US 2015/0287026 A1 - Data Analytic And Security Mechanism For Implementing A Hot Wallet Service - The Lens

Data Analytic And Security Mechanism For Implementing A Hot Wallet Service

Published: Oct 8, 2015
Earliest Priority: Apr 02 2014
Family: 2
Cited Works: 1
Cited by: 74
Cites: 1
Additional Info: Full text

Abstract

Some embodiments include a hot wallet service system including: a manager server configured to receive a cryptocurrency transaction request identifying at least a hot wallet accountholder identifier and to determine a first set of authentication servers to authenticate the cryptocurrency transaction request; the authentication servers, each configured to independently authenticate the cryptocurrency transaction request by verifying a requester of the cryptocurrency transaction request against an accountholder profile associated with the hot wallet accountholder identifier; wherein the authentication servers are configured to approve, independently from each other, the cryptocurrency transaction request by cryptographically signing approval messages to send to an aggregation server using respective private authentication keys stored respectively in the authentication servers when the requester is verified; and the aggregation server configured to aggregate cryptographic signatures of the cryptocurrency transaction request from the authentication servers to publish the cryptocurrency transaction request into a cryptocurrency network.

Claims

A computer-implemented method of operating a hot wallet service system, comprising:
receiving a cryptocurrency transaction request from a front-end server that interfaces with a requestor user device, the cryptocurrency transaction request identifying at least a hot wallet accountholder identifier;

determining, at a manager server, a first set of authentication factor servers to authenticate the cryptocurrency transaction request, each authentication factor server utilizing a different authentication factor;

requesting the first set of the authentication factor servers to verify a requester of the cryptocurrency transaction request against an accountholder profile associated with the hot wallet accountholder identifier;

authenticating, via the authentication factor servers operating independently of each other, the cryptocurrency transaction request based on the accountholder profile, wherein authenticating the cryptocurrency transaction request includes the authentication factor servers independently approving the cryptocurrency transaction request by cryptographically signing approval messages with respective private authentication keys of the authentication factor servers, each of the authentication factor servers approving when the requester is verified; and

aggregating, via the aggregation server, the approval messages respectively having cryptographic signatures of the cryptocurrency transaction request from the authentication factor servers to publish the cryptocurrency transaction request into a cryptocurrency network.
The computer-implemented method of claim 1, wherein aggregating the approval messages includes:
in response to receiving the cryptographic signatures, generating a transaction broadcast message based on the cryptocurrency transaction request, the transaction broadcast message specifying at least a public destination address and one or more cryptocurrency source addresses to draw value from, wherein the one or more cryptocurrency source addresses are selected from a shared pool of cryptocurrency addresses available to multiple accountholders in the hot wallet service system and wherein the transaction broadcast message is signed with private cryptocurrency keys corresponding to the one or more cryptocurrency source addresses;

providing the transaction broadcast message to one or more computer nodes in the cryptocurrency network.
The computer-implemented method of claim 1, wherein aggregating the approval messages includes:
in response to receiving the cryptographic signatures, generating a transaction broadcast message based on the cryptocurrency transaction request, the transaction broadcast message specifying at least a public destination address and one or more cryptocurrency source addresses to draw value from, wherein the one or more cryptocurrency source addresses are selected from a private pool of cryptocurrency addresses available to the hot wallet accountholder identifier and wherein the transaction broadcast message is signed with private cryptocurrency keys corresponding to the one or more cryptocurrency source addresses;

providing the transaction broadcast message to one or more computer nodes in the cryptocurrency network.
The computer-implemented method of claim 1, wherein each of the authentication factor servers stores a portion of the accountholder profile, associated with the hot wallet accountholder identifier, and wherein authenticating includes authenticating via one of the authentication factor servers by verifying the requestor against the portion of the accountholder profile in the one authentication factor server.
The computer-implemented method of claim 1, wherein the manager server or the front-end server stores the accountholder profile, and requesting the authentication factor servers includes providing the accountholder profile to the first set of the authentication factor servers.
The computer-implemented method of claim 1, wherein authenticating includes verifying, via one of the authentication factor servers, that the requester is in possession of a communication device other than the requestor user device.
The computer-implemented method of claim 1, wherein authenticating includes verifying, via one of the authentication factor servers, that the requester is knowledgeable of a passcode or one or more answers to one or more questions.
The computer-implemented method of claim 1, wherein authenticating includes sending, via one of the authentication factor servers, a biometric verification request to a communication device, other than the requestor user device, associated with the hot wallet accountholder identifier.
The computer-implemented method of claim 1, wherein authenticating includes requesting, via one of the authentication factor servers, a third-party service to authenticate the requester against the accountholder profile.
The computer-implemented method of claim 1, wherein authenticating, via the authentication factor servers, includes receiving responses to authentication requests indirectly through the front-end server and the manager server.
The computer-implemented method of claim 1, wherein aggregating the cryptographic signatures includes:
determining an approval ratio of the authentication factor servers in the first set that have cryptographically signed the approval messages to the aggregation server; and

cryptographically signing a transaction broadcast message based on the cryptocurrency transaction request when the approval ratio is above a ratio threshold.
The computer-implemented method of claim 11, wherein aggregating further includes determining the ratio threshold based on a suspicion level of the requestor user device or the accountholder profile.
The computer-implemented method of claim 11, wherein determining the ratio threshold is based on an attribute of the cryptocurrency transaction request.
The computer-implemented method of claim 1, wherein determining the first set of the authentication factor servers is based on an attribute of the cryptocurrency transaction request or the accountholder profile.
A computer-implemented method of operating a cryptocurrency network interface server in a hot wallet service system, comprising:
receiving approval messages of a cryptocurrency transaction independently from multiple authentication servers that independently verify a requester is authorized to initiate the cryptocurrency transaction, the approval messages having separate and different cryptographic signatures generated at the multiple authentication servers based on different private keys stored respectively therein;

verifying the cryptographic signatures utilizing public keys corresponding to the private keys;

determining that a number of the cryptographic signatures received for the cryptocurrency transaction meets a sufficiency threshold;

signing a transaction broadcast message with one or more cryptocurrency private keys corresponding to one or more public cryptocurrency addresses that fund the cryptocurrency transaction when the number of the cryptographic signatures meets the sufficiency threshold and when the cryptographic signatures are verified; and

providing the transaction broadcast message to a cryptocurrency network to propagate the cryptocurrency transaction.
The computer-implemented method of claim 15, wherein the one or more public cryptocurrency addresses are selected from a shared pool of cryptocurrency addresses available to multiple accountholders in the hot wallet service system.
The computer-implemented method of claim 15, wherein the one or more public cryptocurrency addresses are selected from a private pool of cryptocurrency addresses associated with a specific hot wallet account that initiated the cryptocurrency transaction.
A hot wallet computer system comprising:
a manager server configured to receive a cryptocurrency transaction request identifying at least a hot wallet accountholder identifier and to determine a first set of authentication factor servers to authenticate the cryptocurrency transaction request;

the authentication factor servers, each configured to independently authenticate the cryptocurrency transaction request by verifying a requester of the cryptocurrency transaction request against an accountholder profile associated with the hot wallet accountholder identifier;

wherein the authentication factor servers are configured to approve, independently from each other, the cryptocurrency transaction request by cryptographically signing approval messages to send to an aggregation server using respective private authentication keys stored respectively in the authentication factor servers when the requester is verified; and

the aggregation server configured to aggregate cryptographic signatures of the cryptocurrency transaction request from the authentication factor servers to publish the cryptocurrency transaction request into a cryptocurrency network.
The hot wallet computer system of claim 18, further comprising:
a front-end server configured to interface with a requestor user device and to initiate the cryptocurrency transaction request based on interactions with the requestor device.
The hot wallet computer system of claim 18, wherein the aggregation server is further configured to:
verify the cryptographic signatures utilizing public keys corresponding to the private authentication keys respectively used by the authentication factor servers to generate the cryptographic signatures;

determine that a number of the cryptographic signatures meets a sufficiency threshold;

sign a transaction broadcast message with one or more cryptocurrency private keys corresponding to one or more public cryptocurrency addresses that fund the cryptocurrency transaction request when the number of the cryptographic signatures meets the sufficiency threshold and when the cryptographic signatures are verified; and

provide the transaction broadcast message to one or more computing nodes of the cryptocurrency network to propagate the cryptocurrency transaction request.