a blockchain in the decentralized network, which further increases the confidentiality of the method.
  • said at least one risk management verification data comprises at least one information data based on the KYC or AML verification data.
  • Said KYC information data may involve at least one of name, surname, age, gender, jurisdiction, document type, biometry result, politically exposed person (PEP), KYC provider score, country of registration.
  • Said AML information data may involve at least one of AML provider risk score, cryptocurrency wallet age, volumes, and sizes of transactions, cryptocurrency origin, cryptocurrency wallet balance. Therefore, said risk management verification data is connected to the KYC and/or AML verification data.
  • said risk management verification data comprises very sensitive data of the user of the first computing device and said sensitive data is saved in a blockchain in the decentralized network, which increases the confidentiality of the method.
  • step b) at least one cryptocurrency wallet is connected to said computer network.
  • Said cryptocurrency wallet is owned by the user of the first computing device or said user has permission for using the cryptocurrency wallet.
  • Said cryptocurrency wallet is used on the one hand to pay for services and on the other hand for verifying the ownership of the cryptocurrency wallet and/or check further AML verification data. Furthermore, providing the legal origin of the cryptocurrency in the cryptocurrency wallet supports the compliance for meeting said ALM or KYT verifications.
  • an ownership verification data process of the at least one cryptocurrency wallet is performed.
  • This offers an easy solution for cryptocurrency owners to prove the ownership and origin of their cryptocurrency assets.
  • the solution will work like said decentralized application by verifying the user and his cryptocurrency or crypto asset holdings.
  • said cryptographic token that provides cryptographically proven identification data is generated, which ensure that said user is a legit person with legal assets who successfully may go through the verification process.
  • Said ownership verification data process may comprise a verification of the cryptocurrency wallet, using an ETH (Ethereum)- wallet check, which ensure that the cryptocurrency wallet is an ETH-based wallet.
  • Said wallet check may use a typical ETH-based connection process and/or a known Satoshi test, while passing said check, said cryptocurrency wallet is connected to the decentralized network, for finalization the proof of wallet ownership.
  • Third parties like government entities, are supported to collect taxes and to stop criminals from disguising illegally obtained funds as legitimate income.
  • Ethereum is a decentralized, open source blockchain with smart contract functionality. Ethereum allows anyone to deploy permanent and immutable decentralized applications onto it, with which users can interact.
  • Decentralized finance (DeFi) applications provide a broad array of financial services without the need for typical financial intermediaries like brokerages, exchanges, or banks, such as allowing cryptocurrency users to borrow against their holdings or lend them out for interest.
  • Ethereum also allows users to create and exchange NFTs (non-fungible tokens), which are unique tokens representing ownership of an associated asset or privilege, as recognized by any number of institutions.
  • NFTs non-fungible tokens
  • Ethereum utilize the ERC-20 token standard on top of the Ethereum blockchain and have utilized the platform for initial coin offerings.
  • Ethereum transitioned its consensus mechanism from proof-of-work (PoW) to proof-of-stake (PoS). Consequently, Ethereum's energy consumption rate was reduced by about 99.95%.
  • PoW proof-of-work
  • PoS proof-of-stake
  • Ethereum energy consumption rate was reduced by about 99.95%.
  • all smart contracts are stored publicly on every node of the blockchain. Every new transaction is recorded on a new block, which is connected to previous and future blocks in a chain. Fraudsters who want to tamper with one transaction/block would have to tamper all preceding and following blocks, which is possible, but extremely difficult.
  • similar blockchain technologies may be used for creating at least one tokenized
  • said at least one risk management verification data is further based on information data delivered by the ownership verification in the computer network.
  • Said information data may involve at least one of cryptocurrency type, cryptocurrency wallet balance, a verification method, cryptocurrency wallet type. Therefore, said risk management verification data is connected to the connected cryptocurrency wallet and/or said ownership verification data.
  • said risk management verification data comprises very sensitive data of the cryptocurrency wallet of the user of the first computing device. Said sensitive data is saved in a blockchain in the decentralized network, which increases the confidentiality of the above-mentioned method.
  • a single user may own several cryptocurrency wallets, but just one tokenized personal identification data, which may comprise the ownership verification data of the different cryptocurrency wallets.
  • Said tokenized personal identification data acts like a single gatekeeper to the decentralized network. Said cannot be transferred from one user to another. It should indicate that the user has valid cryptocurrency, and it wouldn’t be unexpectedly frozen by a third party.
  • said at least one tokenized personal identification data aggregates information from at least two of a KYC service, AML services and ownership of the cryptocurrency wallet service in one single cryptographic token, which is not transferable, and editable.
  • This tokenized personal identification data may be hosted on a public ETH-based blockchain platform as said cryptographic token.
  • said method provides a tokenized personal identification of a person or an organization with highly increased secure and reliable properties in a single token, such that contributing parties may work together in a highly trustful manner in many different areas, like bank or public authorities.
  • said risk management verification data comprises at least one risk score.
  • the more information data from KYC, AML and/or ownership verification is provided during above-mentioned verification processes, the more acceptable said risk management verification data will be and the better the risk score will be.
  • said risk score is high, if said information data e.g. in said ownership verification process, comprises leakages.
  • a user with an excellent low risk score may use this as a certificate of good standing for the business, the finance reputation as well as legal concerns.
  • Said at least one score is computed in a second computer device in the computer network.
  • Said second computer device is part of said decentralized network and thus is independent of the first computer device.
  • Said risk score cannot be manipulated by a user or a third party.
  • Said tokenized personal identification data may comprise a demand of minima number of KYC information data and/or ALM information data and/or ownership information data of the user of the first computer device. Those minima number at least comprises a full name of the user, the date of birth, an identifier of the KYC, an array of the address of the cryptocurrency wallet and the country of registration as well as said at least one risk management verification data.
  • Said array of address of the cryptocurrency wallet may comprise an address’s date of creation, an address’s turnover, a balance at the address and/or a risk score for a specific address.
  • said risk management verification data may comprise an overall risk score composed of several risk scores and information data of KYC, of ALM or ownership or verification data.
  • an overall risk score may easily be used as a certificate of good standing for the business, the finance reputation as well as legal concerns.
  • One of the advantages of said tokenized personal identification of a person or an organization is that it comprises several components to provide an easy, secure, and transparent service for cryptocurrency owners, e.g. to prove the legal origin of the cryptocurrencies users own.
  • Said tokenized personal identification of a person or an organization comprises several components to provide an easy, secure, and transparent service for cryptocurrency exchanges and other financial institutions, e.g. to be compliant with AML regulation and ensure the safe origin of users' cryptocurrency funds.
  • said tokenized personal identification of a person or an organization comprises several components to provide an easy, secure, and transparent service for government entities, e.g. to collect taxes and to stop criminals from disguising illegally obtained funds as legitimate income.
  • said at least one risk management verification data comprises at least one level of risk information.
  • said information data of KYC, ALM or ownership may be categorized in several risk levels, which allows a better subdivision of the at least one risk management verification data. Some information data may be weighted as very important and will be weighted with a high multiplication, to change the at least one risk score.
  • said at least one risk management verification data comprises a multi-level of risk information.
  • the subdivisions of the at least one risk management verification data is possible in multi-level regime, which increases the reliability of the trustworthiness check in the method.
  • said decentralized computer network comprise at least one public blockchain.
  • access to this type of blockchain is open to any participant - in other words, anyone who wants to can participate in the network, execute transactions, help validate blocks, and view the entire history of the blockchain. This creates a high convenience between the user and organizations, institutions and government, because it is tamperproof, which increases the trustfulness of said tokenized personal identification.
  • said decentralized computer network comprise at least one private blockchain.
  • a private or permissioned blockchain is a form of blockchain where only selected participants have access rights.
  • the private blockchain is not publicly viewable but can only be viewed and verified by authorized persons. It is considered more secure due to the highly regulated access and is therefore preferred in companies for managing internal transactions.
  • a database is connected to the computer network, comprising preferably historical data.
  • Said historical data may comprise information data from KYC, ALM and/or ownership information of several users or third parties, which may be verified with the information data provided from a user of the first computing device or an institution, organization, or government.
  • Said historical data may be used to verify the at least one risk score and/or the risk management verification data.
  • Historical user data or cryptocurrency wallet data is compared with the provided information data at least during said at least two verification requests in step b).
  • Said provided information data during the at least two verification requests in step b) may be saved as new historical data in said database.
  • Said database is preferably needed to save information data about users.
  • Said database may consist of tables likes, users: name, surname, e-mail, date of birth, country, KYC provider, risk score, certified documents.
  • said at least one tokenized personal identification data is stored in a certified document.
  • the above-mentioned information at least comprising the risk management verification data and/or the at least one risk score, is stored in a certified document.
  • a third-party institution is verified to the computer network and said at least one tokenized personal identification data.
  • Said third-party institutions may register in the computer network to get access to the at least one tokenized personal identification data and/or the KYC information and/or ownership information.
  • said certified document is delivered to the third-party institution.
  • the above-mentioned information at least comprising the risk management verification data and/or the at least one risk score, is stored in a certified document, which can easily be handed over to an institution or government for their usage.
  • Third parties like government entities, are supported to collect taxes and to stop criminals from disguising illegally obtained funds as legitimate income.
  • said risk management verification data is provided using an artificial intelligence (Al) module, connected to the computing network.
  • Al-module comprise at least one calculation algorithm like a neuronal network, a support vector machine or a transformer-calculation-unit for handling the above-mentioned information data, at least to provide said risk management verification data and/or to provide said at least one risk score.
  • Said calculation algorithm of the Al is trained by historical information data and verification data of real user’s verification requests.
  • said risk management verification data is provided based on a formula using the information of at least one information of the person or the organization.
  • the formula allows a reproducible and comparable calculation of the risk management verification data.
  • Said formula may comprise at least some of the KYC information and/or AML information, which are preferably weighted with a multiplicator. The information enters into the calculation with different weightings, so that important information has a greater influence on the risk management verification data.
  • Alternatively or supplementary said risk management verification data is provided based on a formula using the information of at least one wallet information data.
  • Said wallet information data may comprise cryptocurrency wallet age, volumes, or country of origin, or country of login. The information may enter into the calculation with different weightings, so that important information has a greater influence on the risk management verification data.
  • Alternatively or supplementary said risk management verification data is provided based on a formula using the information of at least one information of the cryptocurrency.
  • Said at least one information of the cryptocurrency may comprise cryptocurrency origin, cryptocurrency wallet balance, or sizes of transactions.
  • the information may enter into the calculation with different weightings, so that important information has a greater influence on the risk management verification data.
  • the object is achieved by a computer program, configured to perform a method as herein disclosed.
  • Said computer program will work like a decentralized application (DApp) by verifying the user and provides a tokenized personal identification of a person or an organization with increased secure and reliable properties, such that contributing parties may work together in a highly trustful manner in many different areas, like bank or public authorities.
  • DApp decentralized application
  • Said above-mentioned method will be a computer-implemented method.
  • the object is achieved by a data processing system comprising means for carrying out the steps of the method as herein disclosed.
  • Said data processing system offers a user of the first computing device an easy solution to provide the ownership and the origin of their assets. A third party may prove that information afterwards.
  • the solution will work like a decentralized application (DApp) by verifying the user and provides a tokenized personal identification of a person or an organization with increased secure and reliable properties, such that contributing parties may work together in a highly trustful manner in many different areas, like bank or public authorities.
  • DApp decentralized application
  • Said risk management verification data creates high convenience between the user and organizations, institutions and government, because it is tamperproof, which increases the trustfulness of said tokenized personal identification.
  • Said data processing system may comprise several modules, e.g. user module with registration and authorization functionality, verification module with KYC data handling, wallet ownership validation module, verification module with AML data handling, an external KYC service module, an external AML/KYT service module, payment module, decentralize application module, database module, a bridge between blockchain and database, application program interface (API) module for the third party institutions. At least some of these modules ensure a secure and reliable data processing system.
  • modules e.g. user module with registration and authorization functionality, verification module with KYC data handling, wallet ownership validation module, verification module with AML data handling, an external KYC service module, an external AML/KYT service module, payment module, decentralize application module, database module, a bridge between blockchain and database, application program interface (API) module for the third party institutions.
  • API application program interface
  • At least one interface for connecting a first computing device to at least one computer is provided.
  • Said at least one interface may be a platform, a mobile application and/or a website.
  • said user, third-parties, institutions, organizations, or governments may register in the decentralized network. After registration, they will get access to the above-mentioned method for creating a tokenized personal identification of a person or an organization.
  • At least one cryptocurrency wallet is connected to said computer. Connecting said cryptocurrency wallet to a computer, e.g. the first computing device, will allow said user to start an ownership verification request, and to provide the relevant a sensitive data.
  • Said cryptocurrency wallet is owned by the user of the first computing device, or said user has permission for using the cryptocurrency wallet.
  • Said cryptocurrency wallet is used on the one hand to pay for services and on the other hand for verifying the ownership of the cryptocurrency wallet. Furthermore, providing the legal origin of the cryptocurrency in the cryptocurrency wallet supports the compliance.
  • At least one computer provides AML data.
  • ALM information data is usable for verification requests from an ALM service provider.
  • At least one computer is a backend computer providing at least one Al module.
  • Said Al module will perform said above-mentioned method.
  • Using a backend computer will increase the data security of the data processing system.
  • At least a database is connected to the computer network, providing historical data.
  • Said database is preferably needed to save information data about users.
  • Said database may consist of tables likes, users, name, surname, e- mail, date of birth, country, KYC provider, risk score, certified documents.
  • At least one computer of a third-party institution is connected to the computer network.
  • Said third-party may a KYC provider and/or an AML provider or other official data provider.
  • said third-party institutions may use said connection to buy information, like said risk management verification data or tokenized personal identification of a person or an organization.
  • Positional indications such as “above”, “below”, “right” or “left” are in each case related to the corresponding embodiments and are not to be understood as restrictive.
  • Indications such as “first”, “second”, or “further” are in each case related to the corresponding device and are not to be understood as restrictive or enumeration.
  • the invention also encompasses individual features shown in the figures, even if they are shown there in connection with other features and/or are not mentioned above. Further, the term “comprising” and derivatives thereof do not exclude other elements or steps. Likewise, the indefinite article “a” or “one” and derivatives thereof do not exclude a plurality. The functions of multiple features recited in the claims may be performed by a single unit. The terms “substantially”, “approximately”, “about” and the like in connection with a characteristic or a value define, in particular, also exactly the characteristic or exactly the value. All reference signs in the claims are not to be understood as limiting the scope of the claims.
  • Fig. 1 shows a first inventive method for creating a tokenized personal identification of a person or an organization in a decentralized computer network in a schematic flow diagram
  • Fig. 2 shows a registration procedure for the method according to Fig. 1 in a schematic flow diagram
  • Fig. 3 shows a user authorization procedure for the method according to Fig. 1 in a schematic flow diagram
  • Fig. 4 shows a wallet authorization procedure for the method according to Fig. 1 in a schematic flow diagram
  • Fig. 5 shows a “know your customer” procedure for the method according to Fig. 1 in a schematic flow diagram
  • Fig. 6 shows an “anti-money laundering” procedure for the method according to Fig. 1 in a schematic flow diagram
  • Fig. 7 shows a token generation procedure for the method according to Fig. 1 in a schematic flow diagram
  • Fig. 8 shows a token emission procedure for the method according to Fig. 1 in a schematic flow diagram
  • Fig. 9 shows a certified document creation procedure for the method according to Fig. 1 in a schematic flow diagram
  • Fig. 10 shows a third-party interaction in the method according to Fig. 1 in a schematic flow diagram
  • Fig. 11 shows a further inventive method for creating a tokenized personal identification of a person or an organization in a decentralized computer network in a schematic flow diagram
  • Fig. 12 shows an inventive data processing system in a schematic flow diagram.
  • FIG. 1 to Figure 9 show flow diagrams 100 to 1000 disclosing a first embodiment of a method for creating a tokenized personal identification of a person or an organization in a decentralized computer network.
  • Said method comprises at least the following steps: a) Providing a connection of a first computing device in a computer network ; b) Receiving at least two verification requests regarding the person or organization via said first computing device in the computing network; c) Providing of at least one risk management verification data, at least based on information delivered in the at least two verification requests in the computer network; d) Creating at least one tokenized personal identification data in a decentralized computer network, while said tokenized personal identifications data consider at least the risk management verification data.
  • a new user 50 registers himself in a first step 200 on the CryptoPass website or via a mobile application to the decentralized network - see Figure 2 for the details.
  • the new user has to connect a first computing device in the computing network and will perform a registration process 201 , using an e-mail address and personal data 202, e.g. name, surname, date of birth, nationality, etc.
  • Said connection of the first computing device may occur using an internet connection, or a LAN connection, or a WLAN connection, wireless data connection, or mobile data connection, or using an ethernet cable, or satellite connection.
  • Said e-mail address is verified 203 in the procedure and after a positive verification, said user may create a new profile 204 and will get a private key for entering to the decentralized network frequently.
  • Said user may register himself just once and after registration the user becomes an existing user in the decentralized network.
  • Said existing user 51 will proceed with an authorization procedure 300 performing an authorization process 301 on the website or the mobile application using said e-mail address and private key 302 - see Figure 3 for the details. If said credential verification 303 is positive, said CryptoPass user profile 304 is accepted and further steps in the inventive method are available.
  • an ownership verification process 400 is started to use said cryptocurrency wallet in the decentralized network - see Figure 4 for the details.
  • a first verification request 401 concerning said cryptocurrency wallet is performed in said method.
  • Said cryptocurrency wallet is owned by the user of the first computing device, or said user has permission for using the cryptocurrency wallet.
  • Said cryptocurrency wallet is used on the one hand to pay for services and on the other hand for verifying the ownership of the cryptocurrency wallet.
  • Said ownership verification data process comprises a verification of the cryptocurrency wallet, using an ETH (Ethereum)- wallet check protocol 402, which ensure that the cryptocurrency wallet is an ETH-based wallet.
  • said cryptocurrency wallet is connected 403, otherwise a Satoshi test 404 is performed to verify said cryptocurrency wallet.
  • said cryptocurrency wallet is connected to the computer network, information data is provided, and said cryptocurrency wallet is advised to the user profile 405, for finalization of the proof of wallet ownership.
  • Said information data involves at least one of cryptocurrency type, cryptocurrency wallet balance, a verification method, cryptocurrency wallet type.
  • a KYC (know your customer) procedure 500 is performed, comprising a KYC validation process 501 - see Figure 5 for the details.
  • said KYC validation uses an external KYC provider 502, which is connected to the computing network.
  • Said KYC verification requires KYC information of the user of the first computing device.
  • Said required KYC information may comprise a document verification 503, including e.g. passport data or other official personal documents, like biometry data, or certificate of birth, or comparable authorized documents 504. If said KYC information data passes said verification 504, an aggregation of the verification data 505 is performed, and a proof of identity 506 of the user is provided.
  • Said KYC verification data is saved in a blockchain in the decentralized network 507.
  • a reliable KYC procedure of an external KYC provider comprises KYC information data involving name, surname, age, gender, jurisdiction, document type, biometry result, politically exposed person (PEP), KYC provider score, country of registration.
  • an AML (anti-money laundering) procedure 600 is performed, comprising an ALM validation process 601 - see Figure 6 for the details.
  • said ALM validation uses an external ALM provider 602, which is connected to the computing network.
  • Said ALM verification request 603 requires information of suspicious activity including the predicate offences to money laundering and terrorist financing, such as securities fraud and market manipulation of the user of the first computing device. If said ALM information data is complete 604, an aggregation of the verification data 605 is performed, and a proof of funds 606 of the user is provided.
  • Said ALM verification data is saved in a blockchain in the decentralized network 607.
  • a reliable ALM procedure of an external AML provider comprises an ALM provider risk score, a cryptocurrency wallet age, volumes and sizes of transactions, a cryptocurrency origin, a cryptocurrency wallet balance.
  • said risk management verification data 700 is provides, based on an aggregation 702 of the above-mentioned KYC information data, ALM information data and information data delivered by the ownership verification in the computer network.
  • Said existing user must provide a payment 701 for accessing said risk management verification data and for the later emitted tokenized personal identification data - see Figure 7 for the details.
  • Said tokenized personal identification data is hosted on a public ETH-based blockchain platform as a tokenized personal identification data token. After payment 701 said aggregation 702 is performed and said tokenized personal identification data is created 703 in a decentralized computer network, while said tokenized personal identifications data consider the risk management verification data (step d)).
  • Said tokenized personal identification data comprises a demand of minima number of KYC information data, ALM information data and ownership information data of the user of the first computer device - see Figure 8 for the details.
  • This minima number 801 comprises e.g. a full name of the user, the date of birth (User ID) 801, an array of the address of the cryptocurrency wallet (wallet ID) 802, an identifier of the KYC (aggregated KYC information) 803, and the country of registration as well as said at least one risk management verification data.
  • Said array of address of the cryptocurrency wallet may comprise an address’s date of creation, an address’s turnover, a balance at the address and/or a risk score for a specific address.
  • said risk management verification data comprises an overall risk score composed of several risk scores and information data of KYC 803, of ALM 804 or ownership 802 verification data.
  • an overall risk score may easily be used as a certificate of good standing for the business, the finance reputation as well as legal concerns.
  • Said risk management verification data comprises at least one level of risk information.
  • said information data of KYC, ALM or ownership may be categorized in several risk levels, which allows a better subdivision of the at least one risk management verification data. Some information data are weighted as very important and are weighted with a high multiplication, to adapt the risk score.
  • a database is connected to the computer network, comprising historical data.
  • Said historical data comprises information data from KYC, ALM and/or ownership information, which is verified with the information data provided from the user of the environment and/or from the user of the first computing device or the KYC provide or the ALM provider.
  • Said historical data is used to verify the at least one risk score and/or the risk management verification data.
  • Historical user data or historical cryptocurrency wallet data is compared with the provided information data at least during said verification requests in step b). Said provided information data during the verification requests in step b) are saved as new historical data in said database.
  • Said tokenized personal identification data is also used to create a certified document 900 - see Figure 9 for the details.
  • the existing user gets the possibility to generate the certified document 903 after proceeding a report generation procedure 901. Said existing user must provide a payment 902 for generating of said certified document 903.
  • the certified document 903 comprising the risk management verification data and/or the at least one risk score.
  • FIG 10 shows a flow diagram 1000 disclosing the interaction of a third party 60 with the CryptoPass user, which already owns a tokenized personal identification data in form of a cryptographic token.
  • Said tokenized personal identification data allows easy access to third party institutes and the exchange of data.
  • Said third party institutions must provide a payment for access to the computer network and getting access to the tokenized personal identification data of the user.
  • FIG 11 shows a flow diagram 1100 disclosing a further embodiment of the method for creating a tokenized personal identification of a person or an organization in a decentralized computer network.
  • Said further embodiment of the method comprises several steps of the embodiment concerning the Figure 1 to Figure 9. Said differences to the embodiment concerning the Figure 1 to Figure 9 are:
  • Said ownership verification data 400, said KYC verification data 500, and as well as said AML verification data 600 are provided by the existing user.
  • Said risk management verification data is provided to an artificial intelligence (Al) module 1102, connected in the computing network.
  • Said provided data is extracted 1101 and provided to the Al module 1102.
  • Said Al module 1102 comprise at least one calculation algorithm like a neuronal network, a support vector machine or a transformer-calculation-unit for handling the above-mentioned extracted information data 1101, at least to provide said risk management verification data and/or to provide said risk score 1104.
  • Said calculation algorithm of the Al is trained by historical information data and verification data of real user’s verification requests 1103 and saved in a database 1105.
  • Said Al module 1103 may be used in another embodiment in the method according to the Figure 1 to Figure 9. Said Al module is used to aggregate said information data of KYC, ALM and/or ownership and to analyse said information data. Furthermore, said Al module may finally provide said risk score (not shown).
  • a computer program is configured to perform at least one method as herein disclosed.
  • Figure 12 shows a data processing system 1200 comprising means for carrying out the steps of any embodiment of the method as herein disclosed, comprising a decentralized network with several computers 1210, 1220 in a computer network, hosting at least one blockchain environment 1300, a CryptoPass environment 1400, KYC providers 1500, ALM providers 1600 and connection to a third-party institution 1700.
  • Said data processing system 1200 works like a decentralized application (DApp) by verifying the user and provides a tokenized personal identification of a person or an organization.
  • DApp decentralized application
  • Said data processing system 1200 offers a user of the first computing device 1240 an easy solution to provide the ownership and the origin of their assets. Said user connects a cryptocurrency wallet to said first computing device 1240.
  • a first Computer 1220 is a backend computer providing at least one Al module 1260.
  • Said Al module 1260 will perform at least one of said above-mentioned methods.
  • Said computer 1220 is connected to a database 1270.
  • Said database 1270 is used to save information data about the users.
  • Said database may consist of tables likes, users, name, surname, e-mail, date of birth, country, KYC provider, risk score, certified documents.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention divulgue un procédé de création d'une identification personnelle jetonisée d'une personne ou d'une organisation dans un réseau informatique décentralisé, ledit procédé comprenant au moins les étapes suivantes : la fourniture d'une connexion d'un premier dispositif informatique dans un réseau informatique, la réception d'au moins deux demandes de vérification concernant la personne ou l'organisation par l'intermédiaire dudit premier dispositif informatique dans le réseau informatique, la fourniture d'au moins une donnée de vérification de gestion de risque, au moins sur la base d'informations délivrées dans les au moins deux demandes de vérification dans le réseau informatique, la création d'au moins une donnée d'identification personnelle jetonisée dans un réseau informatique décentralisé, tandis que ladite donnée d'identification personnelle jetonisée prend en considération au moins la donnée de vérification de gestion de risque. L'invention concerne en outre un programme informatique et un système de traitement de données.
PCT/IB2022/059407 2022-10-03 2022-10-03 Procédé de création d'une identification personnelle jetonisée, programme informatique et système de traitement de données Ceased WO2024074865A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP22800327.3A EP4599343A1 (fr) 2022-10-03 2022-10-03 Procédé de création d'une identification personnelle jetonisée, programme informatique et système de traitement de données
PCT/IB2022/059407 WO2024074865A1 (fr) 2022-10-03 2022-10-03 Procédé de création d'une identification personnelle jetonisée, programme informatique et système de traitement de données

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2022/059407 WO2024074865A1 (fr) 2022-10-03 2022-10-03 Procédé de création d'une identification personnelle jetonisée, programme informatique et système de traitement de données

Publications (1)

Publication Number Publication Date
WO2024074865A1 true WO2024074865A1 (fr) 2024-04-11

Family

ID=84245892

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2022/059407 Ceased WO2024074865A1 (fr) 2022-10-03 2022-10-03 Procédé de création d'une identification personnelle jetonisée, programme informatique et système de traitement de données

Country Status (2)

Country Link
EP (1) EP4599343A1 (fr)
WO (1) WO2024074865A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3477891A1 (fr) 2017-10-26 2019-05-01 Gemalto Sa Procédés permettant d'enregistrer et de partager une identité numérique d'un utilisateur au moyen de registres répartis
WO2020008367A1 (fr) 2018-07-02 2020-01-09 Bitchange Oü Procédé de création d'un identifiant numérique ou d'un stockage numérique de données d'une personne ou d'une organisation, et procédé d'utilisation de l'identifiant numérique ou du stockage numérique de données pour une identification à distance
US20200044853A1 (en) * 2016-06-06 2020-02-06 Refinitiv Us Organization Llc Systems and methods for providing identity scores
US20210326486A1 (en) * 2020-08-31 2021-10-21 Alipay (Hangzhou) Information Technology Co., Ltd. Data check methods, apparatuses, and devices

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200044853A1 (en) * 2016-06-06 2020-02-06 Refinitiv Us Organization Llc Systems and methods for providing identity scores
EP3477891A1 (fr) 2017-10-26 2019-05-01 Gemalto Sa Procédés permettant d'enregistrer et de partager une identité numérique d'un utilisateur au moyen de registres répartis
WO2020008367A1 (fr) 2018-07-02 2020-01-09 Bitchange Oü Procédé de création d'un identifiant numérique ou d'un stockage numérique de données d'une personne ou d'une organisation, et procédé d'utilisation de l'identifiant numérique ou du stockage numérique de données pour une identification à distance
US20210326486A1 (en) * 2020-08-31 2021-10-21 Alipay (Hangzhou) Information Technology Co., Ltd. Data check methods, apparatuses, and devices

Also Published As

Publication number Publication date
EP4599343A1 (fr) 2025-08-13

Similar Documents

Publication Publication Date Title
US11861610B2 (en) Public ledger authentication system
US10771251B1 (en) Identity management service via virtual passport
US20240104521A1 (en) System and method for compliance-enabled digitally represented assets
US20220084013A1 (en) Identity management, smart contract generator, and blockchain mediating system, and related methods
KR101534146B1 (ko) 데이터로 관리되는 무형화폐인 비트머니의 생성 방법과 제공서비스 시스템
JP3228339U (ja) 個人認証及び確認システム及び方法
US11956364B2 (en) Information processing device and information processing method
US20230162174A1 (en) System and method of automated know-your-transaction checking in digital asset transactions
Mogos et al. Study on security risks of e-banking system
Al-Aswad et al. Towards a blockchain-based zero-knowledge model for secure data sharing and access
WO2020247600A1 (fr) Systèmes et procédés pour identité et données holistiques numérisées de consommateur
Sarma et al. Internet banking: Risk analysis and applicability of biometric technology for authentication
Ho et al. The relative benefits and risks of stablecoins as a means of payment: A case study perspective
WO2019209291A1 (fr) Systèmes et procédés pour la fourniture d'une solution décentralisée universelle destinée à la vérification d'utilisateurs possédant des caractéristiques de vérification croisée
CN120898219A (zh) 用于欺诈预防的链式交易
Adewole et al. Application of cryptocurrencies using Blockchain for e-commerce online payment
Malphrus Perspectives on retail payments fraud
Gross et al. How to design a compliant, privacy-preserving fiat stablecoin via zero-knowledge proofs
Hoffman Encrypted digital cash transfers: Why traditional money laundering controls may fail without uniform cryptography regulations
WO2024074865A1 (fr) Procédé de création d'une identification personnelle jetonisée, programme informatique et système de traitement de données
Zarei Risk management of internet banking
Kennedy Thumbs up for biometric authentication
Kumar et al. Geofencing based Banking Authentication System: A Fraud Mitigation Technique
Blasco Digital Identity in a European User-Centric Ecosystem and Its Similarities with the Digital Euro Proposal
EP4407498A1 (fr) Procédé de fourniture et de vérification de données personnelles

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22800327

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2022800327

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2022800327

Country of ref document: EP

Effective date: 20250506

WWP Wipo information: published in national office

Ref document number: 2022800327

Country of ref document: EP