Abstract
Virtual asset service providers (VASPs) currently face a number of challenges, both from the technological and the regulatory perspectives. In the context of virtual asset transfers one key issue is the need for VASPs to securely exchange customer information to comply to the Travel Rule. We discuss a VASP information sharing network as one form of a trust infrastructure for VASP-to-VASP interactions. Related to this is the need for a trusted identity infrastructure for VASPs that would permit other entities to quickly ascertain the legal business status of a VASP. For customers of VASPs there is a need for seamless integration between the VASP services and the existing consumer identity management infrastructure, providing a user-friendly experience for transferring virtual assets to other users. Finally, for regulated wallets, an attestation infrastructure may provide VASPs and insurance providers with better visibility into the state of wallets based on trusted hardware.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Apple Inc.: Apple Public CA Certification Practice Statement. Certificate practices statement Apple Inc., June 2019. https://images.apple.com/certificateauthority/pdf/Apple_Public_CA_CPS_v4.2.pdf
CAB-Forum: Guidelines For The Issuance And Management of Extended Validation Certificates. Specification version 1.7.2, CA Browser Forum, March 2020
CableLabs: Cablelabs New PKI Certificate Policy Version 2.1. Technical specifications, Cable Laboratories, January 2019. https://www.cablelabs.com/resources/digital-certificate-issuance-service
Canellis, D.: 76 percent of laundered cryptocurrency was washed with an exchange service. The Next Web, January 2019. https://thenextweb.com/hardfork/2019/01/29/cryptocurrency-laundering-chainalysis/
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, May 2008. RFC5280. http://tools.ietf.org/rfc/rfc5280.txt
EEA: Off-Chain Trusted Compute Specification. Technical specification v1.1, Enterprise Ethereum Alliance, March 2020. https://entethalliance.github.io/trusted-computing/spec.html
Commission, E.: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Off. J. Eur. Union L119, 1–88 (2016)
FATF: International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation. FATF Revision of Recommendation 15, Financial Action Task Force (FATF), October 2018. http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-recommendations.html
FATF: Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers. FATF Guidance, Financial Action Task Force (FATF), June 2019. www.fatf-gafi.org/publications/fatfrecommendations/documents/Guidance-RBA-virtual-assets.html
FATF: 12-Month Review of Revised FATF Standards on Virtual Assets and Virtual Asset Service Provider. FATF report, Financial Action Task Force (FATF), July 2020. http://www.fatf-gafi.org/publications/fatfrecommendations/documents/12-month-review-virtual-assets-vasps.html
Finextra: Swift to introduce PKI security for FIN. Finextra News, October 2004. https://www.finextra.com/newsarticle/12620/swift-to-introduce-pki-security-for-fin
FINMA: FINMA Guidance: Payments on the blockchain. Finma guidance report, Swiss Financial Market Supervisory Authority (FINMA), August 2019. https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/4dokumentation/finma-aufsichtsmitteilungen/20190826-finma-aufsichtsmitteilung-02-2019.pdf
GLEIF: LEI in KYC: A New Future for Legal Entity Identification. Gleif research report? A new future for legal entity identification, Global Legal Entity Identifier Foundation (GLEIF), May 2018. https://www.gleif.org/en/lei-solutions/lei-in-kyc-a-new-future-for-legal-entity-identification
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 186–208 (1988). https://doi.org/10.1137/0218012
Haber, S., Stornetta, W.S.: How to time-stamp a digital document. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 437–455. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-38424-3_32
Hardjono, T., Maler, E., Machulak, M., Catalano, D.: User-Managed Access (UMA) Profile of OAuth2.0 - Specification Version 1.0. Kantara published specification, Kantara Initiative, April 2015. https://docs.kantarainitiative.org/uma/rec-uma-core.html
Hardjono, T., Pentland, A.: Core identities for future transaction systems. In: Hardjono, T., Pentland, A., Shrier, D. (eds.) Trusted Data - A New Framework for Identity and Data Sharing, pp. 41–81. MIT Press, New York (2019)
Hardjono, T.: Compliant Solutions for VASPs, May 2019, presentation to the FATF Private Sector Consultative Forum (PSCF) 2019, Vienna, 6 May 2019
Hardjono, T.: Federated authorization over access to personal data for decentralized identity management. IEEE Commun. Stand. Mag. Dawn Internet Identity Layer Role Decent. Identit 3(4), 32–38 (2019). https://doi.org/10.1109/MCOMSTD.001.1900019
Hardjono, T., Kazmierczak, G.: Overview of the TPM Key Management Standard (2008). http://www.trustedcomputinggroup.org/ files/ resource_files/
Hardjono, T., Lipton, A., Pentland, A.: Towards a public key management framework for virtual assets and virtual asset service providers. J. FinTech 1(1), 2050001 (2020). https://doi.org/10.1142/S2705109920500017. https://arxiv.org/pdf/1909.08607
Hardjono, T., Lipton, A., Pentland, A.: Wallet Attestations for Virtual Asset Service Providers and Crypto-Assets Insurance, June 2020. https://arxiv.org/pdf/2005.14689.pdf
Hardjono, T., Smith, N.: TCG Core Integrity Schema. TCG Specification - Version 1.0.1 Revision 1.0, Trusted Computing Group, November 2006. https://trustedcomputinggroup.org/wp-content/uploads/IWG-Core-Integrity_Schema_Specification_v1.pdf
InterVASP: InterVASP Messaging Standards IVMS101. interVASP data model standard - Issue 1 - FINAL, Joint Working Group on interVASP Messaging Standards, May 2020
ISO: Information Technology - Open Systems Interconnection - The Directory - Part 8: Public-key and Attribute Certificate Frameworks. ISO/IEC 9594–8:2017, International Organization for Standardization, February 2017
Jevans, D., Hardjono, T., Vink, J., Steegmans, F., Jefferies, J., Malhotra, A.: Travel Rule Information Sharing Architecture for Virtual Asset Service Providers. Version 7, TRISA, June 2020. https://trisa.io/wp-content/uploads/2020/06/TRISAEnablingFATFTravelRuleWhitePaperV7.pdf
Kharif, O., Louis, B., Edde, J., Chiglinsky, K.: Interest in crypto insurance grows, despite high premiums, broad exclusions. Insur. J. (2018). https://www.insurancejournal.com/news/national/2018/07/23/495680.htm
Kuhn, D.R., Hu, V.C., Polk, W.T., Chang, S.J.: Introduction to Public Key Technology and the Federal PKI Infrastructure. NIST Special Publication 800–32, National Institute of Standards and Technology, February 2001. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-32.pdf
Protocol Labs: Inter Planetary File System (IPFS) (2019). https://docs.ipfs.io. Accessed 23 Sept. 2019
Lizar, M., Turner, D.: Consent Receipt Specification Version 1.0 (March 2017). https://kantarainitiative.org/confluence/display/infosharing/Home
Maler, E., Machulak, M., Richer, J.: User-Managed Access (UMA) 2.0. Kantara published specification, Kantara Initiative, January 2017. https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-10.html
Malhotra, A., King, A., Schwartz, D., Zochowski, M.: PayID Protocol. Technical whitepaper v1.0, PayID.org, June 2020. https://payid.org/whitepaper.pdf
NACHA: Operating Rules and Guidelines. Specification, National Automated Clearing House Association (NACHA) (2019). https://www.nacha.org
Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System (2008). https://bitcoin.org/bitcoin.pdf
OASIS: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0, March 2005. http://docs.oasisopen.org/security/ saml/v2.0/saml-core-2.0-os.pdf
Reddy, A.: Hackers stole $40 million of bitcoin from one of the world’s largest crypto exchanges (BTC). Business Insider, May 2019. https://markets.businessinsider.com/currencies/news/btc-binance-suffers-40-million-hack-2019-5-1028182318
Reed, D., Sporny, M.: Decentralized Identifiers (DIDs) v0.11. Draft community group report 09 July 2018, W3C, July 2018. https://w3c-ccg.github.io/did-spec/
Rescorla, D.: The Transport Layer Security (TLS) Protocol Version 1.3, August 2018. https://tools.ietf.org/html/rfc8446, IETF Standard RFC8446
Riegelnig, D.: OpenVASP: An Open Protocol to Implement FATF’s Travel Rule for Virtual Assets, November 2019. https://www.openvasp.org/wp-content/uploads/2019/11/OpenVasp_Whitepaper.pdf
Schoenberg, T., Robinson, M.: Bitcoin ATMs May Be Used to Launder Money. Bloomberg, December 2018. https://www.bloomberg.com/features/2018-bitcoin-atm-money-laundering/
Smith, N. (ed.): TCG Attestation Framework. TCG Draft Specification - Version 1.0, Trusted Computing Group, February 2020
Sporny, M., Longley, D., Chadwick, D.: Verifiable Credentials Data Model 1.0. W3C Recommendation, W3C, November 2019. https://www.w3.org/TR/verifiable-claims-data-model
Su, J.: Hackers Stole Over 4 Billion From Crypto Crimes In 2019 So Far, Up From 1.7 Billion In All Of 2018. Forbes, August 2019. https://www.forbes.com/sites/jeanbaptiste/2019/08/15/hackers-stole-over-4-billion-from-crypto-crimes-in-2019-so-far
Trusted Computing Group: TPM Main - Specification Version 1.2. TCG Published Specification, Trusted Computing Group, October 2003. http://www.trustedcomputinggroup.org/ resources/ tpm_main_specification
Acknowledgement
We thank the following for various inputs, discussions and comments: Sandy Pentland and Alexander Lipton (MIT); Ned Smith (Intel); Anne Wallwork (US Treasury); Dave Jevans, John Jefferies (CipherTrace); David Riegelnig (Bitcoin Suisse); Aanchal Malhotra (Ripple); Justin Newton (NetKi); Eve Maler (ForgeRock); Justin Richer (Bespoke Engineering); Nat Sakimura (OIF).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Hardjono, T. (2020). Development of Trust Infrastructures for Virtual Asset Service Providers. In: Boureanu, I., et al. Computer Security. ESORICS 2020. Lecture Notes in Computer Science(), vol 12580. Springer, Cham. https://doi.org/10.1007/978-3-030-66504-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-66504-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66503-6
Online ISBN: 978-3-030-66504-3
eBook Packages: Computer ScienceComputer Science (R0)