Skip to main content
SpringerLink
Log in

Development of Trust Infrastructures for Virtual Asset Service Providers

  • Conference paper
  • First Online:
Computer Security (ESORICS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12580))

Included in the following conference series:

Abstract

Virtual asset service providers (VASPs) currently face a number of challenges, both from the technological and the regulatory perspectives. In the context of virtual asset transfers one key issue is the need for VASPs to securely exchange customer information to comply to the Travel Rule. We discuss a VASP information sharing network as one form of a trust infrastructure for VASP-to-VASP interactions. Related to this is the need for a trusted identity infrastructure for VASPs that would permit other entities to quickly ascertain the legal business status of a VASP. For customers of VASPs there is a need for seamless integration between the VASP services and the existing consumer identity management infrastructure, providing a user-friendly experience for transferring virtual assets to other users. Finally, for regulated wallets, an attestation infrastructure may provide VASPs and insurance providers with better visibility into the state of wallets based on trusted hardware.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Apple Inc.: Apple Public CA Certification Practice Statement. Certificate practices statement Apple Inc., June 2019. https://images.apple.com/certificateauthority/pdf/Apple_Public_CA_CPS_v4.2.pdf

  2. CAB-Forum: Guidelines For The Issuance And Management of Extended Validation Certificates. Specification version 1.7.2, CA Browser Forum, March 2020

    Google Scholar 

  3. CableLabs: Cablelabs New PKI Certificate Policy Version 2.1. Technical specifications, Cable Laboratories, January 2019. https://www.cablelabs.com/resources/digital-certificate-issuance-service

  4. Canellis, D.: 76 percent of laundered cryptocurrency was washed with an exchange service. The Next Web, January 2019. https://thenextweb.com/hardfork/2019/01/29/cryptocurrency-laundering-chainalysis/

  5. Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, May 2008. RFC5280. http://tools.ietf.org/rfc/rfc5280.txt

  6. EEA: Off-Chain Trusted Compute Specification. Technical specification v1.1, Enterprise Ethereum Alliance, March 2020. https://entethalliance.github.io/trusted-computing/spec.html

  7. Commission, E.: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Off. J. Eur. Union L119, 1–88 (2016)

    Google Scholar 

  8. FATF: International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation. FATF Revision of Recommendation 15, Financial Action Task Force (FATF), October 2018. http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-recommendations.html

  9. FATF: Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers. FATF Guidance, Financial Action Task Force (FATF), June 2019. www.fatf-gafi.org/publications/fatfrecommendations/documents/Guidance-RBA-virtual-assets.html

  10. FATF: 12-Month Review of Revised FATF Standards on Virtual Assets and Virtual Asset Service Provider. FATF report, Financial Action Task Force (FATF), July 2020. http://www.fatf-gafi.org/publications/fatfrecommendations/documents/12-month-review-virtual-assets-vasps.html

  11. Finextra: Swift to introduce PKI security for FIN. Finextra News, October 2004. https://www.finextra.com/newsarticle/12620/swift-to-introduce-pki-security-for-fin

  12. FINMA: FINMA Guidance: Payments on the blockchain. Finma guidance report, Swiss Financial Market Supervisory Authority (FINMA), August 2019. https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/4dokumentation/finma-aufsichtsmitteilungen/20190826-finma-aufsichtsmitteilung-02-2019.pdf

  13. GLEIF: LEI in KYC: A New Future for Legal Entity Identification. Gleif research report? A new future for legal entity identification, Global Legal Entity Identifier Foundation (GLEIF), May 2018. https://www.gleif.org/en/lei-solutions/lei-in-kyc-a-new-future-for-legal-entity-identification

  14. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 186–208 (1988). https://doi.org/10.1137/0218012

    Article  MathSciNet  MATH  Google Scholar 

  15. Haber, S., Stornetta, W.S.: How to time-stamp a digital document. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-38424-3_32

    Chapter  Google Scholar 

  16. Hardjono, T., Maler, E., Machulak, M., Catalano, D.: User-Managed Access (UMA) Profile of OAuth2.0 - Specification Version 1.0. Kantara published specification, Kantara Initiative, April 2015. https://docs.kantarainitiative.org/uma/rec-uma-core.html

  17. Hardjono, T., Pentland, A.: Core identities for future transaction systems. In: Hardjono, T., Pentland, A., Shrier, D. (eds.) Trusted Data - A New Framework for Identity and Data Sharing, pp. 41–81. MIT Press, New York (2019)

    Chapter  Google Scholar 

  18. Hardjono, T.: Compliant Solutions for VASPs, May 2019, presentation to the FATF Private Sector Consultative Forum (PSCF) 2019, Vienna, 6 May 2019

    Google Scholar 

  19. Hardjono, T.: Federated authorization over access to personal data for decentralized identity management. IEEE Commun. Stand. Mag. Dawn Internet Identity Layer Role Decent. Identit 3(4), 32–38 (2019). https://doi.org/10.1109/MCOMSTD.001.1900019

    Article  Google Scholar 

  20. Hardjono, T., Kazmierczak, G.: Overview of the TPM Key Management Standard (2008). http://www.trustedcomputinggroup.org/ files/ resource_files/

  21. Hardjono, T., Lipton, A., Pentland, A.: Towards a public key management framework for virtual assets and virtual asset service providers. J. FinTech 1(1), 2050001 (2020). https://doi.org/10.1142/S2705109920500017. https://arxiv.org/pdf/1909.08607

    Article  Google Scholar 

  22. Hardjono, T., Lipton, A., Pentland, A.: Wallet Attestations for Virtual Asset Service Providers and Crypto-Assets Insurance, June 2020. https://arxiv.org/pdf/2005.14689.pdf

  23. Hardjono, T., Smith, N.: TCG Core Integrity Schema. TCG Specification - Version 1.0.1 Revision 1.0, Trusted Computing Group, November 2006. https://trustedcomputinggroup.org/wp-content/uploads/IWG-Core-Integrity_Schema_Specification_v1.pdf

  24. InterVASP: InterVASP Messaging Standards IVMS101. interVASP data model standard - Issue 1 - FINAL, Joint Working Group on interVASP Messaging Standards, May 2020

    Google Scholar 

  25. ISO: Information Technology - Open Systems Interconnection - The Directory - Part 8: Public-key and Attribute Certificate Frameworks. ISO/IEC 9594–8:2017, International Organization for Standardization, February 2017

    Google Scholar 

  26. Jevans, D., Hardjono, T., Vink, J., Steegmans, F., Jefferies, J., Malhotra, A.: Travel Rule Information Sharing Architecture for Virtual Asset Service Providers. Version 7, TRISA, June 2020. https://trisa.io/wp-content/uploads/2020/06/TRISAEnablingFATFTravelRuleWhitePaperV7.pdf

  27. Kharif, O., Louis, B., Edde, J., Chiglinsky, K.: Interest in crypto insurance grows, despite high premiums, broad exclusions. Insur. J. (2018). https://www.insurancejournal.com/news/national/2018/07/23/495680.htm

  28. Kuhn, D.R., Hu, V.C., Polk, W.T., Chang, S.J.: Introduction to Public Key Technology and the Federal PKI Infrastructure. NIST Special Publication 800–32, National Institute of Standards and Technology, February 2001. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-32.pdf

  29. Protocol Labs: Inter Planetary File System (IPFS) (2019). https://docs.ipfs.io. Accessed 23 Sept. 2019

  30. Lizar, M., Turner, D.: Consent Receipt Specification Version 1.0 (March 2017). https://kantarainitiative.org/confluence/display/infosharing/Home

  31. Maler, E., Machulak, M., Richer, J.: User-Managed Access (UMA) 2.0. Kantara published specification, Kantara Initiative, January 2017. https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-10.html

  32. Malhotra, A., King, A., Schwartz, D., Zochowski, M.: PayID Protocol. Technical whitepaper v1.0, PayID.org, June 2020. https://payid.org/whitepaper.pdf

  33. NACHA: Operating Rules and Guidelines. Specification, National Automated Clearing House Association (NACHA) (2019). https://www.nacha.org

  34. Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System (2008). https://bitcoin.org/bitcoin.pdf

  35. OASIS: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0, March 2005. http://docs.oasisopen.org/security/ saml/v2.0/saml-core-2.0-os.pdf

  36. Reddy, A.: Hackers stole $40 million of bitcoin from one of the world’s largest crypto exchanges (BTC). Business Insider, May 2019. https://markets.businessinsider.com/currencies/news/btc-binance-suffers-40-million-hack-2019-5-1028182318

  37. Reed, D., Sporny, M.: Decentralized Identifiers (DIDs) v0.11. Draft community group report 09 July 2018, W3C, July 2018. https://w3c-ccg.github.io/did-spec/

  38. Rescorla, D.: The Transport Layer Security (TLS) Protocol Version 1.3, August 2018. https://tools.ietf.org/html/rfc8446, IETF Standard RFC8446

  39. Riegelnig, D.: OpenVASP: An Open Protocol to Implement FATF’s Travel Rule for Virtual Assets, November 2019. https://www.openvasp.org/wp-content/uploads/2019/11/OpenVasp_Whitepaper.pdf

  40. Schoenberg, T., Robinson, M.: Bitcoin ATMs May Be Used to Launder Money. Bloomberg, December 2018. https://www.bloomberg.com/features/2018-bitcoin-atm-money-laundering/

  41. Smith, N. (ed.): TCG Attestation Framework. TCG Draft Specification - Version 1.0, Trusted Computing Group, February 2020

    Google Scholar 

  42. Sporny, M., Longley, D., Chadwick, D.: Verifiable Credentials Data Model 1.0. W3C Recommendation, W3C, November 2019. https://www.w3.org/TR/verifiable-claims-data-model

  43. Su, J.: Hackers Stole Over 4 Billion From Crypto Crimes In 2019 So Far, Up From 1.7 Billion In All Of 2018. Forbes, August 2019. https://www.forbes.com/sites/jeanbaptiste/2019/08/15/hackers-stole-over-4-billion-from-crypto-crimes-in-2019-so-far

  44. Trusted Computing Group: TPM Main - Specification Version 1.2. TCG Published Specification, Trusted Computing Group, October 2003. http://www.trustedcomputinggroup.org/ resources/ tpm_main_specification

Download references

Acknowledgement

We thank the following for various inputs, discussions and comments: Sandy Pentland and Alexander Lipton (MIT); Ned Smith (Intel); Anne Wallwork (US Treasury); Dave Jevans, John Jefferies (CipherTrace); David Riegelnig (Bitcoin Suisse); Aanchal Malhotra (Ripple); Justin Newton (NetKi); Eve Maler (ForgeRock); Justin Richer (Bespoke Engineering); Nat Sakimura (OIF).

Author information

Authors and Affiliations

  1. MIT Connection Science and Engineering, Massachusetts Institute of Technology, Cambridge, MA, 02139, USA

    Thomas Hardjono

Authors
  1. Thomas Hardjono
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Hardjono .

Editor information

Editors and Affiliations

  1. University of Surrey, Guildford, UK

    Ioana Boureanu

  2. University of Surrey, Guildford, UK

    Constantin Cătălin Drăgan

  3. University of Surrey, Guildford, UK

    Mark Manulis

  4. Technical University of Denmark, Kongens Lyngby, Denmark

    Thanassis Giannetsos

  5. Ionian University, Kerkira, Greece

    Christoforos Dadoyan

  6. UBITECH Ltd., Chalandri, Greece

    Panagiotis Gouvas

  7. Dartmouth College and Naval Information Warfare Center, Hanover, NH, USA

    Roger A. Hallman

  8. University of Kent, Canterbury, Kent, UK

    Shujun Li

  9. Teessside University, Middlesbrough, UK

    Victor Chang

  10. Technical University of Berlin, Berlin, Germany

    Frank Pallas

  11. Alexander von Humboldt Institute for Internet and Society, Berlin, Germany

    Jörg Pohle

  12. Ruhr University Bochum, Bochum, Germany

    Angela Sasse

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hardjono, T. (2020). Development of Trust Infrastructures for Virtual Asset Service Providers. In: Boureanu, I., et al. Computer Security. ESORICS 2020. Lecture Notes in Computer Science(), vol 12580. Springer, Cham. https://doi.org/10.1007/978-3-030-66504-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-66504-3_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-66503-6

  • Online ISBN: 978-3-030-66504-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation