Nothing Special   »   [go: up one dir, main page]

WO2019237126A1 - Blockchain overwatch - Google Patents

Blockchain overwatch Download PDF

Info

Publication number
WO2019237126A1
WO2019237126A1 PCT/US2019/036419 US2019036419W WO2019237126A1 WO 2019237126 A1 WO2019237126 A1 WO 2019237126A1 US 2019036419 W US2019036419 W US 2019036419W WO 2019237126 A1 WO2019237126 A1 WO 2019237126A1
Authority
WO
WIPO (PCT)
Prior art keywords
proxy
transaction
blockchain
overwatch
transactions
Prior art date
Application number
PCT/US2019/036419
Other languages
French (fr)
Inventor
Jordan Simons
Steve Ernst
Original Assignee
Gcp Ip Holdings I, Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gcp Ip Holdings I, Llc filed Critical Gcp Ip Holdings I, Llc
Priority to EP19815526.9A priority Critical patent/EP3803740A4/en
Priority to CN201980051784.1A priority patent/CN113015989A/en
Publication of WO2019237126A1 publication Critical patent/WO2019237126A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • G06F16/2379Updates performed during online database operations; commit processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/04Inference or reasoning models
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • G06Q20/0658Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash e-cash managed locally
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/389Keeping log of transactions for guaranteeing non-repudiation of a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q2220/00Business processing using cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations

Definitions

  • Various embodiments of the present technology generally relate to blockchain privacy and security. More specifically, the embodiments of the present technology relate to a blockchain overwatch system that provides secure communications, ensures privacy, and actively monitors transactions to identify various security threats.
  • Blockchains allow a network of users to make a distributed ledger of data and share the data among the other users or nodes in the network.
  • the blockchain ledger is maintained by a multitude of independent nodes spread across a large distributed network.
  • Each of these blocks typically includes a cryptographic hash of the previous block, a timestamp, and the transaction data.
  • any data added into the blockchain requires a consensus (e.g., a majority) of nodes to agree to the addition. This distribution of control to modify from the blockchain creates a trusted immutable ledger recording transactions or data.
  • Public blockchains have no restrictions and anyone with a connection to the network may be able to review entries within the blockchain or request new transactions or data be added.
  • Other types of blockchains include private and hybrid (e.g., a combination of public and private) configurations.
  • each node typically has access to the transactions recorded making privacy and anonymity difficult to ensure.
  • the security of the data becomes important as additional information is stored within each block. As such, there are a number of challenges and inefficiencies created in traditional blockchain systems.
  • a method can include receiving, at a proxy, a transaction from a first endpoint within multiple endpoints associated with the proxy.
  • the transaction can include transaction data with a request to add the transaction to a distributed ledger system.
  • the transaction data may also include personally identifiable information.
  • the method can mask the personally identifiable information using a private key.
  • a block producer can be randomly selected to verify the transaction.
  • the transaction can be routed to the randomly selected block producer for validation.
  • Embodiments of the present technology also include computer-readable storage media containing sets of instructions to cause one or more processors to perform the methods, variations of the methods, and other operations described herein.
  • FIG. 1 illustrates an example of an environment in which some embodiments of the present technology may be utilized.
  • Fig. 2 illustrates an example of proxy server assigned to a proxy group and a local overwatch agent for threat assessment.
  • Fig. 3 is a flowchart illustrating an example of a set of operations for operating a proxy server in accordance with some embodiments of the present technology.
  • Fig. 4 illustrates an example of a set of components within an overwatch agent according to one or more embodiments of the present technology.
  • Fig. 5 is a sequence diagram illustrating an example of the data flow between various components of a secured system according to various embodiments of the present technology.
  • Fig. 6 illustrates an example of a multi-signature token transfer between anonymous users in accordance with some embodiments of the present technology.
  • Fig. 7 is a flowchart illustrating an example of a set of operations for using a consensus algorithm that takes into account policy ratings when determining whether to add content to the blockchain in accordance with one or more embodiments of the present technology.
  • Fig. 8 is a flowchart illustrating an example of a set of operations for determining whether to add content to the blockchain in accordance with one or more embodiments of the present technology.
  • Fig. 9 illustrates an example of the various layers of a blockchain system that may be used in accordance with various embodiments of the present technology.
  • Fig. 10 illustrates an example of various decentralized applications that may be used in some embodiments of the present technology.
  • Fig. 1 1 is an example of a computer systemization that may be used in various embodiments of the present technology.
  • Various embodiments of the present technology generally relate to blockchain privacy and security. More specifically, the embodiments of the present technology relate to a blockchain overwatch system that provides secure communications, ensures privacy, and actively monitors transactions to identify various security threats.
  • the current blockchain ecosystems e.g., blockchain 1 .0 and 2.0
  • the current blockchain ecosystems lack real privacy and overall security.
  • many of the original cryptocurrency systems using blockchains were centralized in a manner that presented a variety of security and scalability issues.
  • the next generation of blockchain ecosystems used a distributed architecture that created the use of delegates (e.g., block providers) to act on these actions and help geographically distribute them, allowing the transactions to move closer to the endpoint of the user. This structure has opened up security issues.
  • delegates e.g., block providers
  • various embodiments of the present technology provide for a distributed overwatch system that allows transactions with government-grade privacy and security.
  • This level of security and privacy can be achieved by a combination of distributed trusted proxies, to which anonymous users connect with the overwatch of a variety of network security engines.
  • the structured ecosystem provides mechanism for the blockchain to be monitored by an overwatch capability combining big data analytics, intelligent learning, and comprehensive vulnerability assessment to ensure any risks introduced by vulnerabilities are effectively mitigated.
  • the system may include multiple proxy servers geographically distributed around the world. Each proxy can be associated with local network security engines to probe and analyze network traffic. Each proxy can mask sensitive data (e.g., personally identifiable information) within the transaction before it is stored.
  • Various embodiments can interface with most blockchain or distributed ledger technologies (e.g., Bitcoin, Ethereum, etc.) that support multi-signature transactions and/or smart contracts.
  • various embodiments of the present technology provide for a wide range of technical effects, advantages, and/or improvements to computing systems and components within blockchain or distributed ledger systems.
  • various embodiments include one or more of the following technical effects, advantages, and/or improvements: 1 ) intelligent tapping of network traffic and its meta-data; 2) integration of machine learning to analyze tapped network traffic to identify threat vectors and/or traffic outliers; 3) automatic updating of threat analysis rules using unsupervised learning; 4) use of proxy servers to mask the personally identifying information (e.g., by encryption and masking); 5) randomization of communications between system components (e.g., proxy servers and block producers) to create a more secure communication structure (e.g., by deterring man-in-the-middle attack); 6) use of unconventional and non-routine computer operations to establish a secure communication channel between parties of a (potential) transaction which can be automatically analyzed (e.g., using machine learning) to ensure compliance with governmental regulations, terms of use, or other restrictions; 7) use of
  • embodiments of the present technology may be practiced without some of these specific details.
  • the techniques introduced here can be embodied as special-purpose hardware (e.g., circuitry), as programmable circuitry appropriately programmed with software and/or firmware, or as a combination of special-purpose and programmable circuitry.
  • embodiments may include a machine-readable medium having stored thereon instructions which may be used to program a computer (or other electronic devices) to perform a process.
  • the machine-readable medium may include, but is not limited to, floppy diskettes, optical disks, compact disc read-only memories (CD-ROMs), magneto-optical disks, ROMs, random access memories (RAMs), erasable programmable read-only memories (EPROMs), electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, flash memory, or other type of media/machine-readable medium suitable for storing electronic instructions.
  • Fig. 1 illustrates an example of an environment 100 in which some embodiments of the present technology may be utilized.
  • environment 100 may include one or more electronic devices 1 10A-1 10N (such as a mobile phone, tablet computer, laptop, computer, mobile media device, vehicle- based computer, wearable computing device, etc.), anonymous network 120, blockchain network 130, proxy servers 140A-140N, and block producers 150A-150N.
  • a distributed overwatch system can be used to support blockchain transactions with government-grade privacy and security. This level of security and privacy can be achieved by a combination of distributed trusted proxies 140A-140N, to which anonymous users or endpoints 1 10A-1 10N connect.
  • distributed trusted proxies 140A-140N to which anonymous users or endpoints 1 10A-1 10N connect.
  • the structured ecosystem provides mechanism for the blockchain to be monitored by an overwatch capability combining big data analytics, intelligent learning, and comprehensive vulnerability assessment to ensure any risks introduced by vulnerabilities are effectively mitigated.
  • electronic devices 1 10A-1 10N can include network communication components that enable the mobile devices to communicate with proxy servers 140A-140N by transmitting and receiving wireless signals using licensed, semi-licensed, or unlicensed spectrum over communications network 120.
  • anonymous networks 120 and/or blockchain networks 130 may be comprised of multiple networks, even multiple heterogeneous networks, such as one or more border networks, voice networks, broadband networks, service provider networks, Internet Service Provider (ISP) networks, and/or Public Switched Telephone Networks (PSTNs) interconnected via gateways operable to facilitate communications between and among the various networks.
  • ISP Internet Service Provider
  • PSTNs Public Switched Telephone Networks
  • Anonymous networks 120 and/or blockchain networks 130 can also include third-party communications networks such as a Global System for Mobile (GSM) mobile communications network, a code/time division multiple access (CDMA/TDMA) mobile communications network, a 3 rd , 4 th , or 5th generation (3G/4G/5G) mobile communications network (e.g., General Packet Radio Service (GPRS/EGPRS)), Enhanced Data rates for GSM Evolution (EDGE), Universal Mobile Telecommunications System (UMTS), Long Term Evolution (LTE) network), or other communications network.
  • GSM Global System for Mobile
  • CDMA/TDMA code/time division multiple access
  • 3G/4G/5G 5th generation
  • 3G/4G/5G 5th generation
  • GPRS/EGPRS General Packet Radio Service
  • EDGE Enhanced Data rates for GSM Evolution
  • UMTS Universal Mobile Telecommunications System
  • LTE Long Term Evolution
  • the multiple proxy servers 140A-140N may be geographically distributed around the world. Each proxy server 140A-140N can be associated with local network security engines (not shown in Fig. 1 ) to probe and analyze network traffic. These security engines may be integrated into proxy servers 140A-140N or be physically separated from proxy servers 140A-140N. Each proxy server 140A- 140N can mask sensitive data (e.g., personally identifiable information) within the transaction before the transaction is recorded on the blockchain.
  • sensitive data e.g., personally identifiable information
  • Each node proxy server 140A-140N can serve the role of a gateway, masking any number of anonymous clients while appearing as a normal user on the blockchain network.
  • the proxy’s users can be hidden in an anonymous network and receive copies of blockchain traffic destined to the user’s associated ledger identity. In accordance with various embodiments, this can be done via an internal anonymous messaging system.
  • the internal messaging system can allow a user to securely and anonymously interact with the blockchain, as well as other users within their own proxy group, or within other proxy groups.
  • the messaging system can be based on proven high-security messaging technology providing Off-The-Record (OTR) privacy and anonymity.
  • OTR Off-the- Record Messaging
  • OTR is an example of a cryptographic protocol that provides encryption for instant messaging conversations that may be used in some embodiments.
  • OTR can provide deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life or“off the record” in journalism sourcing.
  • the distribution of normal messages can be facilitated by the blockchain or distributed by the proxies (“off-chain”). Off-chain messages must still be copied to all of the proxy’s local clients to maintain anonymity. Since the messages do not reveal source and destination information, and since these are only accessed off-the-wire, it is not possible to determine who received what from whom.
  • Messages sent from a proxy client to the proxy itself may also be distributed to the rest of the proxy members.
  • This broadcast distribution makes it infeasible to determine whether they are proxy instructions or just messages to other clients in the proxy’s anonymous network.
  • Each message can include a sub-message marker, which can only be decrypted by the intended recipient, used to determine the intended recipient.
  • the marker may also contain the necessary public keys required to decrypt the main message.
  • the anonymous users test each message copied to them by the proxy to determine whether the message is destined for them.
  • a single Elliptic Curve Diffie-Hellman (ECDH) computation may be sufficient to make such a determination. Thereafter, the source user public key can be extracted, and the rest of the message decrypted.
  • ECDH Elliptic Curve Diffie-Hellman
  • the illustrated ecosystem can also support regular users (e.g., normal user using electronic device 1 1 ON) who are more concerned about content security and performance, rather than complete anonymity. These users can operate just like normal EOSIO users but will have the benefit of strong cryptography and a more secure infrastructure.
  • regular users e.g., normal user using electronic device 1 1 ON
  • These users can operate just like normal EOSIO users but will have the benefit of strong cryptography and a more secure infrastructure.
  • users may initially communicate their public keys to each other via any out-of-band channel. Later on, this may include a blockchain database where public keys can be looked-up using an index. The index would have to be communicated out-of-band, but users that know each other will already have an out-of-band communications system.
  • Commercial web servers that subscribe to an anonymous payment system may advertise their public key on their website (which can change from time-to-time). Only the sender needs to know the destination public key, as the recipient will learn the sender’s public key from the decrypted message.
  • parties can securely exchange new public keys as often as they like using the anonymous messaging system. Since various embodiments do not impose a centralized Public Key Infrastructure (PKI), users may be required to confirm their public keys by out-of-band means, or by including something in the message that is recognizable by the recipient as past shared knowledge.
  • PKI Public Key Infrastructure
  • Fig. 2 illustrates an example of proxy server 210 assigned to a proxy group 220 and a local overwatch agent 230 for threat assessment.
  • the overwatch system 230 may be configured to assess both the blockchain transaction and the end-user point-of-interaction with the blockchain. This may be beneficial because the vast majority of cyber-attacks on blockchain systems are aimed at“Blockchain Touch Points.” This is to say the point at which an object outside of the blockchain core interacts with the blockchain and vice versa.
  • the overwatch monitoring system can provide relevant IT security standards and regulatory standards are‘engineered in’ to enable the overall network to measure its global security posture in near real-time through active assessments as opposed to passive log collection and correlation. This is a first for distributed ledger technology - the ability to remediate vulnerabilities and weaknesses within hours of them being detected. As a result, the blockchain system is secured in a way that is extremely unlikely to be compromised, even by a malicious state actor.
  • Some embodiments can assess the network without intermission. Any weaknesses that are detected will be escalated and tunneled into a priority remediation queue. Once the weakness is remediated, the component in question will undergo validation. Upon receiving confirmation from the validation module, the overwatch agent can adjust the risk posture/score of the network accordingly. The process, from assessment to remediation, will generally not take more than 24 hours for critical security concerns. This level of solution-ingrained security and continued assessments, linked to remedial teams, coupled with a 30-60% advantage as it relates to threat identification, will make blockchains secured by the overwatch ecosystem the most security conscious blockchain.
  • the overwatch agent can run out of band relative to the blockchain. This can be accomplished by creating a tap (e.g., an inline tap, a passive tap, etc.) on proxy 210 to gain access to the network traffic.
  • a tap e.g., an inline tap, a passive tap, etc.
  • downtime of the overwatch agent 230 has no effect on the normal operation of the blockchain and the physical deployment is distributed between a number of geographic locations based on capacity requirements and provides fail over between nodes if one instance goes offline.
  • this information together with the total result set from the assessment will be fed into a predictive analysis engine across multiple elements (e.g., 1000+ elements) to baseline, detect, and predict advanced threats.
  • some embodiments of the overwatch agent 230 may provide continuous feedback and recommendations on newly detected network anomalies and threat vectors.
  • Some embodiments may deploy machine learning agents like the aforementioned distributed meta-miners to constantly assess, mitigate, respond, neutralize, and optimize the ecosystem.
  • Machine learning technology may be built into the overwatch agent 230 and assist in refining the quality of governance.
  • One objective is to enable secure and private transactions while continually detecting and blocking the activities of bad actors on the ecosystem.
  • the combination of advanced threat detection with machine learning has key advantages: 1 ) aggressive threat detection within the blockchain infrastructure; 2) analysis of traffic at line-speed; 3) continuous learning via post-data analysis; 4) seamless integration with the communications technology to become network aware; and/or 5) non-human game theory and capability that creates an autonomous consensus model inside the machine learning agents and system itself.
  • Probes or minors can be used in various embodiments to tap the network traffic.
  • the probes or minors can sit at strategic locations in infrastructure. For example, 10 Gb/sec tapping rates may be realized using different technologies (e.g., Napa Tech Cards).
  • a software package may be used as a deep package inspector.
  • the overwatch agent can analyze the traffic (e.g., packages and payloads of the data).
  • Some embodiments use a rule engine that can set locations and rules across minors. For example, a rule may be set such that any suspicious activity moving from engineering endpoint to an accounting endpoint creates an action (e.g., analyzed deeper, generates a flag, etc.).
  • Some embodiments may use concentrators to generate an aggregated report, or send alerts, and/or other activity from the miners.
  • the analysis can be performed locally on the miners and that analysis can then be aggregated remotely. Those that were aggregators are sent to the concentrators, which then process the necessary analytics, like alerts and rules, and push rules back to the miners.
  • certain patterns or data transactions can be identified and machine learning can be applied to that flow.
  • the overwatch agent 230 may identify baselines of the network and then monitor for outliers or anomalies which, in view of the rules, can be used to understand and identify threat vectors. As such, the overwatch agent 230 will become smarter and more effective at identifying threats as time goes on. Some embodiments may use supervised learning.
  • the overwatch agent 230 may also receive metadata from the block producers.
  • the metadata could include various data from layer 3, 4 and layer 7 such as IP address, MAC address, application data, etc. This additional data could be used by the overwatch agent to improve graphs of transactions, geolocation, and time series analysis.
  • Fig. 3 is a flowchart illustrating a set of operations 300 for processing a transaction in accordance with some embodiments of the present technology.
  • the operations illustrated in Fig. 3 can be performed by electronic devices 1 10A-1 10N, proxy servers 140A-140N, block producers, and/or one or more components (e.g., processor(s)), engines, and/or modules.
  • electronic devices can transmit messages with transaction or communication data to one or more proxies during transmission operation 310.
  • the devices may randomly select a fixed number (e.g., ten) of proxies.
  • the devices may send the messages to a fixed set of proxies (which could be changed intermittently, periodically, or on some schedule).
  • each proxy will determine whether the message was intended for that proxy during determination operation 320. This could be done, for example, by associating groups of devices with each proxy. When a proxy determines that the device was not in the proxy group, then determination operation 320 can branch to disregard operation 330 where the message is ignored or discarded. When a proxy determines that the device was in the proxy group, then determination operation 320 can branch to anonymize operation 340 where information within the transaction can be anonymized.
  • Anonymization operation 340 can mask or hide some parts of information within the transaction data or communication.
  • the proxy server may mask some parts of that component.
  • the blockchain or distributed ledger will not get a name or social security number, for example, but there will be a place where that information is held and secured.
  • Some embodiments may encrypt portions of the data on the ledger that parties do not want people to be able to be accessed easily, and a key can be stored in the proxy as a key vault. There may also be public keys to start the authentication and private keys that will never see the light of day and need to be protected because those keys unlock the encrypted data on the blockchain.
  • Selection operation 350 can randomly select a block producer to send the transaction to for validation. Once the block producer is identified, routing operation 360 can route the masked transaction to the block producer for validation using validation operation 370 to determine whether the transaction can be added to the blockchain or ledger.
  • validation operation 370 may use a consensus model to validate the transaction (e.g., checking whether the end points are valid, the information coming in is valid, required number of parties, required number of contracts, etc.).
  • Fig. 4 illustrates a set of components within an overwatch agent according to one or more embodiments of the present technology.
  • overwatch agent 400 may include an ingestion interface, a monitoring system, a machine learning system, and an alert system. While not illustrated in Fig. 4, additional components may be present. Examples of these components include, but are not limited to, memory (e.g., volatile memory and/or nonvolatile memory), processor(s) for executing processing instructions, and operating systems, data storage components (e.g., hard drive, flash memory, memory card, etc.), input and/or output interfaces, and/or the like.
  • memory e.g., volatile memory and/or nonvolatile memory
  • processor(s) for executing processing instructions
  • data storage components e.g., hard drive, flash memory, memory card, etc.
  • input and/or output interfaces e.g., hard drive, flash memory, memory card, etc.
  • Network traffic can be routed through ingestion interface 405 and consumed by components of the monitoring system (e.g., real-time detection module 410 and/or off-line detection module 415). Over time, machine learning system can create baseline models of the network traffic which can be used to classify various threats. As illustrated in Fig. 4, pre-processing and parsing engine 425 can parse the traffic into a desired format. Training engine 430 can use training data to identify a classification model which can be tested or validated using testing engine 440. Then, prediction engine 450 can be used to classify traffic (e.g., a threat or as safe). The network model can be stored in model data database 455 and any identified threat vectors can be stored in database 460. The alert system can include communication interface 465 to transmit any recommendations generated by recommendation engine 470.
  • pre-processing and parsing engine 425 can parse the traffic into a desired format. Training engine 430 can use training data to identify a classification model which can be tested or validated using testing engine 440. Then, prediction
  • Fig. 5 is a sequence diagram illustrating an example of the data flow between various components of a secured system according to various embodiments of the present technology.
  • party device 510 can submit a transaction request.
  • the transaction request can be routed to proxy 520 and transaction data can be tapped and ingested by machine learning engine 530 and threat assessment engine 540.
  • the transaction data can be analyzed by machine learning engine 530, and any outliers or threat vectors can be identified. If these outliers or threat vectors are new, machine learning engine 530 can submit new rules to threat assessment engine 540.
  • Machine learning engine 530 may also receive network metadata (e.g., from layers 3 and 4). This additional information can be used in some embodiments to help identify outliers and new threat vectors.
  • Threat assessment engine 540 can be analyzing the transaction data to identify any new threats. As threats are identified, a threat report can be submitted to producers and proxy 520. If the threat assessment engine 540 reports that no threats are present, then proxy 520 can submit the masked data to producers 550 where an entry can be added to the ledger upon a consensus by multiple producers. A confirmation can be sent back to proxy 520 and party device 510.
  • Fig. 6 illustrates an example of a multi-signature token transfer between anonymous users in accordance with one or more embodiments of the present technology.
  • payments can be made using the blockchain’s transaction format or using contracts/tokens. Since the blockchain expects identifiable endpoints for payments, the proxy gateway can be used as the visible payment identity while representing the users on its anonymous network. Payments can be signed by the proxy identity and its registered anonymous client (Multisig). Using the second signature, the anonymous users can direct the proxy to make payments on their behalf. This prevents the proxy from spending the funds on its own. When transfers are made, the transfers can be made to a second contract with conditions set by the initial contract owner. Thus, the second contract can only be fulfilled with those conditions, and the conditions are sent to the target recipient via the anonymous messaging system.
  • Multisig registered anonymous client
  • the anonymous users can direct the proxy to include other signatories to the transaction.
  • the other signatories may consist of proxies and/or other anonymous users.
  • the transactions can be configured to assign weightings to signatories as well as logical AND/OR functionality. This decentralizes the proxies and allows users to fulfill their contracts via more than one proxy.
  • the token representation in Fig. 6 is notional and is only used to explain the anonymous payment method that may be used in some embodiments.
  • owner of token A (Fig. 6)
  • she wishes to make a payment
  • she generates a one time public/private key pair and stores the public key in a new token (token E).
  • Alice will send the private key, or information on how to derive the private key, immediately or later, to the token E beneficiary (Bob) in a secure anonymous message.
  • Alice includes, in token E, Bob’s proxy’s public key, a hash of token A (including a reference to token A), and other token details such as the coin amount, contract conditions, and possibly an encrypted message for Bob.
  • Alice signs token E using the one-time private key that was sent anonymously to her by her previous benefactor.
  • the new token E information can now be sent to Alice’s proxy in a secure, anonymous message.
  • Alice’s proxy will then generate a hash of token A (referenced in the new token E) and verify that it matches the hash Alice included in token E.
  • Alice’s proxy then verifies Alice’s signature using the one-time public key from token A, and checks that token A’s amount matches the amount in token E. If the signature and token amount are verified, Alice’s proxy signs the new token E and forwards it to the block producer for inclusion in the ledger.
  • Double-spend checking can be done at the block producer level.
  • the one-time private key may or may not be known to the payer.
  • the transaction can only be reversed before the intended beneficiary transfers the amount into another contract.
  • the one- time public and private keys can be generated normally, where both keys are known to the generating party, or they can be generated using stealth techniques, whereby the destination private key cannot be determined by Alice.
  • Alice has the option of reversing the payment and it can only be fully owned by Bob through a second self-payment.
  • a stealth computation is added in the secure message sent to the beneficiary.
  • the stealth computation allows Bob to compute the private key (unknown to Alice).
  • Some embodiments may allow the option of the beneficiary providing the“spend” public key.
  • Fig. 7 is a flowchart 700 illustrating an example set of operations for using a consensus algorithm that takes into account policy ratings when determining whether to add content to the blockchain in accordance with one or more embodiments of the present technology.
  • receiving operation 705 receives a request to add content to the blockchain.
  • selection operation 710 determines (e.g., based on a random selection) whether this request will be reviewed for policy violations.
  • Determination operation 715 determines whether the request was selected. When determination operation 715 determines the request was not selected, determination operation 715 branches to addition operation 720 where the content is added once a consensus has been reached.
  • determination operation 715 determines the request was selected, determination operation 715 branches to review operation 725 where the content is reviewed for poly violations.
  • Generation operation 730 can take the results from review operation 725 and generate a score indicative of compliance of the content with policies in place. The score can be submitted with the content to the content producers during submission operation 735.
  • Consensus operation 740 can apply a consensus algorithm with a policy score modification to determine whether the content should be added. For example, if the policy score is indicative of a compliance with the policies (e.g., a score that is below or above a threshold amount or percentage), then consensus operation 740 operates as normal whereas a policy score is indicative of a violation would cause the consensus algorithm to automatically fail. Determination operation 745 identifies the consensus results.
  • determination operation 745 determines that the content should be added, then determination operation 745 branches to addition operation 750 where the content is added. When determination operation 745 determines that the content should be denied, then determination operation 745 branches to refusal operation 755 where the addition of the content to the blockchain is rejected.
  • Fig. 8 is a flowchart illustrating an example of a set of operations 800 for determining whether to add content to the blockchain in accordance with one or more embodiments of the present technology.
  • generation operation 810 uses an artificial intelligence engine to generate a policy score for randomly selected content before the content is added to the block chain.
  • the artificial intelligence engine in some embodiments, may use multiple specialized engines (e.g., that can run in parallel) to classify and/or score the content.
  • the artificial intelligence engine may include a copyright engine to identify copyrighted content (e.g., pictures), a misappropriations engine to identify information that may steal personal information (e.g., phone numbers, credit card numbers, social security numbers, etc.) for large groups of people, child pornography engine to identify indecent photographs of children, and the like.
  • a copyright engine to identify copyrighted content (e.g., pictures)
  • a misappropriations engine to identify information that may steal personal information (e.g., phone numbers, credit card numbers, social security numbers, etc.) for large groups of people
  • child pornography engine to identify indecent photographs of children, and the like.
  • Each of these multiple specialized engines maybe weighted and combined to generate an overall score (e.g., between 0 and 100).
  • Determination operation 820 determines whether the overall score is within a range indicating a violation, compliance, or a need for further review. When determination operation 820 determines the content is in violation, determination operation 820 branches to refusal operation 830 which acts as an override of the consensus algorithm and denies addition of the content to the blockchain. When determination operation 820 determines the content is in compliance, determination operation 820 branches to addition operation 840 where the content is added upon consensus from the consensus algorithm. When determination operation 820 determines that further review is needed, determination operation 820 branches to submission operation 850 where the content is submitted for additional review (e.g., by additional machine learning engines, classifiers, or human review). Violation determination operation 860 reviews the results from submission operation 850 and determines whether the content is in violation, in which case violation determination operation 860 branches to refusal operation 830, or whether the content is acceptable, in which case violation determination operation 860 branches to addition operation 840.
  • refusal operation 830 acts as an override of the consensus algorithm and denies addition of the content to the blockchain.
  • Fig. 9 illustrates an example of the various layers of a blockchain system 900 that may be used in accordance with various embodiments of the present technology.
  • the system may include one or more overwatch agents 910, a layer of decentralized applications 920, a blockchain protocol layer 930, a layer of producers 940, a layer of proxies 950, and a layer of devices 960.
  • Various embodiments of blockchain system 900 may include military grade encryption for secure transactions and cryptographic anonymity.
  • Overwatch agents 910 can provide continuous security assessments against all cyber attacks in the ecosystem. Some embodiments may use big data analytics to monitor anonymity and anomaly detection. Some embodiments of the big data capability allow the system to search for actionable intelligence in peta-bytes of data put into counter mode. Continuous assessment of all blockchain data, plus additional sources to ensure blockchain data, remains uncorrelated.
  • overwatch agents 910 will continuously assess the entire network for vulnerabilities. For example, every IP address can be assessed against 155,000 threat vectors continuously. This compares best in class commercial assessment of 90,000 threat vectors typically done once a year (US DoD Standard). Some embodiments can provide a variety of standard compliances (e.g., HIPAA, FINRA, DISA, PCI-DSS, etc.).
  • the system may issue a set of coins (e.g., GuardianCoins) which can be utility tokens that are the path to accessing resources on the public blockchain.
  • resources include, but are not limited to, bandwidth, RAM, CPU, and storage.
  • dApp developers will "stake" their tokens and are granted access to resources (e.g., bandwidth, CPU and Storage) based on the amount of tokens staked.
  • RAM may be separate from all other resources because it is precious and could be gamed/speculated on. As such, dApp developers may be required to purchase RAM based on the rate the GuardianCoin Network software sets it at from an internal RAM market. The rate may be based on what the current supply of RAM is.
  • Some embodiments may include a Protocol Service Pack as a Private Blockchain (Guardian Protocol) for customers to run within their own environments.
  • a Protocol Service Pack as a Private Blockchain (Guardian Protocol) for customers to run within their own environments.
  • Bandwidth, RAM, CPU, and Storage are provided by the customer and do not incur staking or purchasing using the tokens in the traditional way of a dApp.
  • Use of dApps and the Private Blockchain are enabled through staking tokens which will cover software licensing and maintenance. This may be as an annual subscription or a perpetual licensing model.
  • all messages received by the Messaging Server are copied to all anonymous users. Users can find their messages by cryptographically testing all received messages. As a result, monitoring the Anonymous network cannot determine the intended message recipients. Sending private messages can be monitored but the recipients cannot be determined.
  • the messaging server can exist as part of the Proxy, but can also exist separately. In the latter case, the sender IP addresses can be hidden from the Proxy.
  • the Anonymous network can be extended in layers using Anonymous Proxy Servers, in which one layer hides recipients and a second layer could also hide senders. This is not the same as P2P or Onion network since it thwarts traffic analysis. Sender IP’s can also be hidden in some embodiments by separating the messaging service from the proxy. In this case, the proxy receives its user instructions as a messaging client.
  • Fig. 10 illustrates an example of various decentralized applications that may be used in some embodiments of the present technology.
  • the system may include a variety of dApps such as, but not limited to, wallet dApp 1005, criminal record dApp 1010, land registry dApp 1015, classified document dApp 1020, identity management dApp 1025, supply chain dApp 1030, USD linked dApp 1035, secure communications dApp 1040, and/or other dApps.
  • the system may include proxies 1045 and block producers 1050.
  • Various embodiments of the ecosystem provide a wallet dApp 1005 that can be a hub for each account holder to send and receive payments of tokens, attachments, messages, and the like while ensuring that users remain anonymous and the data encrypted and secure.
  • Some embodiments of the wallet 1005 can have a decentralized, yet non-distributed, audit capability to ensure that the blockchain for messaging is used appropriately. Any image or message that is to be uploaded to the blockchain can be first analyzed locally on the account holders’ device in some embodiments. If that image or message is deemed inappropriate by the software, the wallet may not upload that content and advise the account holder of the same.
  • This localized gatekeeper functionality may not at any time send messages or images for any centralized review, and this will be capable of being validated easily by a user capturing their own data traffic.
  • the analysis may utilize machine learning algorithms, that have been taught centrally, deployed locally, and contained locally on remote devices, which can structure unstructured data for local analysis to reach a determination of appropriateness.
  • machine learning algorithms that have been taught centrally, deployed locally, and contained locally on remote devices, which can structure unstructured data for local analysis to reach a determination of appropriateness.
  • various embodiments can defeat the problems of content that are universally deemed to be inappropriate and that have plagued Bitcoin.
  • Embodiments may also be able to mitigate the“death squad” issues that would come with total anarchy. It should be expected that this vetting capability will not be fool-proof and there is a chance some legitimate content will be blocked and vice versa.
  • criminal record dApp 1010 can link to governmental criminal records and may provide access to authorized personnel.
  • Various embodiments of criminal record dApp 1010 would allow law agencies to access certain criminal records between agencies ensuring the records have not been tampered (e.g., immutable records).
  • dApp 1010 may allow the overwatch agent (or other component) to recognize bad characters within the blockchain (e.g., cross-reference known criminals). As such, those who may be attempting to tamper or hack the system causing certain damage to the blockchain or specific records can be more easily identified.
  • land registry dApp 1015 can link to property records and create a portal for accessing these records.
  • land registry dApp 1015 is geared towards facilities management in either the public or private sectors. As such, the records in the blockchain would again ensure the records or specific attributes are not changed, or if they are, they have a record (paper trail) of such updates to the record.
  • Classified document dApp 1020 may contain a smart contract with restrictive access (security clearance) capability that could be created for access to data files.
  • a smart contract for a classified government document might allow access only if two keys are presented at the same time: the user's key and an NSA system key. Even if a future data hack occurs, the hacker would not be able to view the stolen documents without the keys from intended parties. It is estimated that with the world’s computing power it would take nearly 40 years to brute-force decode a single message and each message is uniquely keyed.
  • Identity management dApp 1025 can allow companies, governmental agencies, and other entities to create, distribute, and even link a variety of identifiers to a single user.
  • some embodiments of the present technology can utilize blockchain to provide radical efficiencies in identity management, enabling government to create a single collection of identity and authentication documents that can be used across departments. From issuing passports and national ID cards to national health insurance/social security numbers and tax payer IDs, establishing and verifying identity is critical to both Governments and their citizens.
  • a blockchain can provide radical efficiencies in these areas, enabling government to create a single collection of identity and authentication document that can be used across departments.
  • Supply chain dApp 1030 can allow a user to identify an object’s precise location within the supply chain, and its accompanying digitized documentation can be made part of a traceable permanent record. This can reduce uncertainty and increase ability to plan for infrastructure needs, even with lean budgets.
  • USD linked dApp 1035 can provide a secure record of currency fluctuations.
  • dApp 1035 may be useful in the area of monetary policy.
  • the fluctuations of a currency e.g., USD
  • the blockchain would capture each fluctuation in the currency based on some type of internal or external trigger. The capture of such currency changes, and the capture is timestamped at a very high level of accuracy— milliseconds or even nanosecond resolution, may ensure certain currency manipulation is not occurring.
  • the dApp can be be used to peg one currency to another regardless of the currencies (e.g., USD, digital, etc). Time resolution may also be used to allow the currencies to be pegged given their values at a specific time.
  • the smart contract within the dApp can include detailed logic that represents payer/provider contract terms, and as soon as the claim is submitted it could be processed in real-time and payment transmitted to the provider.
  • various embodiments of the blockchain ecosystem could: 1 ) introduce overall efficiency and transparency into this heavily siloed industry by enabling governmental agencies, insurance companies, hospitals, doctors, clinics, and patients to use a common blockchain; 2) allow health providers to share networks without compromising data privacy, security, or integrity; and/or 3) manage the lifecycle of patient records via blockchain.
  • PCI-DSS Payment Card Industries Data Security Standards
  • blockchain may help facilitate transparency from a technological perspective, financial organizations will seek to keep proprietary transactional and position information anonymous and private, for competitive reasons. Additionally, Network Security is a critical consideration for a blockchain network, particularly given the distributed nature of the network and the potential participation from entities across the globe. This is a major challenge for blockchain networks. [0091] Market participants are likely to require assurances that the network is protected from external threats before joining, given that they may be providing private information and engaging in financial transactions within the network. As with HIPAA for Healthcare, various embodiments ensure the blockchain is PCI-DSS and FINRA compliant.
  • Land and property registry Land and other government registries are essential to ensure smooth property transactions, establish liability, validate tax records, and verify ownership in legal cases. Inefficiencies in government processes in this area, due the fact the registry processes are paper-based and siloed, leads to repetitive and error-prone data which is vulnerable to tampering.
  • the use of a standardized system based on blockchain can not only increase efficiencies and a reduction in time to process, but also reduce the number of intermediaries require and increase trust in public trust in identities of transacting parties in centralized, publicly held records. However, such information must remain private between the owner of a property, for instance, and the government, in much the same way as a citizen would not expect their tax filings to be made public by the tax authorities. Applying privacy and anonymity to blockchain transactions will enable this and allow the capture the entirety of the real estate or any other title transaction.
  • a secure blockchain could solve two important issues in social security payments. First, there is the physical payment by the government and for the recipient the collection of that social security payment; for example, in South Africa the government will send armored vehicles to townships to hand out social security payments in cash. However, nearly all such recipients have smartphones and payments could be distributed using this platform. Secondly, the blockchain could provide an unchangeable historical record of every social security transaction. This can be secure for the recipient but allow the government, with the appropriate permissions, to create a powerful audit tool. Many governments are investigating the use of blockchain for such applications, but few have been able to address the privacy and security implications that arise.
  • Information to be shared between social security recipients and the government can be highly sensitive (e.g. medical records, case notes, personal identification documents). Building privacy and anonymity into the blockchain technology can provide for a secure means for protecting the information stored within the distributed network and determining how and when it is used and/or shared with an immutable audit of when that data was accessed and by whom.
  • Various embodiments can provide a fully decentralized system with no central switch or stack. As opposed to securing a centralized switch in, for example, a Top-Secret environment, this fully decentralized system could offer not only better security (particularly for nations with lower grade infrastructure), but also a reduction in risk that the system could go down, or suffer hacking attempts and denial of service attacks. Its centralized system would be decentralized across potentially hundreds of proxy servers in the ecosystem of the present technology.
  • ACCOUNTS PAYABLE Much of the work performed by accounts payable teams stems from having inconsistent data between the supplier and the buyer.
  • a blockchain provides a single version of the truth for both the supplier and buyer. Reduced risks, on-time payments and improved working capital. With shared access to one consistent version of the truth, account reconciliation and inquiries could become obsolete. Therefore, cycle times could also be expedited from days to minutes, enabling buyers o offer earlier payment programs to their suppliers and help ensure that payments are managed according to the payment terms.
  • Blockchain solutions can remedy that with a shared, permissioned record of ownership, location and movement of parts and goods. That shared record can increase efficiency, transparency and trust for any business. Disparate record keeping and reporting systems can lead to scattered, incomplete and unreliable manifests, bills of lading, certifications, etc. In addition, supply chain intelligence is knowing more than where goods are at any given moment. To find the source of flawed parts or component failures, being able to trace the origin and provenance of previously shipped goods is critical. With blockchain-stored records, all relevant information can be simultaneously and securely available to sender, receiver, shipper and regulators and these records reflect a product’s geographic flow and how it was treated. With a blockchain you can examine sources, investigate industry certifications, track restricted or dangerous components, discover storage condition anomalies and more.
  • overwatch ecosystem of the disclosure has been described in the general context of various steps and operations.
  • a variety of these steps and operations may be performed by hardware components or may be embodied in computer-executable instructions, which may be used to cause a general-purpose or special-purpose processor (e.g., in a computer, server, or other computing device) programmed with the instructions to perform the steps or operations.
  • a general-purpose or special-purpose processor e.g., in a computer, server, or other computing device
  • the steps or operations may be performed by a combination of hardware, software, and/or firmware.
  • Fig. 1 1 is a block diagram illustrating an example machine representing the computer systemization of various components of the overwatch ecosystem.
  • the component 1 100 may be in communication with entities including one or more users 1 125 client/terminal devices 1 120 (e.g., devices 1 10A-1 10N), user input devices 1 105, peripheral devices 1 1 10, an optional co-processor device(s) (e.g., cryptographic processor devices) 1 1 15, and networks 1 130 (e.g., 120 and 130 in Fig. 1 ). Users may engage with the component 1 100 via terminal devices 1 120 over networks 1 130.
  • client/terminal devices 1 120 e.g., devices 1 10A-1 10N
  • user input devices 1 105 e.g., peripheral devices 1 1 10
  • peripheral devices 1 1 10 e.g., an optional co-processor device(s) (e.g., cryptographic processor devices) 1 1 15, and networks 1 130 (e.g., 120 and 130 in Fig. 1 ).
  • networks 1 130 e.g., 120
  • Computers may employ central processing unit (CPU) or processor to process information.
  • processors may include programmable general-purpose or special-purpose microprocessors, programmable controllers, application-specific integrated circuits (ASICs), programmable logic devices (PLDs), embedded components, combination of such devices and the like.
  • ASICs application-specific integrated circuits
  • PLDs programmable logic devices
  • Processors execute program components in response to user and/or system-generated requests.
  • One or more of these components may be implemented in software, hardware or both hardware and software.
  • Processors pass instructions (e.g., operational and data instructions) to enable various operations.
  • the component 1 100 may include clock 1 165, CPU 1 170, memory such as read only memory (ROM) 1 185 and random access memory (RAM) 1 180 and co processor 1 175 among others. These subcomponents may be connected to a system bus 1 160, and through the system bus 1 160 to an interface bus 1 135. Further, user input devices 1 105, peripheral devices 1 1 10, co-processor devices 1 1 15, and the like, may be connected through the interface bus 1 135 to the system bus 1 160.
  • the interface bus 1 135 may be connected to a number of interface adapters such as processor interface 1 140, input output interfaces (I/O) 1 145, network interfaces 1 150, storage interfaces 1 155, and the like.
  • Processor interface 1 140 may facilitate communication between co processor devices 1 1 15 and co-processor 1 175. In one implementation, processor interface 1 140 may expedite encryption and decryption of requests or data.
  • I/O Input output interfaces
  • I/O Input output interfaces
  • I/O Input output interfaces
  • Network interfaces 1 150 may be in communication with the network 1 130.
  • Network interfaces 1 150 may use various wired and wireless connection protocols such as, direct connect, Ethernet, wireless connection such as IEEE 802.1 1 a-x, and the like.
  • Examples of network 1 130 include the Internet, Local Area Network (LAN), Metropolitan Area Network (MAN), a Wide Area Network (WAN), wireless network (e.g., using Wireless Application Protocol WAP), a secured custom connection, and the like.
  • the network interfaces 1 150 can include a firewall which can, in some aspects, govern and/or manage permission to access/proxy data in a computer network, and track varying levels of trust between different machines and/or applications.
  • the firewall can be any number of modules having any combination of hardware and/or software components able to enforce a predetermined set of access rights between a particular set of machines and applications, machines and machines, and/or applications and applications, for example, to regulate the flow of traffic and resource sharing between these varying entities.
  • the firewall may additionally manage and/or have access to an access control list which details permissions including, for example, the access and operation rights of an object by an individual, a machine, and/or an application, and the circumstances under which the permission rights stand.
  • Other network security functions performed or included in the functions of the firewall can be, for example, but are not limited to, intrusion- prevention, intrusion detection, next-generation firewall, personal firewall, etc., without deviating from the novel art of this disclosure.
  • Storage interfaces 1 155 may be in communication with a number of storage devices such as, storage devices 1 190, removable disc devices, and the like.
  • the storage interfaces 1 155 may use various connection protocols such as Serial Advanced Technology Attachment (SATA), IEEE 1394, Ethernet, Universal Serial Bus (USB), and the like.
  • SATA Serial Advanced Technology Attachment
  • IEEE 1394 IEEE 1394
  • Ethernet Ethernet
  • USB Universal Serial Bus
  • User input devices 1 105 and peripheral devices 1 1 10 may be connected to I/O interface 1 145 and potentially other interfaces, buses and/or components.
  • User input devices 1 105 may include card readers, finger print readers, joysticks, keyboards, microphones, mouse, remote controls, retina readers, touch screens, sensors, and/or the like.
  • Peripheral devices 1 1 10 may include antenna, audio devices (e.g., microphone, speakers, etc.), cameras, external processors, communication devices, radio frequency identifiers (RFIDs), scanners, printers, storage devices, transceivers, and/or the like.
  • Co-processor devices 1 1 15 may be connected to the component 1 100 through interface bus 1 135, and may include microcontrollers, processors, interfaces or other devices.
  • Computer executable instructions and data may be stored in memory (e.g., registers, cache memory, random access memory, flash, etc.) which is accessible by processors. These stored instruction codes (e.g., programs) may engage the processor components, motherboard and/or other system components to perform desired operations.
  • the component 1 100 may employ various forms of memory including on-chip CPU memory (e.g., registers), RAM 1 180, ROM 1 185, and storage devices 1 190.
  • Storage devices 1 190 may employ any number of tangible, non- transitory storage devices or systems such as fixed or removable magnetic disk drive, an optical drive, solid state memory devices and other processor-readable storage media.
  • Computer-executable instructions stored in the memory may include one or more program modules such as routines, programs, objects, components, data structures, and so on that perform particular tasks or implement particular abstract data types.
  • the memory may contain operating system (OS) component 1 195, modules and other components, database tables, and the like. These modules/components may be stored and accessed from the storage devices, including from external storage devices accessible through an interface bus.
  • OS operating system
  • the database components can store programs executed by the processor to process the stored data.
  • the database components may be implemented in the form of a database that is relational, scalable and secure. Examples of such database include DB2, MySQL, Oracle, Sybase, and the like.
  • the database may be implemented using various standard data-structures, such as an array, hash, list, stack, structured text file (e.g., XML), table, and/or the like. Such data-structures may be stored in memory and/or in structured files.
  • the component 1 100 may be implemented in distributed computing environments, where tasks or modules are performed by remote processing devices, which are linked through a communications network, such as a Local Area Network ("LAN”), Wide Area Network ("WAN”), the Internet, and the like.
  • LAN Local Area Network
  • WAN Wide Area Network
  • program modules or subroutines may be located in both local and remote memory storage devices.
  • Distributed computing may be employed to load balance and/or aggregate resources for processing.
  • aspects of the component 1 100 may be distributed electronically over the Internet or over other networks (including wireless networks).
  • portions of the overwatch ecosystem may reside on a server computer, while corresponding portions reside on a client computer. Data structures and transmission of data particular to aspects of the component 1 100 are also encompassed within the scope of the disclosure.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • Software Systems (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Mathematical Physics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Various embodiments of the present technology provide a distributed overwatch system that allows transactions with government-grade privacy and security. The security and privacy can be achieved by a combination of distributed trusted proxies, to which anonymous users connect with the overwatch of a variety of network security engines. The structured ecosystem provides mechanism for the blockchain to be monitored by an overwatch capability combining big data analytics, intelligent learning, and comprehensive vulnerability assessment to ensure any risks introduced by vulnerabilities are effectively mitigated. The system may include multiple proxy servers geographically distributed around the world. Each proxy can be associated with local network security engines to probe and analyze network traffic. Each proxy can mask sensitive data (e.g., personally identifiable information) within the transaction before it is stored. Various embodiments can interface with most blockchain or distributed ledger technologies that support multi-signature transactions and/or smart contracts.

Description

BLOCKCHAIN OVERWATCH
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application claims priority to U.S. Provisional Application Serial No. 62/682,533 filed June 8, 2018, which is incorporated herein by reference in its entirety for all purposes.
TECHNICAL FIELD
[0002] Various embodiments of the present technology generally relate to blockchain privacy and security. More specifically, the embodiments of the present technology relate to a blockchain overwatch system that provides secure communications, ensures privacy, and actively monitors transactions to identify various security threats.
BACKGROUND
[0003] Blockchains allow a network of users to make a distributed ledger of data and share the data among the other users or nodes in the network. Unlike traditional database structures, the blockchain ledger is maintained by a multitude of independent nodes spread across a large distributed network. When a transaction is recorded into a block within the blockchain, it is very difficult, if not impossible, to change or remove that data since the data is stored in more than one node in the distributed network. Each of these blocks typically includes a cryptographic hash of the previous block, a timestamp, and the transaction data. Moreover, any data added into the blockchain requires a consensus (e.g., a majority) of nodes to agree to the addition. This distribution of control to modify from the blockchain creates a trusted immutable ledger recording transactions or data.
[0004] Public blockchains have no restrictions and anyone with a connection to the network may be able to review entries within the blockchain or request new transactions or data be added. Other types of blockchains include private and hybrid (e.g., a combination of public and private) configurations. However, each node typically has access to the transactions recorded making privacy and anonymity difficult to ensure. In addition, the security of the data becomes important as additional information is stored within each block. As such, there are a number of challenges and inefficiencies created in traditional blockchain systems. SUMMARY
[0005] Various embodiments of the present technology generally relate to blockchain privacy and security. More specifically, the embodiments of the present technology relate to a blockchain overwatch system that provides secure communications, ensures privacy, and actively monitors transactions to identify various security threats. In some embodiments, a method can include receiving, at a proxy, a transaction from a first endpoint within multiple endpoints associated with the proxy. The transaction can include transaction data with a request to add the transaction to a distributed ledger system. The transaction data may also include personally identifiable information. The method can mask the personally identifiable information using a private key. A block producer can be randomly selected to verify the transaction. The transaction can be routed to the randomly selected block producer for validation.
[0006] Embodiments of the present technology also include computer-readable storage media containing sets of instructions to cause one or more processors to perform the methods, variations of the methods, and other operations described herein.
[0007] While multiple embodiments are disclosed, still other embodiments of the present technology will become apparent to those skilled in the art from the following detailed description, which shows and describes illustrative embodiments of the technology. As will be realized, the technology is capable of modifications in various aspects, all without departing from the scope of the present technology. Accordingly, the drawings and detailed description are to be regarded as illustrative in nature and not restrictive.
BRIEF DESCRIPTION OF THE DRAWINGS
[0008] Embodiments of the present technology will be described and explained through the use of the accompanying drawings.
[0009] Fig. 1 illustrates an example of an environment in which some embodiments of the present technology may be utilized.
[0010] Fig. 2 illustrates an example of proxy server assigned to a proxy group and a local overwatch agent for threat assessment. [0011] Fig. 3 is a flowchart illustrating an example of a set of operations for operating a proxy server in accordance with some embodiments of the present technology.
[0012] Fig. 4 illustrates an example of a set of components within an overwatch agent according to one or more embodiments of the present technology.
[0013] Fig. 5 is a sequence diagram illustrating an example of the data flow between various components of a secured system according to various embodiments of the present technology.
[0014] Fig. 6 illustrates an example of a multi-signature token transfer between anonymous users in accordance with some embodiments of the present technology.
[0015] Fig. 7 is a flowchart illustrating an example of a set of operations for using a consensus algorithm that takes into account policy ratings when determining whether to add content to the blockchain in accordance with one or more embodiments of the present technology.
[0016] Fig. 8 is a flowchart illustrating an example of a set of operations for determining whether to add content to the blockchain in accordance with one or more embodiments of the present technology.
[0017] Fig. 9 illustrates an example of the various layers of a blockchain system that may be used in accordance with various embodiments of the present technology.
[0018] Fig. 10 illustrates an example of various decentralized applications that may be used in some embodiments of the present technology.
[0019] Fig. 1 1 is an example of a computer systemization that may be used in various embodiments of the present technology.
[0020] The drawings have not necessarily been drawn to scale. Similarly, some components and/or operations may be separated into different blocks or combined into a single block for the purposes of discussion of some of the embodiments of the present technology. Moreover, while the technology is amenable to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and are described in detail below. The intention, however, is not to limit the technology to the particular embodiments described. On the contrary, the technology is intended to cover all modifications, equivalents, and alternatives falling within the scope of the technology as defined by the appended claims.
DETAILED DESCRIPTION
[0021] Various embodiments of the present technology generally relate to blockchain privacy and security. More specifically, the embodiments of the present technology relate to a blockchain overwatch system that provides secure communications, ensures privacy, and actively monitors transactions to identify various security threats. The current blockchain ecosystems (e.g., blockchain 1 .0 and 2.0) lack real privacy and overall security. Moreover, many of the original cryptocurrency systems using blockchains were centralized in a manner that presented a variety of security and scalability issues. The next generation of blockchain ecosystems used a distributed architecture that created the use of delegates (e.g., block providers) to act on these actions and help geographically distribute them, allowing the transactions to move closer to the endpoint of the user. This structure has opened up security issues. In addition, current blockchain technology provides for complete transparency of every transaction, as the ledger has every bit of transaction information stored thereon.
[0022] In contrast, various embodiments of the present technology provide for a distributed overwatch system that allows transactions with government-grade privacy and security. This level of security and privacy can be achieved by a combination of distributed trusted proxies, to which anonymous users connect with the overwatch of a variety of network security engines. The structured ecosystem provides mechanism for the blockchain to be monitored by an overwatch capability combining big data analytics, intelligent learning, and comprehensive vulnerability assessment to ensure any risks introduced by vulnerabilities are effectively mitigated. The system may include multiple proxy servers geographically distributed around the world. Each proxy can be associated with local network security engines to probe and analyze network traffic. Each proxy can mask sensitive data (e.g., personally identifiable information) within the transaction before it is stored. Various embodiments can interface with most blockchain or distributed ledger technologies (e.g., Bitcoin, Ethereum, etc.) that support multi-signature transactions and/or smart contracts.
[0023] Various embodiments of the present technology provide for a wide range of technical effects, advantages, and/or improvements to computing systems and components within blockchain or distributed ledger systems. For example, various embodiments include one or more of the following technical effects, advantages, and/or improvements: 1 ) intelligent tapping of network traffic and its meta-data; 2) integration of machine learning to analyze tapped network traffic to identify threat vectors and/or traffic outliers; 3) automatic updating of threat analysis rules using unsupervised learning; 4) use of proxy servers to mask the personally identifying information (e.g., by encryption and masking); 5) randomization of communications between system components (e.g., proxy servers and block producers) to create a more secure communication structure (e.g., by deterring man-in-the-middle attack); 6) use of unconventional and non-routine computer operations to establish a secure communication channel between parties of a (potential) transaction which can be automatically analyzed (e.g., using machine learning) to ensure compliance with governmental regulations, terms of use, or other restrictions; 7) use of unconventional and non-routine computer operations to provide a distributed learning system that can efficiently analyze tapped data without requiring all the data be sent to a centralized location; 8) changing the manner in which transactions and communications are processed between client devices and blockchain ledgers; 9) integration of a robust security and privacy paradigm into any existing blockchain system; 10) aggressive threat detection within the blockchain infrastructure; 1 1 ) analysis of traffic at line-speed; 12) continuous learning via post-data analysis; 13) seamless integration with the communications technology to become network aware; 14) use of non-human game theory and capability that creates an autonomous consensus model inside the machine learning agents and system itself; 15) inclusion of blockchain transactional data; and/or 16) colorations between tapped network meta-data and the blockchain transactional data.
[0024] In the following description, for the purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of embodiments of the present technology. It will be apparent, however, to one skilled in the art that embodiments of the present technology may be practiced without some of these specific details. The techniques introduced here can be embodied as special-purpose hardware (e.g., circuitry), as programmable circuitry appropriately programmed with software and/or firmware, or as a combination of special-purpose and programmable circuitry. Hence, embodiments may include a machine-readable medium having stored thereon instructions which may be used to program a computer (or other electronic devices) to perform a process. The machine-readable medium may include, but is not limited to, floppy diskettes, optical disks, compact disc read-only memories (CD-ROMs), magneto-optical disks, ROMs, random access memories (RAMs), erasable programmable read-only memories (EPROMs), electrically erasable programmable read-only memories (EEPROMs), magnetic or optical cards, flash memory, or other type of media/machine-readable medium suitable for storing electronic instructions.
[0025] The phrases "in some embodiments," "according to some embodiments," "in the embodiments shown," "in other embodiments," and the like generally mean the particular feature, structure, or characteristic following the phrase is included in at least one implementation of the present technology and may be included in more than one implementation. In addition, such phrases do not necessarily refer to the same embodiments or different embodiments.
[0026] Fig. 1 illustrates an example of an environment 100 in which some embodiments of the present technology may be utilized. As illustrated in Fig. 1 , environment 100 may include one or more electronic devices 1 10A-1 10N (such as a mobile phone, tablet computer, laptop, computer, mobile media device, vehicle- based computer, wearable computing device, etc.), anonymous network 120, blockchain network 130, proxy servers 140A-140N, and block producers 150A-150N. As illustrated in Fig. 1 , a distributed overwatch system can be used to support blockchain transactions with government-grade privacy and security. This level of security and privacy can be achieved by a combination of distributed trusted proxies 140A-140N, to which anonymous users or endpoints 1 10A-1 10N connect. As shown in more detail in Fig. 2, the structured ecosystem provides mechanism for the blockchain to be monitored by an overwatch capability combining big data analytics, intelligent learning, and comprehensive vulnerability assessment to ensure any risks introduced by vulnerabilities are effectively mitigated. [0027] In addition, electronic devices 1 10A-1 10N can include network communication components that enable the mobile devices to communicate with proxy servers 140A-140N by transmitting and receiving wireless signals using licensed, semi-licensed, or unlicensed spectrum over communications network 120. In some cases, anonymous networks 120 and/or blockchain networks 130 may be comprised of multiple networks, even multiple heterogeneous networks, such as one or more border networks, voice networks, broadband networks, service provider networks, Internet Service Provider (ISP) networks, and/or Public Switched Telephone Networks (PSTNs) interconnected via gateways operable to facilitate communications between and among the various networks. Anonymous networks 120 and/or blockchain networks 130 can also include third-party communications networks such as a Global System for Mobile (GSM) mobile communications network, a code/time division multiple access (CDMA/TDMA) mobile communications network, a 3rd, 4th, or 5th generation (3G/4G/5G) mobile communications network (e.g., General Packet Radio Service (GPRS/EGPRS)), Enhanced Data rates for GSM Evolution (EDGE), Universal Mobile Telecommunications System (UMTS), Long Term Evolution (LTE) network), or other communications network.
[0028] The multiple proxy servers 140A-140N may be geographically distributed around the world. Each proxy server 140A-140N can be associated with local network security engines (not shown in Fig. 1 ) to probe and analyze network traffic. These security engines may be integrated into proxy servers 140A-140N or be physically separated from proxy servers 140A-140N. Each proxy server 140A- 140N can mask sensitive data (e.g., personally identifiable information) within the transaction before the transaction is recorded on the blockchain.
[0029] Each node proxy server 140A-140N can serve the role of a gateway, masking any number of anonymous clients while appearing as a normal user on the blockchain network. The proxy’s users can be hidden in an anonymous network and receive copies of blockchain traffic destined to the user’s associated ledger identity. In accordance with various embodiments, this can be done via an internal anonymous messaging system. The internal messaging system can allow a user to securely and anonymously interact with the blockchain, as well as other users within their own proxy group, or within other proxy groups. The messaging system can be based on proven high-security messaging technology providing Off-The-Record (OTR) privacy and anonymity. Off-the- Record Messaging (OTR) is an example of a cryptographic protocol that provides encryption for instant messaging conversations that may be used in some embodiments.
[0030] In addition to authentication and encryption, OTR can provide deniable authentication for the conversation participants while keeping conversations confidential, like a private conversation in real life or“off the record” in journalism sourcing. The distribution of normal messages (e.g., not payments) can be facilitated by the blockchain or distributed by the proxies (“off-chain”). Off-chain messages must still be copied to all of the proxy’s local clients to maintain anonymity. Since the messages do not reveal source and destination information, and since these are only accessed off-the-wire, it is not possible to determine who received what from whom.
[0031] Messages sent from a proxy client to the proxy itself (e.g., payment instructions) may also be distributed to the rest of the proxy members. This broadcast distribution makes it infeasible to determine whether they are proxy instructions or just messages to other clients in the proxy’s anonymous network. Each message can include a sub-message marker, which can only be decrypted by the intended recipient, used to determine the intended recipient. The marker may also contain the necessary public keys required to decrypt the main message. As such, in some embodiments, the anonymous users test each message copied to them by the proxy to determine whether the message is destined for them. A single Elliptic Curve Diffie-Hellman (ECDH) computation may be sufficient to make such a determination. Thereafter, the source user public key can be extracted, and the rest of the message decrypted.
[0032] Unlike other anonymous blockchains, users within an anonymous group do not have to process the messages and transactions of all other proxy groups (i.e., the system is scalable). Scalability is achieved through the use of multiple proxies (e.g., no limit). Each proxy and associated user only have to deal with messages related to their group. Other anonymous blockchain architectures rely on users keeping track of all transactions and some require heavier computations. Some embodiments may use multiple proxies with varying numbers of users. Proxies with large user groups will be more suitable for low traffic applications and general payments, while other smaller groups will be more suitable for higher traffic applications.
[0033] As illustrated in Fig. 1 , the illustrated ecosystem can also support regular users (e.g., normal user using electronic device 1 1 ON) who are more worried about content security and performance, rather than complete anonymity. These users can operate just like normal EOSIO users but will have the benefit of strong cryptography and a more secure infrastructure.
[0034] In some embodiments, users may initially communicate their public keys to each other via any out-of-band channel. Later on, this may include a blockchain database where public keys can be looked-up using an index. The index would have to be communicated out-of-band, but users that know each other will already have an out-of-band communications system. Commercial web servers that subscribe to an anonymous payment system may advertise their public key on their website (which can change from time-to-time). Only the sender needs to know the destination public key, as the recipient will learn the sender’s public key from the decrypted message. Hereafter, parties can securely exchange new public keys as often as they like using the anonymous messaging system. Since various embodiments do not impose a centralized Public Key Infrastructure (PKI), users may be required to confirm their public keys by out-of-band means, or by including something in the message that is recognizable by the recipient as past shared knowledge.
[0035] In any electronic communication system, you need to provide some form of personal identifier out-of-band. The advantage of the personal identifier being a public key is that users are getting the information more directly, rather than using a Unique Identifier (UID) to look it up. The issue of establishing initial trust is an intractable problem in all secure communication systems. Some embodiments may rely on more complicated techniques for securing the process. A useful method of confirming information out-of-band is to convey the information on a secure voice call.
[0036] Fig. 2 illustrates an example of proxy server 210 assigned to a proxy group 220 and a local overwatch agent 230 for threat assessment. The overwatch system 230 may be configured to assess both the blockchain transaction and the end-user point-of-interaction with the blockchain. This may be beneficial because the vast majority of cyber-attacks on blockchain systems are aimed at“Blockchain Touch Points.” This is to say the point at which an object outside of the blockchain core interacts with the blockchain and vice versa.
[0037] The overwatch monitoring system can provide relevant IT security standards and regulatory standards are‘engineered in’ to enable the overall network to measure its global security posture in near real-time through active assessments as opposed to passive log collection and correlation. This is a first for distributed ledger technology - the ability to remediate vulnerabilities and weaknesses within hours of them being detected. As a result, the blockchain system is secured in a way that is extremely unlikely to be compromised, even by a malicious state actor.
[0038] Some embodiments can assess the network without intermission. Any weaknesses that are detected will be escalated and tunneled into a priority remediation queue. Once the weakness is remediated, the component in question will undergo validation. Upon receiving confirmation from the validation module, the overwatch agent can adjust the risk posture/score of the network accordingly. The process, from assessment to remediation, will generally not take more than 24 hours for critical security concerns. This level of solution-ingrained security and continued assessments, linked to remedial teams, coupled with a 30-60% advantage as it relates to threat identification, will make blockchains secured by the overwatch ecosystem the most security conscious blockchain.
[0039] In accordance with some embodiments, the overwatch agent can run out of band relative to the blockchain. This can be accomplished by creating a tap (e.g., an inline tap, a passive tap, etc.) on proxy 210 to gain access to the network traffic. As a result, downtime of the overwatch agent 230 has no effect on the normal operation of the blockchain and the physical deployment is distributed between a number of geographic locations based on capacity requirements and provides fail over between nodes if one instance goes offline.
[0040] In addition, this information together with the total result set from the assessment will be fed into a predictive analysis engine across multiple elements (e.g., 1000+ elements) to baseline, detect, and predict advanced threats. Further, some embodiments of the overwatch agent 230 may provide continuous feedback and recommendations on newly detected network anomalies and threat vectors. Some embodiments may deploy machine learning agents like the aforementioned distributed meta-miners to constantly assess, mitigate, respond, neutralize, and optimize the ecosystem. Machine learning technology may be built into the overwatch agent 230 and assist in refining the quality of governance. One objective is to enable secure and private transactions while continually detecting and blocking the activities of bad actors on the ecosystem.
[0041] The combination of advanced threat detection with machine learning has key advantages: 1 ) aggressive threat detection within the blockchain infrastructure; 2) analysis of traffic at line-speed; 3) continuous learning via post-data analysis; 4) seamless integration with the communications technology to become network aware; and/or 5) non-human game theory and capability that creates an autonomous consensus model inside the machine learning agents and system itself.
[0042] Probes or minors can be used in various embodiments to tap the network traffic. The probes or minors can sit at strategic locations in infrastructure. For example, 10 Gb/sec tapping rates may be realized using different technologies (e.g., Napa Tech Cards). A software package may be used as a deep package inspector. The overwatch agent can analyze the traffic (e.g., packages and payloads of the data). Some embodiments use a rule engine that can set locations and rules across minors. For example, a rule may be set such that any suspicious activity moving from engineering endpoint to an accounting endpoint creates an action (e.g., analyzed deeper, generates a flag, etc.).
[0043] Some embodiments may use concentrators to generate an aggregated report, or send alerts, and/or other activity from the miners. In some embodiments, the analysis can be performed locally on the miners and that analysis can then be aggregated remotely. Those that were aggregators are sent to the concentrators, which then process the necessary analytics, like alerts and rules, and push rules back to the miners. To apply the rules to the data of the miners, certain patterns or data transactions can be identified and machine learning can be applied to that flow.
[0044] The overwatch agent 230 may identify baselines of the network and then monitor for outliers or anomalies which, in view of the rules, can be used to understand and identify threat vectors. As such, the overwatch agent 230 will become smarter and more effective at identifying threats as time goes on. Some embodiments may use supervised learning.
[0045] In some embodiments, the overwatch agent 230 may also receive metadata from the block producers. For example, the metadata could include various data from layer 3, 4 and layer 7 such as IP address, MAC address, application data, etc. This additional data could be used by the overwatch agent to improve graphs of transactions, geolocation, and time series analysis.
[0046] Fig. 3 is a flowchart illustrating a set of operations 300 for processing a transaction in accordance with some embodiments of the present technology. The operations illustrated in Fig. 3 can be performed by electronic devices 1 10A-1 10N, proxy servers 140A-140N, block producers, and/or one or more components (e.g., processor(s)), engines, and/or modules. As illustrated in Fig. 3, electronic devices can transmit messages with transaction or communication data to one or more proxies during transmission operation 310. In some embodiments, the devices may randomly select a fixed number (e.g., ten) of proxies. In other embodiments, the devices may send the messages to a fixed set of proxies (which could be changed intermittently, periodically, or on some schedule).
[0047] As the messages are received at each proxy, each proxy will determine whether the message was intended for that proxy during determination operation 320. This could be done, for example, by associating groups of devices with each proxy. When a proxy determines that the device was not in the proxy group, then determination operation 320 can branch to disregard operation 330 where the message is ignored or discarded. When a proxy determines that the device was in the proxy group, then determination operation 320 can branch to anonymize operation 340 where information within the transaction can be anonymized.
[0048] Anonymization operation 340 can mask or hide some parts of information within the transaction data or communication. For example, the proxy server may mask some parts of that component. As a result, the blockchain or distributed ledger will not get a name or social security number, for example, but there will be a place where that information is held and secured. Some embodiments may encrypt portions of the data on the ledger that parties do not want people to be able to be accessed easily, and a key can be stored in the proxy as a key vault. There may also be public keys to start the authentication and private keys that will never see the light of day and need to be protected because those keys unlock the encrypted data on the blockchain.
[0049] Selection operation 350 can randomly select a block producer to send the transaction to for validation. Once the block producer is identified, routing operation 360 can route the masked transaction to the block producer for validation using validation operation 370 to determine whether the transaction can be added to the blockchain or ledger. In some embodiments, validation operation 370 may use a consensus model to validate the transaction (e.g., checking whether the end points are valid, the information coming in is valid, required number of parties, required number of contracts, etc.).
[0050] By transmitting the message from the device to multiple proxies and randomly selecting which block producer a transaction gets routed to, interception of traffic becomes more difficult because there is no pattern from one transaction to the next. Moreover, from the perspective of a third party looking in, the third party should not be able to figure out traffic between the proxy, client, and block because the communications are random.
[0051] Fig. 4 illustrates a set of components within an overwatch agent according to one or more embodiments of the present technology. As shown in Fig. 4, overwatch agent 400 may include an ingestion interface, a monitoring system, a machine learning system, and an alert system. While not illustrated in Fig. 4, additional components may be present. Examples of these components include, but are not limited to, memory (e.g., volatile memory and/or nonvolatile memory), processor(s) for executing processing instructions, and operating systems, data storage components (e.g., hard drive, flash memory, memory card, etc.), input and/or output interfaces, and/or the like.
[0052] Network traffic can be routed through ingestion interface 405 and consumed by components of the monitoring system (e.g., real-time detection module 410 and/or off-line detection module 415). Over time, machine learning system can create baseline models of the network traffic which can be used to classify various threats. As illustrated in Fig. 4, pre-processing and parsing engine 425 can parse the traffic into a desired format. Training engine 430 can use training data to identify a classification model which can be tested or validated using testing engine 440. Then, prediction engine 450 can be used to classify traffic (e.g., a threat or as safe). The network model can be stored in model data database 455 and any identified threat vectors can be stored in database 460. The alert system can include communication interface 465 to transmit any recommendations generated by recommendation engine 470.
[0053] Fig. 5 is a sequence diagram illustrating an example of the data flow between various components of a secured system according to various embodiments of the present technology. In the embodiments illustrated in Fig. 5, party device 510 can submit a transaction request. The transaction request can be routed to proxy 520 and transaction data can be tapped and ingested by machine learning engine 530 and threat assessment engine 540. The transaction data can be analyzed by machine learning engine 530, and any outliers or threat vectors can be identified. If these outliers or threat vectors are new, machine learning engine 530 can submit new rules to threat assessment engine 540. Machine learning engine 530 may also receive network metadata (e.g., from layers 3 and 4). This additional information can be used in some embodiments to help identify outliers and new threat vectors.
[0054] Threat assessment engine 540 can be analyzing the transaction data to identify any new threats. As threats are identified, a threat report can be submitted to producers and proxy 520. If the threat assessment engine 540 reports that no threats are present, then proxy 520 can submit the masked data to producers 550 where an entry can be added to the ledger upon a consensus by multiple producers. A confirmation can be sent back to proxy 520 and party device 510.
[0055] Fig. 6 illustrates an example of a multi-signature token transfer between anonymous users in accordance with one or more embodiments of the present technology. In accordance with various embodiments, payments can be made using the blockchain’s transaction format or using contracts/tokens. Since the blockchain expects identifiable endpoints for payments, the proxy gateway can be used as the visible payment identity while representing the users on its anonymous network. Payments can be signed by the proxy identity and its registered anonymous client (Multisig). Using the second signature, the anonymous users can direct the proxy to make payments on their behalf. This prevents the proxy from spending the funds on its own. When transfers are made, the transfers can be made to a second contract with conditions set by the initial contract owner. Thus, the second contract can only be fulfilled with those conditions, and the conditions are sent to the target recipient via the anonymous messaging system.
[0056] In addition, the anonymous users can direct the proxy to include other signatories to the transaction. The other signatories may consist of proxies and/or other anonymous users. In some embodiments, the transactions can be configured to assign weightings to signatories as well as logical AND/OR functionality. This decentralizes the proxies and allows users to fulfill their contracts via more than one proxy.
[0057] The token representation in Fig. 6 is notional and is only used to explain the anonymous payment method that may be used in some embodiments. When Alice, owner of token A (Fig. 6), wishes to make a payment, she generates a one time public/private key pair and stores the public key in a new token (token E).
[0058] Alice will send the private key, or information on how to derive the private key, immediately or later, to the token E beneficiary (Bob) in a secure anonymous message. Alice includes, in token E, Bob’s proxy’s public key, a hash of token A (including a reference to token A), and other token details such as the coin amount, contract conditions, and possibly an encrypted message for Bob. Alice signs token E using the one-time private key that was sent anonymously to her by her previous benefactor. The new token E information can now be sent to Alice’s proxy in a secure, anonymous message.
[0059] Alice’s proxy will then generate a hash of token A (referenced in the new token E) and verify that it matches the hash Alice included in token E. Alice’s proxy then verifies Alice’s signature using the one-time public key from token A, and checks that token A’s amount matches the amount in token E. If the signature and token amount are verified, Alice’s proxy signs the new token E and forwards it to the block producer for inclusion in the ledger.
[0060] Double-spend checking can be done at the block producer level. As mentioned above, the one-time private key may or may not be known to the payer. In the case where it is known to the payer, the transaction can only be reversed before the intended beneficiary transfers the amount into another contract. The one- time public and private keys can be generated normally, where both keys are known to the generating party, or they can be generated using stealth techniques, whereby the destination private key cannot be determined by Alice. In the former case, Alice has the option of reversing the payment and it can only be fully owned by Bob through a second self-payment. In the latter case, instead of a private key, a stealth computation is added in the secure message sent to the beneficiary. The stealth computation allows Bob to compute the private key (unknown to Alice). Some embodiments may allow the option of the beneficiary providing the“spend” public key.
[0061] If the transaction involves the exchange of electronic goods, then it is possible to construct an atomic transaction, whereby a time delay is imposed and both parties to the transaction have to provide a signature before the goods are released. This can also be done in an anonymous manner since the transaction would require both users to apply their anonymous, one-time key. In a variation of the example illustrated in Fig. 6, the previous owner’s signature would just have to be applied within the same time delay.
[0062] Fig. 7 is a flowchart 700 illustrating an example set of operations for using a consensus algorithm that takes into account policy ratings when determining whether to add content to the blockchain in accordance with one or more embodiments of the present technology. As illustrated in Fig. 7, receiving operation 705 receives a request to add content to the blockchain. Before the content is added to the block chain, selection operation 710 determines (e.g., based on a random selection) whether this request will be reviewed for policy violations. Determination operation 715 determines whether the request was selected. When determination operation 715 determines the request was not selected, determination operation 715 branches to addition operation 720 where the content is added once a consensus has been reached.
[0063] When determination operation 715 determines the request was selected, determination operation 715 branches to review operation 725 where the content is reviewed for poly violations. Generation operation 730 can take the results from review operation 725 and generate a score indicative of compliance of the content with policies in place. The score can be submitted with the content to the content producers during submission operation 735. Consensus operation 740 can apply a consensus algorithm with a policy score modification to determine whether the content should be added. For example, if the policy score is indicative of a compliance with the policies (e.g., a score that is below or above a threshold amount or percentage), then consensus operation 740 operates as normal whereas a policy score is indicative of a violation would cause the consensus algorithm to automatically fail. Determination operation 745 identifies the consensus results. When determination operation 745 determines that the content should be added, then determination operation 745 branches to addition operation 750 where the content is added. When determination operation 745 determines that the content should be denied, then determination operation 745 branches to refusal operation 755 where the addition of the content to the blockchain is rejected.
[0064] Fig. 8 is a flowchart illustrating an example of a set of operations 800 for determining whether to add content to the blockchain in accordance with one or more embodiments of the present technology. In the embodiments illustrated in Fig. 8, generation operation 810 uses an artificial intelligence engine to generate a policy score for randomly selected content before the content is added to the block chain. The artificial intelligence engine, in some embodiments, may use multiple specialized engines (e.g., that can run in parallel) to classify and/or score the content. For example, the artificial intelligence engine may include a copyright engine to identify copyrighted content (e.g., pictures), a misappropriations engine to identify information that may steal personal information (e.g., phone numbers, credit card numbers, social security numbers, etc.) for large groups of people, child pornography engine to identify indecent photographs of children, and the like. Each of these multiple specialized engines maybe weighted and combined to generate an overall score (e.g., between 0 and 100).
[0065] Determination operation 820 determines whether the overall score is within a range indicating a violation, compliance, or a need for further review. When determination operation 820 determines the content is in violation, determination operation 820 branches to refusal operation 830 which acts as an override of the consensus algorithm and denies addition of the content to the blockchain. When determination operation 820 determines the content is in compliance, determination operation 820 branches to addition operation 840 where the content is added upon consensus from the consensus algorithm. When determination operation 820 determines that further review is needed, determination operation 820 branches to submission operation 850 where the content is submitted for additional review (e.g., by additional machine learning engines, classifiers, or human review). Violation determination operation 860 reviews the results from submission operation 850 and determines whether the content is in violation, in which case violation determination operation 860 branches to refusal operation 830, or whether the content is acceptable, in which case violation determination operation 860 branches to addition operation 840.
[0066] Fig. 9 illustrates an example of the various layers of a blockchain system 900 that may be used in accordance with various embodiments of the present technology. In the embodiments illustrated in Fig. 9, the system may include one or more overwatch agents 910, a layer of decentralized applications 920, a blockchain protocol layer 930, a layer of producers 940, a layer of proxies 950, and a layer of devices 960. Various embodiments of blockchain system 900 may include military grade encryption for secure transactions and cryptographic anonymity. Overwatch agents 910 can provide continuous security assessments against all cyber attacks in the ecosystem. Some embodiments may use big data analytics to monitor anonymity and anomaly detection. Some embodiments of the big data capability allow the system to search for actionable intelligence in peta-bytes of data put into counter mode. Continuous assessment of all blockchain data, plus additional sources to ensure blockchain data, remains uncorrelated.
[0067] Some embodiments of overwatch agents 910 will continuously assess the entire network for vulnerabilities. For example, every IP address can be assessed against 155,000 threat vectors continuously. This compares best in class commercial assessment of 90,000 threat vectors typically done once a year (US DoD Standard). Some embodiments can provide a variety of standard compliances (e.g., HIPAA, FINRA, DISA, PCI-DSS, etc.).
[0068] In some embodiments, the system may issue a set of coins (e.g., GuardianCoins) which can be utility tokens that are the path to accessing resources on the public blockchain. Examples of resources include, but are not limited to, bandwidth, RAM, CPU, and storage. dApp developers will "stake" their tokens and are granted access to resources (e.g., bandwidth, CPU and Storage) based on the amount of tokens staked. In some embodiments, RAM may be separate from all other resources because it is precious and could be gamed/speculated on. As such, dApp developers may be required to purchase RAM based on the rate the GuardianCoin Network software sets it at from an internal RAM market. The rate may be based on what the current supply of RAM is. The less RAM that's available to purchase, the higher the price is and the higher the incentive is to sell RAM if you aren't using it. Each time someone buys or sells RAM a 1 % fee may be applied (to both sides of the transaction, meaning 2% total). Such a feature helps reduce speculation (the fee is ten times what a normal exchange would charge) and also serves to reduce the overall inflation as these fees collected are removed from circulation (e.g., burned).
[0069] Some embodiments may include a Protocol Service Pack as a Private Blockchain (Guardian Protocol) for customers to run within their own environments. In this implementation, Bandwidth, RAM, CPU, and Storage are provided by the customer and do not incur staking or purchasing using the tokens in the traditional way of a dApp. Use of dApps and the Private Blockchain are enabled through staking tokens which will cover software licensing and maintenance. This may be as an annual subscription or a perpetual licensing model.
[0070] In some embodiments, all messages received by the Messaging Server are copied to all anonymous users. Users can find their messages by cryptographically testing all received messages. As a result, monitoring the Anonymous network cannot determine the intended message recipients. Sending private messages can be monitored but the recipients cannot be determined. The messaging server can exist as part of the Proxy, but can also exist separately. In the latter case, the sender IP addresses can be hidden from the Proxy. In some embodiments, the Anonymous network can be extended in layers using Anonymous Proxy Servers, in which one layer hides recipients and a second layer could also hide senders. This is not the same as P2P or Onion network since it thwarts traffic analysis. Sender IP’s can also be hidden in some embodiments by separating the messaging service from the proxy. In this case, the proxy receives its user instructions as a messaging client.
[0071] Fig. 10 illustrates an example of various decentralized applications that may be used in some embodiments of the present technology. As illustrated in Fig. 10, the system may include a variety of dApps such as, but not limited to, wallet dApp 1005, criminal record dApp 1010, land registry dApp 1015, classified document dApp 1020, identity management dApp 1025, supply chain dApp 1030, USD linked dApp 1035, secure communications dApp 1040, and/or other dApps. In addition to the dApps the system may include proxies 1045 and block producers 1050.
[0072] Various embodiments of the ecosystem provide a wallet dApp 1005 that can be a hub for each account holder to send and receive payments of tokens, attachments, messages, and the like while ensuring that users remain anonymous and the data encrypted and secure. Some embodiments of the wallet 1005 can have a decentralized, yet non-distributed, audit capability to ensure that the blockchain for messaging is used appropriately. Any image or message that is to be uploaded to the blockchain can be first analyzed locally on the account holders’ device in some embodiments. If that image or message is deemed inappropriate by the software, the wallet may not upload that content and advise the account holder of the same. This localized gatekeeper functionality may not at any time send messages or images for any centralized review, and this will be capable of being validated easily by a user capturing their own data traffic.
[0073] In some embodiments, the analysis may utilize machine learning algorithms, that have been taught centrally, deployed locally, and contained locally on remote devices, which can structure unstructured data for local analysis to reach a determination of appropriateness. In this way, various embodiments can defeat the problems of content that are universally deemed to be inappropriate and that have plagued Bitcoin. Embodiments may also be able to mitigate the“death squad” issues that would come with total anarchy. It should be expected that this vetting capability will not be fool-proof and there is a chance some legitimate content will be blocked and vice versa.
[0074] Criminal record dApp 1010 can link to governmental criminal records and may provide access to authorized personnel. Various embodiments of criminal record dApp 1010 would allow law agencies to access certain criminal records between agencies ensuring the records have not been tampered (e.g., immutable records). In accordance with some embodiments, dApp 1010 may allow the overwatch agent (or other component) to recognize bad characters within the blockchain (e.g., cross-reference known criminals). As such, those who may be attempting to tamper or hack the system causing certain damage to the blockchain or specific records can be more easily identified.
[0075] Similarly, land registry dApp 1015 can link to property records and create a portal for accessing these records. In accordance with some embodiments, land registry dApp 1015 is geared towards facilities management in either the public or private sectors. As such, the records in the blockchain would again ensure the records or specific attributes are not changed, or if they are, they have a record (paper trail) of such updates to the record.
[0076] Classified document dApp 1020, may contain a smart contract with restrictive access (security clearance) capability that could be created for access to data files. A smart contract for a classified government document might allow access only if two keys are presented at the same time: the user's key and an NSA system key. Even if a future data hack occurs, the hacker would not be able to view the stolen documents without the keys from intended parties. It is estimated that with the world’s computing power it would take nearly 40 years to brute-force decode a single message and each message is uniquely keyed.
[0077] Identity management dApp 1025 can allow companies, governmental agencies, and other entities to create, distribute, and even link a variety of identifiers to a single user. For example, some embodiments of the present technology can utilize blockchain to provide radical efficiencies in identity management, enabling government to create a single collection of identity and authentication documents that can be used across departments. From issuing passports and national ID cards to national health insurance/social security numbers and tax payer IDs, establishing and verifying identity is critical to both Governments and their citizens. A blockchain can provide radical efficiencies in these areas, enabling government to create a single collection of identity and authentication document that can be used across departments. These records from personal identification, licenses, and property rights that can be made available to authorized users of the blockchain, such as tax authorities, the police, and hospitals. The dual aspects of privacy and availability are vital to protect personal information and make it available instantly only to the right departments when needed, benefitting both the citizen and government alike. [0078] Supply chain dApp 1030 can allow a user to identify an object’s precise location within the supply chain, and its accompanying digitized documentation can be made part of a traceable permanent record. This can reduce uncertainty and increase ability to plan for infrastructure needs, even with lean budgets.
[0079] USD linked dApp 1035 can provide a secure record of currency fluctuations. In accordance with some embodiments, dApp 1035 may be useful in the area of monetary policy. The fluctuations of a currency (e.g., USD) may be represented in real or digital currency, or digital currencies directly backed by USD. The blockchain would capture each fluctuation in the currency based on some type of internal or external trigger. The capture of such currency changes, and the capture is timestamped at a very high level of accuracy— milliseconds or even nanosecond resolution, may ensure certain currency manipulation is not occurring. In some embodiments, the dApp can be be used to peg one currency to another regardless of the currencies (e.g., USD, digital, etc). Time resolution may also be used to allow the currencies to be pegged given their values at a specific time.
[0080] Transacting anonymously and securely still requires communication between the transacting parties. As such, some embodiments use military grade messaging platforms and secure communications dApp 1040 to allow for a truly decentralized network. Traditional government-grade messaging systems originally held their encryption keys centrally, which can be viewed as a weak point for institutions that are unable to protect their encryption keys properly. Voice and messaging communication suites in various embodiments of the present technology can use decentralized key management, in effect the handset creates a session key on an as needed basis. Some embodiments also provide for a protocol to provide for fully decentralized, anonymized and encrypted messaging and voice calls. As such, since transacting often requires communication between the parties, various embodiments of the present technology provide a decentralized messaging capability allowing those parties to have the same level of anonymity and encryption in their communications as they do with their payments.
VERTICALS
[0081] Most industries require some levels of privacy, and in many cases this is mandatory. This may range from the protection of Intellectual Property and competitive advantage, to industry best practice or legal requirements. When one considers industries such as healthcare, finance, and Government, to name but a few, the argument for security and privacy becomes overwhelmingly convincing.
HEALTHCARE
[0082] In the US, administrative spending accounted for nearly 15% of all healthcare spending in 2016 and it is estimated that two-thirds of these costs are related to billing and insurance. For example, insurance companies require care providers to gain authorization before commencing many expensive treatments. This often means completion of an authorization form and sending it to the insurance company who will manually review the application and decide whether to seek more information, approve, or reject the claim.
[0083] In this way, care providers and insurance companies spend between $23bn-$31 bn annually processing treatment pre-authorizations alone and the implications of tackling these types of efficiency improvement through blockchain are manifestly substantive. Once approved, the time it takes to settle a healthcare claim and the determination and tracking of any deductibles and co-payments are also a major source of cost and pain. Some embodiments may utilize a smart contract dApp that could reduce the time needed for healthcare claim processing from 7-14 days to under 15 minutes.
[0084] The smart contract within the dApp can include detailed logic that represents payer/provider contract terms, and as soon as the claim is submitted it could be processed in real-time and payment transmitted to the provider. In addition, various embodiments of the blockchain ecosystem could: 1 ) introduce overall efficiency and transparency into this heavily siloed industry by enabling governmental agencies, insurance companies, hospitals, doctors, clinics, and patients to use a common blockchain; 2) allow health providers to share networks without compromising data privacy, security, or integrity; and/or 3) manage the lifecycle of patient records via blockchain.
[0085] As one of the most privacy-sensitive data domains, this sector has a unique set of regulatory requirements related to privacy protections, primarily laid out in the U.S. under the Health Insurance Portability and Accountability Act (HIPAA) from 1996. Various embodiments of the present technology can meet these requirements through cryptographic anonymity privacy techniques and the ability to create Smart dAPPS with security and privacy at their core. Plus, the safeguards from various embodiments of the overwatch capability will make the system fully HIPAA compliant.
FINANCIAL
[0086] Banks and other financial institutions have been looking at many ways in which blockchains can improve sectors which present significant inefficiencies concerning their clearing processes, operational or administrative functions, and preventing fraud. For example, some embodiments can be used as follows:
• Share certificates - The administrative process of tracking the transfer of private company shares can be manual, expensive, subject to errors and can expose issuers to regulatory risks. A blockchain and a smart contract dApp could track trading and ownership of private company shares.
• Loans - Average settlement time for secondary trading of syndicated loans is around one month, given that the process is mostly manual and involves multiple counterparties. A blockchain dApp could facilitate faster clearing and settlement of loans and reduce manual reviews, data re-entry, and reconciliation.
• Customer Identification - Know your customer (alternatively know your client or 'KYC') is the process of a bank identifying and verifying the identity of its clients and anti-money laundering regulations which governs these activities. Banks are increasingly demanding that customers provide detailed anti-corruption due diligence information. Banks and financial institutions often employ multiple systems to manage customer identification, adding complexity for both customers and employees. This makes identity validation to support customer (KYC) compliance arduous and repetitive. Various embodiments of the present technology can consolidate all identification documents to improve client satisfaction, decrease duplicate information and ease administrative effort. [0087] Banking is heavily regulated to ensure privacy for some of the most sensitive data for most individuals, and the compromise of this data can have devastating consequences. Together with the U.S. Securities and Exchange Commission, the Financial Industry Regulatory Authority (FINRA) regulates securities firms carrying out business in the United States. There are similar regulations globally.
[0088] Protection of financial and personal customer information is a key responsibility and obligation of FINRA member firms. In the United States, broker and dealers must have written policies and procedures in place to address the protection of customer information and records. As detailed in FINRA’s NASD Notice to Members 05-49 (Safeguarding Confidential Customer Information), the policies and procedures must be reasonably designed to:
• ensure the security and confidentiality of customer records and information;
• protect against any anticipated threats or hazards to the security or integrity of customer records and information; and
• protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.
[0089] Banks and other financial organizations also need to demonstrate compliance with the Payment Card Industries Data Security Standards (PCI-DSS). To date, this type regulatory control and sensitivity of banking data has restricted the ability of banks to embrace blockchains as they would like, as the inherent transparency of blockchain and the networks on which hey rest are incompatible with the need to safeguard personally identifiable information (Pll) and trade strategies.
[0090] While blockchain may help facilitate transparency from a technological perspective, financial organizations will seek to keep proprietary transactional and position information anonymous and private, for competitive reasons. Additionally, Network Security is a critical consideration for a blockchain network, particularly given the distributed nature of the network and the potential participation from entities across the globe. This is a major challenge for blockchain networks. [0091] Market participants are likely to require assurances that the network is protected from external threats before joining, given that they may be providing private information and engaging in financial transactions within the network. As with HIPAA for Healthcare, various embodiments ensure the blockchain is PCI-DSS and FINRA compliant.
GOVERNMENTAL
[0092] Governments across the globe are looking into blockchains to facilitate, streamline and improve efficiency in many areas and there are multiple use cases for a secure Government blockchain. For example:
• Identity Services: From issuing passports and national ID cards to national health insurance/social security numbers and tax payer IDs, establishing and verifying identity is critical to both Governments and their citizens. A major pain point though is the financial and personnel cost associated with positive and stringent identity services. In a large part this is due to the difficulty in linking data from siloed departments, where that information may be in differing formats from various sources, and the potential conflicts that can arise. A blockchain can provide radical efficiencies in these areas, enabling government to create a single, collection of identity and authentication documents that can be used across departments. These records from personal identification, licenses and property rights that can be made available to authorized users of the blockchain, such as tax authorities the police and hospitals. The dual aspects of privacy and availability are vital to protect personal information and make it available instantly only to the right departments when needed, benefitting both the citizen and government alike.
• Land and property registry: Land and other government registries are essential to ensure smooth property transactions, establish liability, validate tax records, and verify ownership in legal cases. Inefficiencies in government processes in this area, due the fact the registry processes are paper-based and siloed, leads to repetitive and error-prone data which is vulnerable to tampering. The use of a standardized system based on blockchain can not only increase efficiencies and a reduction in time to process, but also reduce the number of intermediaries require and increase trust in public trust in identities of transacting parties in centralized, publicly held records. However, such information must remain private between the owner of a property, for instance, and the government, in much the same way as a citizen would not expect their tax filings to be made public by the tax authorities. Applying privacy and anonymity to blockchain transactions will enable this and allow the capture the entirety of the real estate or any other title transaction.
• Social Security: A secure blockchain could solve two important issues in social security payments. First, there is the physical payment by the government and for the recipient the collection of that social security payment; for example, in South Africa the government will send armored vehicles to townships to hand out social security payments in cash. However, nearly all such recipients have smartphones and payments could be distributed using this platform. Secondly, the blockchain could provide an unchangeable historical record of every social security transaction. This can be secure for the recipient but allow the government, with the appropriate permissions, to create a powerful audit tool. Many governments are investigating the use of blockchain for such applications, but few have been able to address the privacy and security implications that arise.
[0093] Information to be shared between social security recipients and the government can be highly sensitive (e.g. medical records, case notes, personal identification documents). Building privacy and anonymity into the blockchain technology can provide for a secure means for protecting the information stored within the distributed network and determining how and when it is used and/or shared with an immutable audit of when that data was accessed and by whom.
[0094] Various embodiments can provide a fully decentralized system with no central switch or stack. As opposed to securing a centralized switch in, for example, a Top-Secret environment, this fully decentralized system could offer not only better security (particularly for nations with lower grade infrastructure), but also a reduction in risk that the system could go down, or suffer hacking attempts and denial of service attacks. Its centralized system would be decentralized across potentially hundreds of proxy servers in the ecosystem of the present technology.
ACCOUNTS PAYABLE [0095] Much of the work performed by accounts payable teams stems from having inconsistent data between the supplier and the buyer. A blockchain provides a single version of the truth for both the supplier and buyer. Reduced risks, on-time payments and improved working capital. With shared access to one consistent version of the truth, account reconciliation and inquiries could become obsolete. Therefore, cycle times could also be expedited from days to minutes, enabling buyers o offer earlier payment programs to their suppliers and help ensure that payments are managed according to the payment terms.
[0096] Fewer disputes and associated benefits such as verifiable and auditable ledger systems can mean fewer risks for suppliers and customers. With access to enterprise blockchains, suppliers could gain visibility into the blockchain platform, verify the payment status and ensure timely payments. And it’s not only the Accounts Payable function in an organization that can be dramatically optimized through the use of blockchains, this can extend to the entire supply chain as well:
• From raw materials to distribution to after-sale support, understanding the location and flow of products within an organization supply chain is critical— and not only for maximizing efficiency.
• Consumers demand transparency on where and how products are made and regulators around the world require information about supply chains— with penalties for noncompliance.
• Beyond the need for information, complex supply chains depend on trust to function properly. But distrust between organizations has historically discouraged them from sharing or relying on shared data.
[0097] Blockchain solutions can remedy that with a shared, permissioned record of ownership, location and movement of parts and goods. That shared record can increase efficiency, transparency and trust for any business. Disparate record keeping and reporting systems can lead to scattered, incomplete and unreliable manifests, bills of lading, certifications, etc. In addition, supply chain intelligence is knowing more than where goods are at any given moment. To find the source of flawed parts or component failures, being able to trace the origin and provenance of previously shipped goods is critical. With blockchain-stored records, all relevant information can be simultaneously and securely available to sender, receiver, shipper and regulators and these records reflect a product’s geographic flow and how it was treated. With a blockchain you can examine sources, investigate industry certifications, track restricted or dangerous components, discover storage condition anomalies and more.
[0098] While a blockchain ledger can solve a large number of accounts payable and supply chain problems, transparency to the degree that anyone can follow a company’s purchases, or the flow of its supply chain can lead to a lack of competitive advantage and worse. This is a critical issue for weak blockchain code on a weak network. For example, if anyone could explore Apple’s supply chain and could see that it is suddenly sourcing 5-inch OLED panels and knew where they were coming from, the secrecy around its new iPhone would be destroyed. It would give Apple’s competition plenty of time to match (or improve on) the features of the new product and any first mover advantage would be lost. While commercially this would be a major issue, imagine the advantages to a nation such as Russia or China, studying the USA’s defense supply chain. Various embodiments of the present technology provide a needed solution.
Exemplary Computer System Overview
[0099] Aspects and implementations of the overwatch ecosystem of the disclosure have been described in the general context of various steps and operations. A variety of these steps and operations may be performed by hardware components or may be embodied in computer-executable instructions, which may be used to cause a general-purpose or special-purpose processor (e.g., in a computer, server, or other computing device) programmed with the instructions to perform the steps or operations. For example, the steps or operations may be performed by a combination of hardware, software, and/or firmware.
[00100] Fig. 1 1 is a block diagram illustrating an example machine representing the computer systemization of various components of the overwatch ecosystem. The component 1 100 may be in communication with entities including one or more users 1 125 client/terminal devices 1 120 (e.g., devices 1 10A-1 10N), user input devices 1 105, peripheral devices 1 1 10, an optional co-processor device(s) (e.g., cryptographic processor devices) 1 1 15, and networks 1 130 (e.g., 120 and 130 in Fig. 1 ). Users may engage with the component 1 100 via terminal devices 1 120 over networks 1 130.
[00101] Computers may employ central processing unit (CPU) or processor to process information. Processors may include programmable general-purpose or special-purpose microprocessors, programmable controllers, application-specific integrated circuits (ASICs), programmable logic devices (PLDs), embedded components, combination of such devices and the like. Processors execute program components in response to user and/or system-generated requests. One or more of these components may be implemented in software, hardware or both hardware and software. Processors pass instructions (e.g., operational and data instructions) to enable various operations.
[00102] The component 1 100 may include clock 1 165, CPU 1 170, memory such as read only memory (ROM) 1 185 and random access memory (RAM) 1 180 and co processor 1 175 among others. These subcomponents may be connected to a system bus 1 160, and through the system bus 1 160 to an interface bus 1 135. Further, user input devices 1 105, peripheral devices 1 1 10, co-processor devices 1 1 15, and the like, may be connected through the interface bus 1 135 to the system bus 1 160. The interface bus 1 135 may be connected to a number of interface adapters such as processor interface 1 140, input output interfaces (I/O) 1 145, network interfaces 1 150, storage interfaces 1 155, and the like.
[00103] Processor interface 1 140 may facilitate communication between co processor devices 1 1 15 and co-processor 1 175. In one implementation, processor interface 1 140 may expedite encryption and decryption of requests or data. Input output interfaces (I/O) 1 145 facilitate communication between user input devices 1 105, peripheral devices 1 1 10, co-processor devices 1 1 15, and/or the like and components of the component 1 100 using protocols such as those for handling audio, data, video interface, wireless transceivers, or the like (e.g., Bluetooth, IEEE 1394a-b, serial, universal serial bus (USB), Digital Visual Interface (DVI), 802.1 1 a b/g/n/x, cellular, etc.). Network interfaces 1 150 may be in communication with the network 1 130. Through the network 1 130, the component 1 100 may be accessible to remote terminal devices 1 120. Network interfaces 1 150 may use various wired and wireless connection protocols such as, direct connect, Ethernet, wireless connection such as IEEE 802.1 1 a-x, and the like. [00104] Examples of network 1 130 include the Internet, Local Area Network (LAN), Metropolitan Area Network (MAN), a Wide Area Network (WAN), wireless network (e.g., using Wireless Application Protocol WAP), a secured custom connection, and the like. The network interfaces 1 150 can include a firewall which can, in some aspects, govern and/or manage permission to access/proxy data in a computer network, and track varying levels of trust between different machines and/or applications. The firewall can be any number of modules having any combination of hardware and/or software components able to enforce a predetermined set of access rights between a particular set of machines and applications, machines and machines, and/or applications and applications, for example, to regulate the flow of traffic and resource sharing between these varying entities. The firewall may additionally manage and/or have access to an access control list which details permissions including, for example, the access and operation rights of an object by an individual, a machine, and/or an application, and the circumstances under which the permission rights stand. Other network security functions performed or included in the functions of the firewall, can be, for example, but are not limited to, intrusion- prevention, intrusion detection, next-generation firewall, personal firewall, etc., without deviating from the novel art of this disclosure.
[00105] Storage interfaces 1 155 may be in communication with a number of storage devices such as, storage devices 1 190, removable disc devices, and the like. The storage interfaces 1 155 may use various connection protocols such as Serial Advanced Technology Attachment (SATA), IEEE 1394, Ethernet, Universal Serial Bus (USB), and the like.
[00106] User input devices 1 105 and peripheral devices 1 1 10 may be connected to I/O interface 1 145 and potentially other interfaces, buses and/or components. User input devices 1 105 may include card readers, finger print readers, joysticks, keyboards, microphones, mouse, remote controls, retina readers, touch screens, sensors, and/or the like. Peripheral devices 1 1 10 may include antenna, audio devices (e.g., microphone, speakers, etc.), cameras, external processors, communication devices, radio frequency identifiers (RFIDs), scanners, printers, storage devices, transceivers, and/or the like. Co-processor devices 1 1 15 may be connected to the component 1 100 through interface bus 1 135, and may include microcontrollers, processors, interfaces or other devices. [00107] Computer executable instructions and data may be stored in memory (e.g., registers, cache memory, random access memory, flash, etc.) which is accessible by processors. These stored instruction codes (e.g., programs) may engage the processor components, motherboard and/or other system components to perform desired operations. The component 1 100 may employ various forms of memory including on-chip CPU memory (e.g., registers), RAM 1 180, ROM 1 185, and storage devices 1 190. Storage devices 1 190 may employ any number of tangible, non- transitory storage devices or systems such as fixed or removable magnetic disk drive, an optical drive, solid state memory devices and other processor-readable storage media. Computer-executable instructions stored in the memory may include one or more program modules such as routines, programs, objects, components, data structures, and so on that perform particular tasks or implement particular abstract data types. For example, the memory may contain operating system (OS) component 1 195, modules and other components, database tables, and the like. These modules/components may be stored and accessed from the storage devices, including from external storage devices accessible through an interface bus.
[00108] The database components can store programs executed by the processor to process the stored data. The database components may be implemented in the form of a database that is relational, scalable and secure. Examples of such database include DB2, MySQL, Oracle, Sybase, and the like. Alternatively, the database may be implemented using various standard data-structures, such as an array, hash, list, stack, structured text file (e.g., XML), table, and/or the like. Such data-structures may be stored in memory and/or in structured files.
[00109] The component 1 100 may be implemented in distributed computing environments, where tasks or modules are performed by remote processing devices, which are linked through a communications network, such as a Local Area Network ("LAN"), Wide Area Network ("WAN"), the Internet, and the like. In a distributed computing environment, program modules or subroutines may be located in both local and remote memory storage devices. Distributed computing may be employed to load balance and/or aggregate resources for processing. Alternatively, aspects of the component 1 100 may be distributed electronically over the Internet or over other networks (including wireless networks). Those skilled in the relevant art(s) will recognize that portions of the overwatch ecosystem may reside on a server computer, while corresponding portions reside on a client computer. Data structures and transmission of data particular to aspects of the component 1 100 are also encompassed within the scope of the disclosure.
Conclusion
[00110] Unless the context clearly requires otherwise, throughout the description and the claims, the words "comprise," "comprising," and the like are to be construed in an inclusive sense, as opposed to an exclusive or exhaustive sense; that is to say, in the sense of "including, but not limited to." As used herein, the terms "connected," "coupled," or any variant thereof means any connection or coupling, either direct or indirect, between two or more elements; the coupling or connection between the elements can be physical, logical, or a combination thereof. Additionally, the words "herein," "above," "below," and words of similar import, when used in this application, refer to this application as a whole and not to any particular portions of this application. Where the context permits, words in the above Detailed Description using the singular or plural number may also include the plural or singular number respectively. The word "or," in reference to a list of two or more items, covers all of the following interpretations of the word: any of the items in the list, all of the items in the list, and any combination of the items in the list.
[00111] The above Detailed Description of examples of the technology is not intended to be exhaustive or to limit the technology to the precise form disclosed above. While specific examples for the technology are described above for illustrative purposes, various equivalent modifications are possible within the scope of the technology, as those skilled in the relevant art will recognize. For example, while processes or blocks are presented in a given order, alternative implementations may perform routines having steps, or employ systems having blocks, in a different order, and some processes or blocks may be deleted, moved, added, subdivided, combined, and/or modified to provide alternative or subcombinations. Each of these processes or blocks may be implemented in a variety of different ways. Also, while processes or blocks are at times shown as being performed in series, these processes or blocks may instead be performed or implemented in parallel, or may be performed at different times. Further any specific numbers noted herein are only examples: alternative implementations may employ differing values or ranges. [00112] The teachings of the technology provided herein can be applied to other systems, not necessarily the system described above. The elements and acts of the various examples described above can be combined to provide further implementations of the technology. Some alternative implementations of the technology may include not only additional elements to those implementations noted above, but also may include fewer elements.
[00113] These and other changes can be made to the technology in light of the above Detailed Description. While the above description describes certain examples of the technology, and describes the best mode contemplated, no matter how detailed the above appears in text, the technology can be practiced in many ways. Details of the system may vary considerably in its specific implementation, while still being encompassed by the technology disclosed herein. As noted above, particular terminology used when describing certain features or aspects of the technology should not be taken to imply that the terminology is being redefined herein to be restricted to any specific characteristics, features, or aspects of the technology with which that terminology is associated. In general, the terms used in the following claims should not be construed to limit the technology to the specific examples disclosed in the specification, unless the above Detailed Description section explicitly defines such terms. Accordingly, the actual scope of the technology encompasses not only the disclosed examples, but also all equivalent ways of practicing or implementing the technology under the claims.
[00114] To reduce the number of claims, certain aspects of the technology are presented below in certain claim forms, but the applicant contemplates the various aspects of the technology in any number of claim forms. For example, while only one aspect of the technology is recited as a computer-readable medium claim, other aspects may likewise be embodied as a computer-readable medium claim, or in other forms, such as being embodied in a means-plus-function claim. Any claims intended to be treated under 35 U.S.C. § 1 12(f) will begin with the words "means for", but use of the term "for" in any other context is not intended to invoke treatment under 35 U.S.C. § 1 12(f). Accordingly, the applicant reserves the right to pursue additional claims after filing this application to pursue such additional claim forms, in either this application or in a continuing application.

Claims

CLAIMS What is claimed is
1 . A method comprising:
receiving, at a proxy, a transaction from a first endpoint within multiple endpoints associated with the proxy;
wherein the transaction includes transaction data and a request to add the transaction to a distributed ledger system; and wherein the transaction data include personally identifiable information;
masking the personally identifiable information using a private key;
randomly selecting a block producer from multiple block producers to verify the transaction; and
routing the transaction to the randomly selected block producer for validation.
2. The method of claim 1 , further comprising:
receiving, at the proxy, a transaction confirmation from the block producer; and
distributing the transaction confirmation to all the multiple endpoints associated with the proxy.
3. The method of claim 2, wherein the transaction confirmation is encrypted using the private key and each of the multiple endpoints attempts to decrypt the transaction confirmation.
4. The method of claim 1 , further comprising:
creating a tap to route a copy of the transaction to an overwatch agent; and
wherein the overwatch agent uses machine learning to classify the transaction.
5. The method of claim 4, wherein the overwatch agent is configured to:
receive a copy of network traffic;
monitor the copy of the network traffic to identify threats;
create a baseline network model of the copy of the network traffic; and communicate threats identified to the proxy or multi-ledger system.
6. The method of claim 1 , further comprising monitoring a traffic level between the proxy and the multiple block producers and, upon identifying the traffic level has fallen below a threshold, automatically creating artificial traffic between the proxy and the multiple block producers.
7. The method of claim 1 , wherein the transaction includes cryptocurrency transactions.
8. A system comprising:
a distributed multi-ledger system having a set of block producers that can validate transactions to be added to a distributed ledger; a proxy assigned to a group of endpoints,
wherein each proxy endpoint within the group of endpoints routes all transactions and communications through an assigned proxy; and
an overwatch agent is configured to receive network traffic routed through the assigned proxy and to identify threat vectors.
9. The system of claim 8, wherein the proxy includes a masking agent to identify and encrypt sensitive data within the transactions before transmitting the transactions to one of the set of block producers.
10. The system of claim 9, wherein the proxy includes a routing agent to randomly select, for each of the transactions, a block producer from a set of block producers to which each of the transactions is routed.
1 1. The system of claim 8, wherein the overwatch agent includes:
an ingestion interface to receive the network traffic; a monitoring engine to monitor the network traffic and identify threats;
a machine learning engine to identify a baseline network model and classify network traffic; and
an alert system to communicate threats identified by the monitoring engine to the proxy or multi-ledger system.
12. The system of claim 8, wherein the transactions include cryptocurrency transactions.
13. The system of claim 8, further comprising one or more miners to tap the network traffic.
14. The system of claim 13, wherein the one or more miners include passive taps or inline taps.
15. A storage device having stored thereon instructions that, when executed by one or more processors, cause a machine to:
receive, at a proxy, a transaction from a first endpoint within multiple endpoints associated with the proxy;
wherein the transaction includes transaction data and a request to add the transaction to a distributed ledger system; and wherein the transaction data include personally identifiable information;
mask the personally identifiable information using a private key;
randomly select a block producer to verify the transaction; and
route the transaction to the randomly selected block producer for validation.
16. The storage device of claim 15, wherein the instructions, when executed by the one or more processors, further cause the machine to:
receive, at the proxy, a transaction confirmation from the block producer; and distribute the transaction confirmation to all the multiple endpoints associated with the proxy.
17. The storage device of claim 16, wherein the transaction confirmation is encrypted using the private key and each of the multiple endpoints attempts to decrypt the transaction confirmation.
18. The storage device of claim 15, wherein the instructions, when executed by the one or more processors, further cause the machine to:
create a tap to route a copy of the transaction to an overwatch agent; and wherein the overwatch agent uses machine learning to classify the transaction.
19. The storage device of claim 15, wherein the instructions, when executed by the one or more processors, further cause the machine to monitor a traffic level between the proxy and the block producer and, upon identifying the traffic level has fallen below a threshold, automatically create artificial traffic between the proxy and the block producer.
20. The storage device of claim 15, wherein the transaction includes a cryptocurrency transaction.
PCT/US2019/036419 2018-06-08 2019-06-10 Blockchain overwatch WO2019237126A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP19815526.9A EP3803740A4 (en) 2018-06-08 2019-06-10 Blockchain overwatch
CN201980051784.1A CN113015989A (en) 2018-06-08 2019-06-10 Block chain supervision

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862682533P 2018-06-08 2018-06-08
US62/682,533 2018-06-08

Publications (1)

Publication Number Publication Date
WO2019237126A1 true WO2019237126A1 (en) 2019-12-12

Family

ID=68764394

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2019/036419 WO2019237126A1 (en) 2018-06-08 2019-06-10 Blockchain overwatch

Country Status (4)

Country Link
US (2) US10581805B2 (en)
EP (1) EP3803740A4 (en)
CN (1) CN113015989A (en)
WO (1) WO2019237126A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112468517A (en) * 2021-01-25 2021-03-09 广州大学 Tracing-resistant anonymous communication network access method, system and device
US11068473B1 (en) 2020-05-01 2021-07-20 Kpmg Llp Scalable and advanced analytics computing platform for distributed ledger data

Families Citing this family (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11232417B2 (en) * 2017-09-12 2022-01-25 Northwestern University Back-up sentinel network for a blockchain distribution network
EP3821578B1 (en) * 2018-07-13 2022-02-09 Telefonaktiebolaget LM Ericsson (publ) Verification of lawful interception data
US11308562B1 (en) * 2018-08-07 2022-04-19 Intuit Inc. System and method for dimensionality reduction of vendor co-occurrence observations for improved transaction categorization
US11032292B2 (en) * 2018-09-04 2021-06-08 Allen Gluck Systems and methods for hybrid blockchain control
US11368446B2 (en) * 2018-10-02 2022-06-21 International Business Machines Corporation Trusted account revocation in federated identity management
US11080293B2 (en) * 2018-10-04 2021-08-03 Toyota Motor North America, Inc. Apparatus, methods, and systems for tracking and accounting for data flow in a loan processing system
KR102580881B1 (en) * 2018-11-08 2023-09-20 삼성전자주식회사 Electronic device and method of providing personal information, and computer-readable recording medium recording the same
KR102297592B1 (en) * 2019-01-30 2021-09-03 펜타시큐리티시스템 주식회사 Method and apparatus for sharing big data using block chain
US11170128B2 (en) * 2019-02-27 2021-11-09 Bank Of America Corporation Information security using blockchains
US11790368B2 (en) * 2019-03-05 2023-10-17 International Business Machines Corporation Auto-evolving database endorsement policies
US10872170B2 (en) 2019-05-15 2020-12-22 Advanced New Technologies Co., Ltd. Blockchain-based copyright distribution
US11526610B2 (en) * 2019-05-21 2022-12-13 Veracode, Inc. Peer-to-peer network for blockchain security
US10790990B2 (en) * 2019-06-26 2020-09-29 Alibaba Group Holding Limited Ring signature-based anonymous transaction
WO2019170173A2 (en) * 2019-06-27 2019-09-12 Alibaba Group Holding Limited Managing cybersecurity vulnerabilities using blockchain networks
WO2019179534A2 (en) 2019-07-02 2019-09-26 Alibaba Group Holding Limited System and method for creating decentralized identifiers
CN111316303B (en) 2019-07-02 2023-11-10 创新先进技术有限公司 Systems and methods for blockchain-based cross-entity authentication
SG11202003792QA (en) 2019-07-02 2020-05-28 Advanced New Technologies Co Ltd System and method for verifying verifiable claims
CN116910726A (en) 2019-07-02 2023-10-20 创新先进技术有限公司 System and method for mapping a de-centralized identity to a real entity
SG11202003757TA (en) 2019-07-02 2020-05-28 Advanced New Technologies Co Ltd System and method for issuing verifiable claims
CN111213147B (en) 2019-07-02 2023-10-13 创新先进技术有限公司 Systems and methods for blockchain-based cross-entity authentication
WO2021039453A1 (en) * 2019-08-29 2021-03-04 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Control method, server, and program
CN111327426B (en) * 2020-01-21 2021-06-25 腾讯科技(深圳)有限公司 Data sharing method and related device, equipment and system
US12099997B1 (en) 2020-01-31 2024-09-24 Steven Mark Hoffberg Tokenized fungible liabilities
EP3879482A1 (en) * 2020-03-09 2021-09-15 Lyfegen HealthTech AG System and methods for success based health care payment
US11489799B2 (en) * 2020-04-02 2022-11-01 Jpmorgan Chase Bank, N.A. Systems and methods for communication routing and optimization among multiple distributed ledgers
CN111508461B (en) * 2020-04-13 2023-11-03 山东省计算中心(国家超级计算济南中心) Information centralization management system and method for multi-sound masking system
EP3844654B1 (en) 2020-06-08 2023-05-17 Alipay Labs (Singapore) Pte. Ltd. Blockchain-based document registration for custom clearance
WO2020169122A2 (en) * 2020-06-08 2020-08-27 Alipay Labs (singapore) Pte. Ltd. Blockchain-based import custom clearance data processing
WO2020169123A2 (en) 2020-06-08 2020-08-27 Alipay Labs (singapore) Pte. Ltd. Blockchain-based smart contract pools
EP3841507B1 (en) 2020-06-08 2023-04-26 Alipay Labs (Singapore) Pte. Ltd. User management of blockchain-based custom clearance service platform
WO2020169124A2 (en) 2020-06-08 2020-08-27 Alipay Labs (singapore) Pte. Ltd. Distributed storage of custom clearance data
WO2020169126A2 (en) 2020-06-08 2020-08-27 Alipay Labs (singapore) Pte. Ltd. Managing user authorizations for blockchain-based custom clearance services
CN111741000B (en) * 2020-06-22 2021-06-22 北京邮电大学 Data access system and method based on block chain and intelligent contract
CN113849851A (en) 2020-06-28 2021-12-28 中兴通讯股份有限公司 Proxy method, device and computer readable storage medium
CN112801658B (en) 2020-07-31 2022-04-22 支付宝(杭州)信息技术有限公司 Cross-border resource transfer authenticity auditing method and device and electronic equipment
CN111711646B (en) * 2020-08-20 2020-11-24 飞天诚信科技股份有限公司 Method and equipment for ensuring communication security of block chain P2P network node
CN111813795B (en) 2020-08-28 2020-12-04 支付宝(杭州)信息技术有限公司 Method and apparatus for confirming transactions in a blockchain network
CN112217645B (en) * 2020-09-28 2021-10-26 电子科技大学 Anonymous communication system routing method based on block chain technology
CN112559489B (en) * 2020-12-11 2023-07-07 杭州趣链科技有限公司 Cross-chain-based blockchain supervision method, device and storage medium
US11531709B2 (en) * 2021-02-18 2022-12-20 Bank Of America Corporation Dynamic blockchain masking and verification computing platform
US11870812B2 (en) * 2021-03-31 2024-01-09 Stanley Yuen Li Cyberrisk governance system and method to automate cybersecurity detection and resolution in a network
TWI753819B (en) * 2021-04-23 2022-01-21 準旺科技股份有限公司 Sysyem for tracking physical asset tranfer
EP4084429A1 (en) * 2021-04-26 2022-11-02 Alessandro Semi Toumi System and method for distributed transaction propagation and verification
US12041190B2 (en) * 2021-06-25 2024-07-16 Prateek GOEL System and method to manage large data in blockchain
US12052226B2 (en) * 2021-09-30 2024-07-30 EMC IP Holding Company LLC Reducing sensitive data exposure in hub-and-spoke remote management architectures
CN113886484B (en) * 2021-10-26 2022-05-17 北京华宜信科技有限公司 Method for automatically generating and updating scientific and technological achievement evaluation report based on block chain
US20230169497A1 (en) * 2021-12-01 2023-06-01 Aiden Automotive Technologies, Inc. Automotive payment platform
US12045504B2 (en) 2021-12-14 2024-07-23 Micron Technology, Inc. Burn-in solid state drives through generation of proof of space plots in a manufacturing facility
US12015706B2 (en) 2021-12-14 2024-06-18 Micron Technology, Inc. Combined cryptographic key management services for access control and proof of space
US12028355B2 (en) * 2021-12-14 2024-07-02 Bank Of America Corporation Enhancing hybrid traditional neural networks with liquid neural network units for cyber security and offense protection
US11941254B2 (en) 2021-12-14 2024-03-26 Micron Technology, Inc. Test memory sub-systems through validation of responses to proof of space challenges
US11960756B2 (en) 2021-12-14 2024-04-16 Micron Technology, Inc. Management of storage space in solid state drives to support proof of space activities
US20230185483A1 (en) * 2021-12-14 2023-06-15 Micron Technology, Inc. Solid State Drives with Hardware Accelerators for Proof of Space Computations
US20230214822A1 (en) * 2022-01-05 2023-07-06 Mastercard International Incorporated Computer-implemented methods and systems for authentic user-merchant association and services
US12086432B2 (en) 2022-02-02 2024-09-10 Micron Technology, Inc. Gradually reclaim storage space occupied by a proof of space plot in a solid state drive
US11977742B2 (en) 2022-02-02 2024-05-07 Micron Technology, Inc. Solid state drives configurable to use storage spaces of remote devices in activities involving proof of space
US11775188B2 (en) 2022-02-02 2023-10-03 Micron Technology, Inc. Communications to reclaim storage space occupied by proof of space plots in solid state drives
US11892989B2 (en) * 2022-03-28 2024-02-06 Bank Of America Corporation System and method for predictive structuring of electronic data
US11616854B1 (en) * 2022-07-14 2023-03-28 Zengo Ltd. System and method of secured interface to a blockchain based network
CN115811428B (en) * 2022-11-28 2024-08-16 济南大学 Defense method, system, equipment and storage medium for resisting DDoS attack
CN116861446A (en) * 2023-09-04 2023-10-10 深圳奥联信息安全技术有限公司 Data security assessment method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150310424A1 (en) * 2014-04-26 2015-10-29 Michael Myers Cryptographic currency user directory data and enhanced peer-verification ledger synthesis through multi-modal cryptographic key-address mapping
US20160321654A1 (en) * 2011-04-29 2016-11-03 Stephen Lesavich Method and system for storage and retrieval of blockchain blocks using galois fields
US20170132620A1 (en) * 2015-11-06 2017-05-11 SWFL, Inc., d/b/a "Filament" Systems and methods for autonomous device transacting
US20170178237A1 (en) * 2014-03-11 2017-06-22 Dragonfly Fintech Pte Ltd Computer implemented frameworks and methods configured to create and manage a virtual currency
US20170302663A1 (en) * 2016-04-14 2017-10-19 Cisco Technology, Inc. BLOCK CHAIN BASED IoT DEVICE IDENTITY VERIFICATION AND ANOMALY DETECTION

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2446199A (en) * 2006-12-01 2008-08-06 David Irvine Secure, decentralised and anonymous peer-to-peer network
US9361481B2 (en) * 2013-11-01 2016-06-07 Anonos Inc. Systems and methods for contextualized data protection
SG11201708000PA (en) * 2015-03-31 2017-10-30 Nasdaq Inc Systems and methods of blockchain transaction recordation
EP3125489B1 (en) * 2015-07-31 2017-08-09 BRITISH TELECOMMUNICATIONS public limited company Mitigating blockchain attack
US10417217B2 (en) * 2016-08-05 2019-09-17 Chicago Mercantile Exchange Inc. Systems and methods for blockchain rule synchronization
CN107493162A (en) * 2017-07-25 2017-12-19 中国联合网络通信集团有限公司 The implementation method and device of block chain node
US20190156336A1 (en) * 2017-11-21 2019-05-23 Wipro Limited System and method to validate blockchain transactions in a distributed ledger network
US11132660B2 (en) * 2017-12-12 2021-09-28 Mastercard International Incorporated Systems and methods for distributed peer to peer analytics

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160321654A1 (en) * 2011-04-29 2016-11-03 Stephen Lesavich Method and system for storage and retrieval of blockchain blocks using galois fields
US20170178237A1 (en) * 2014-03-11 2017-06-22 Dragonfly Fintech Pte Ltd Computer implemented frameworks and methods configured to create and manage a virtual currency
US20150310424A1 (en) * 2014-04-26 2015-10-29 Michael Myers Cryptographic currency user directory data and enhanced peer-verification ledger synthesis through multi-modal cryptographic key-address mapping
US20170132620A1 (en) * 2015-11-06 2017-05-11 SWFL, Inc., d/b/a "Filament" Systems and methods for autonomous device transacting
US20170302663A1 (en) * 2016-04-14 2017-10-19 Cisco Technology, Inc. BLOCK CHAIN BASED IoT DEVICE IDENTITY VERIFICATION AND ANOMALY DETECTION

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11068473B1 (en) 2020-05-01 2021-07-20 Kpmg Llp Scalable and advanced analytics computing platform for distributed ledger data
US11100510B1 (en) 2020-05-01 2021-08-24 Kpmg Llp Scalable and advanced analytics computing platform for distributed ledger data and custody solutions
WO2021221795A1 (en) * 2020-05-01 2021-11-04 Kpmg Llp Scalable and advanced analytics computing platform for distributed ledger data
US11726988B2 (en) 2020-05-01 2023-08-15 Kpmg Llp Scalable and advanced analytics computing platform for distributed ledger data and custody solutions
CN112468517A (en) * 2021-01-25 2021-03-09 广州大学 Tracing-resistant anonymous communication network access method, system and device

Also Published As

Publication number Publication date
EP3803740A4 (en) 2022-03-02
US20200204524A1 (en) 2020-06-25
CN113015989A (en) 2021-06-22
US10581805B2 (en) 2020-03-03
US20190379642A1 (en) 2019-12-12
EP3803740A1 (en) 2021-04-14

Similar Documents

Publication Publication Date Title
US10581805B2 (en) Blockchain overwatch
US10824999B2 (en) Systems and methods for implementing hybrid public-private block-chain ledgers
Xu Are blockchains immune to all malicious attacks?
AU2016220152B2 (en) Cloud encryption key broker apparatuses, methods and systems
Salim Cyber safety: A systems thinking and systems theory approach to managing cyber security risks
Suryavanshi et al. The integration of Blockchain and AI for Web 3.0: A security Perspective
Ali et al. A Comprehensive review on cybersecurity issues and their mitigation measures in FinTech
Ambhire et al. Information security in banking and financial industry
KR20230136194A (en) Systems and methods for compliance-enabled digital representation assets
Chopra et al. The need for information security
Al Barghuthi et al. Security risk assessment of blockchain-based patient health record systems
Betz An analysis of the relationship between security information technology enhancements and computer security breaches and incidents
Blessing et al. Survey and analysis of US policies to address ransomware
Schulz et al. Options to improve the general model of security management in private bank with GDPR compliance
Singh et al. The revolution and future of blockchain technology in cybersecurity
Narang et al. Preserving confidentiality and privacy of sensitive data in e-procurement system
Khandare et al. A Global Overview of Data Security, Safety, Corporate Data Privacy, and Data Protection
Mampilly et al. Blockchain in Cybersecurity
Neto et al. Towards identity management in healthcare systems
Gunawan et al. E-commerce Security Issues for SMEs: A Systematic Literature Review
Gosselin Break down the Silos through Blockchain Technology: The Benefits and Legal Barriers of Blockchain Functionality in Healthcare
Samonte et al. Building a Privacy-Centric Systems Integration and Architecture
Popov et al. International Journal of Cryptocurrency Research
Popov et al. Blockchain Privacy and Self-regulatory Compliance: Methods and Applications
Sheth et al. Role of AI for Data Security and Privacy in 5G Healthcare Informatics

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19815526

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2019815526

Country of ref document: EP

Effective date: 20210111