WO2020110077A1 - Holder for cryptocurrency storage devices - Google Patents

Holder for cryptocurrency storage devices Download PDF

Info

Publication number
WO2020110077A1
WO2020110077A1 PCT/IB2019/060319 IB2019060319W WO2020110077A1 WO 2020110077 A1 WO2020110077 A1 WO 2020110077A1 IB 2019060319 W IB2019060319 W IB 2019060319W WO 2020110077 A1 WO2020110077 A1 WO 2020110077A1
Authority
WO
WIPO (PCT)
Prior art keywords
storage device
token storage
cryptocurrency
cryptocurrency token
holder
Prior art date
Application number
PCT/IB2019/060319
Other languages
French (fr)
Inventor
Keith Derrick KOURIE
Original Assignee
Ceevo Blockchain Venture Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ceevo Blockchain Venture Ltd. filed Critical Ceevo Blockchain Venture Ltd.
Publication of WO2020110077A1 publication Critical patent/WO2020110077A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • THIS invention relates to a holder for cryptocurrency storage devices, and in particular a holder for cryptocurrency hardware wallets.
  • a cryptocurrency is a digital asset designed to work as a medium of exchange that uses strong cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets.
  • Cryptocurrencies use decentralization as opposed to centralized digital currency and central banking systems.
  • each cryptocurrency works through distributed ledger technology, typically a blockchain, that serves as a public financial transaction database.
  • Bitcoin first released as open-source software in 2009 by pseudonymous developer Satoshi Nakamoto, is generally considered the first decentralized cryptocurrency.
  • Bitcoin uses SHA-256, a cryptographic hash function, as its proof-of-work scheme.
  • Other cryptocurrencies use other cryptographic schemes, with LiteCoin, for example, being the first successful cryptocurrency to use scrypt as its hash function instead of SHA-256.
  • a blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash function pointer as a link to a previous block, a timestamp and transaction data. By design, blockchains are inherently resistant to modification of the data. It is an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way.
  • a blockchain For use as a distributed ledger, a blockchain is typically managed by a peer-to-peer network, collectively adhering to a protocol for validating new blocks.
  • the bitcoin blockchain is thus a data file that carries the records of all past bitcoin transactions, including the creation of new bitcoin units. It is often referred to as the ledger of the bitcoin system. There is a total of 21 million bitcoins that can be mined of which almost 18 million were in circulation as of October 2019. There are a little over 3 million bitcoins left that are not in circulation yet.
  • a cryptocurrency wallet stores the public and private keys or "addresses" which are used to receive and spend a cryptocurrency. With the private key, it is possible to write in the public ledger, effectively spending the associated cryptocurrency. With the public key, it is possible for others to send currency.
  • a wallet can contain multiple public and private key pairs. As described above, the cryptocurrency is decentrally stored and maintained in a publicly available ledger called the blockchain. Every piece of cryptocurrency has a private key. With the private key, it is possible to digitally sign a transaction and write it in the public ledger, effectively spending the associated cryptocurrency.
  • a backup of a cryptocurrency wallet can come in different forms, as follows:
  • a private key itself such as:
  • a cryptocurrency wallet can itself come in different forms, as follows:
  • a software wallet in which, in one version, an application is installed locally on a computer, telephone or tablet.
  • the private keys are managed by a trusted third party.
  • cryptocurrency exchanges link the user's wallet to their centrally managed wallet/s.
  • a hardware wallet which is more the focus of the present invention, and which are generally considered secure, because the private keys never leave the physical wallet i.e. the private keys are born (created), live (transaction signing) and die (deleted) inside the hardware wallet.
  • the private keys remain safe inside the hardware wallet, and without the private key, a signed transaction cannot be altered successfully.
  • hardware wallets typically use a mnemonic list of words to enable the root key to be generated, from which all the private keys can be recreated; this in turn requires users to write down these words and store them in a separate physical location. This is cumbersome, impractical and insecure for most people.
  • a watch-only wallet to enable someone to keep track of all transactions. Only the address (public key) is needed, and thus the private key can be kept safe in another location.
  • a multisignature wallet in which multiple users have to sign (with each of their private keys) for a transaction out of that wallet (public key address).
  • cryptocurrency unlike most traditional currencies, is a digital currency.
  • the approach to this kind of currency is completely different, particularly when it comes to acquiring and storing it.
  • cryptocurrencies do not exist in any physical shape or form, they cannot technically be stored anywhere. Instead, a so-called private key is used to access a public cryptocurrency address and sign for transactions, and thus it is the private key that needs to be securely stored. It is thus a combination of the recipient’s public key and a private key that makes a cryptocurrency transaction possible.
  • a secure private key is generated when the hardware wallet is first enabled/set up by the user.
  • the user has the option to create a backup of the device to allow the recreation of the private key, should the user lose the device, or should the device get destroyed. This is done by the device creating 12 to 24 random words (known as seeds) that the user needs to write down in the order displayed on the device, as described above. Should the user need to set up a new device, it uses the random words in the correct sequence to re-create the private key. The user then again has access to his/her cryptocurrency assets as the original private key has been restored and can be used to again sign cryptocurrency transactions.
  • the investor is solely responsible for the safe and secure storage of the recovery seeds as anyone who has access to them can recreate the investor’s private key and hence transfer their assets as if they were the investor themselves;
  • Man-in-the-middle attacks with a number of consumer-grade hardware wallets on the market having been shown to be vulnerable to such attacks.
  • a man-in-the-middle attack occurs when malware on an end- user’s computer changes the destination wallet address when sending or receiving funds, thereby stealing cryptocurrency assets by having them diverted to a different wallet address than that which was intended by the user.
  • Some cryptocurrency traders opt to store their hardware wallets at a cryptocurrency friendly bank, in a safety deposit box environment, with the random words to recreate the private key in separate safety deposit boxes.
  • the current landscape surrounding cryptocurrency storage has several problems and/or shortcomings. These will be separated below into corporate cryptocurrency storage (i.e. custodian services) and personal cryptocurrency storage.
  • Coinbase Vault can receive funds like a normal wallet, and can also prevent stored funds from being immediately withdrawn by adding optional security steps.
  • institutions do not take custody of cryptocurrency assets, but instead they take custody of private keys.
  • Existing solutions do not support this, but instead transfer cryptocurrency assets to another wallet address.
  • This recovery phrase, or“private seed” represents a major vulnerability for hardware wallet users. Even if the hardware walled device itself is not stolen, anyone with this recovery phrase can gain access to the user’s private key, by just recreating the private key using the“private seed” on another device. Once the private key has been recreated, the cryptocurrency assets can be transferred to another wallet and the assets are lost forever.
  • a holder for cryptocurrency token storage devices comprising: a plurality of bays, each being arranged to accommodate a cryptocurrency token storage device; and a controller unit to monitor, operate and record each cryptocurrency token storage device within the bays.
  • the cryptocurrency token storage device includes at least one chip, such as a HSM (Hardware Security Module), to define an ultra-secure cryptocurrency token storage device for the storage of cryptocurrency tokens securely, with each bay (or a group of bays) accordingly including an interface to communicate with the cryptocurrency token storage device within the bay (either wired or wirelessly).
  • HSM Hardware Security Module
  • the controller unit is arranged to communicate with the cryptocurrency token storage devices within the bay.
  • a holder sub-component is provided to define a plurality of bays.
  • the holder takes the form of a rack to accommodate a multiplicity of the holder sub-components, each rack typically having a controller unit to monitor, operate and record each cryptocurrency token storage device within the bays.
  • a token server is provided, to accommodate a plurality of the racks.
  • the controller unit in each holder communicates with a central system, which communicates and operates each cryptocurrency token storage device within the bays.
  • the central system includes an operational module and related processor to perform various tasks with each cryptocurrency token storage device within the bays.
  • the central system includes a database and related processor, with the database recording details of the user of each cryptocurrency token storage device within the bays.
  • the system may include an enrolment module to manage an enrolment procedure when a cryptocurrency token storage device is created and issued to the user.
  • Figure 1 shows a perspective view of a holder rack for a cryptocurrency token storage device, according to a first aspect of the invention
  • Figure 2 shows a perspective view of a holder sub-component for the holder rack shown in Figure 1 ;
  • Figure 3 shows a front view of a token server for accommodating a plurality of the holder racks shown in Figure 1 ;
  • Figure 4 shows a functional block diagram of a central system, according to a second aspect of the invention;
  • Figure 5 shows a top view of a holder rack for a cryptocurrency token storage device, according to a third aspect of the invention.
  • Figure 6 shows a perspective view of a holder sub-component for the holder rack shown in Figure 5.
  • a holder 10 for cryptocurrency token storage devices 12 is shown.
  • a holder sub-component 14 is provided to define a plurality of bays 16, each bay 16 being able to accommodate a cryptocurrency token storage device 12.
  • the holder sub-component 14 defines 24 bays 16, 12 bays 16 on either side of a divider 20, with adjacent pairs of cryptocurrency token storage devices 12, on either side of the divider 20, facing each other.
  • the cryptocurrency token storage devices 12 are orientated substantially vertically within the bays 16.
  • the holder 10 takes the form of a rack 22 to accommodate a multiplicity of the holder sub-components 14.
  • Each rack 22 typically has a controller unit 24 to monitor, operate, manage and record each cryptocurrency token storage device 12 within the bays 16 (as best shown in Figure 1 ).
  • a token server 26 is provided, to accommodate a plurality of the racks 22, as shown in Figure 3.
  • each bay 16 accordingly includes an interface 28 to communicate with the cryptocurrency token storage device 12 within the bay 16 (either wired or wirelessly).
  • the interface 28 in turn communicates with the controller unit 24, again either wired or wirelessly, as will be explained in more detail further below.
  • the interface 28 is arranged to communicate with a plurality of cryptocurrency token storage device 12 within a plurality of bays 16.
  • a holder 10’ for cryptocurrency token storage devices 12’ is shown.
  • a holder sub-component 14’ is provided to define a plurality of bays 16’ (only one of which is shown in Figure 6), each bay 16’ being able to accommodate one or more crypto currency token storage devices 12.
  • the cryptocurrency token storage devices 12 are orientated substantially horizontally, within the bays 16’, in a row along the length of the holder sub-component 14’.
  • the holder 10’ takes the form of a rack 22’ to accommodate a plurality of the holder sub-components 14’.
  • 4 holder sub-components 14’ are arranged on one side of a controller unit 24’ and 3 holder sub-components 14’ are arranged on the other side of the controller unit 24’.
  • a power supply component 25 is also provided, to complete the rack 22’.
  • any other configuration may be used.
  • the controller unit 24’ is arranged to monitor, operate, manage and record each cryptocurrency token storage device 12 within the bays 16’ (as best shown in Figure 5).
  • a token server (similar to the token server 26 in Figure 3) is provided to accommodate a plurality of the racks 22’.
  • Each bay 16’ accordingly includes an interface 28’ to communicate with the cryptocurrency token storage device 12 within the bay 16’ (either wired or wirelessly).
  • the interface 28’ in turn communicates with the controller unit 24’, again either wired or wirelessly, as will be explained in more detail further below.
  • the interface 28’ is arranged to communicate with a plurality of cryptocurrency token storage device 12 within a plurality of bays 16’.
  • the cryptocurrency token storage device 12 includes at least one chip, such as a HSM (Hardware Security Module), to define an ultra-secure cryptocurrency token storage device 12 for the storage of cryptocurrency tokens securely.
  • HSM Hardware Security Module
  • a HSM is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. Within the context of the present invention, the HSM facilitates in the secure monitoring, operational, management and recording of the cryptocurrency token storage devices 12.
  • the holders 10, 10’ and in particular the controller units 24, 24’ in each holder rack 22, 22’ communicate with an operational system 30 via a communications network 32.
  • the operational system 30 includes a processor 34 and a related memory device 36 that contains instructions for the processor 34.
  • the operational system 30 performs and manages various tasks, including but not limited to managing the enrolment of a cryptocurrency token storage device 12 when one is issued to a user 38 (which will be described in more detail further below), monitoring and reporting on the status of each cryptocurrency token storage device 12 to the user 38, and managing transaction signing in respect of each cryptocurrency token storage device 12 within the bays 16, 16’.
  • the operational system 30 further includes a database 40 to record details of the owner or user of each cryptocurrency token storage device 12 within the bays 16, 16’, and data and information related to the tasks performed by the operational system 30.
  • the communications network 32 may comprise one or more different types of communication networks.
  • the communication networks may be one or more of the Internet, a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), various types of telephone networks (e.g., Public Switch Telephone Networks (PSTN) with Digital Subscriber Line (DSL) technology) or mobile networks (e.g., Global System Mobile (GSM) communication, General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), and other suitable mobile telecommunication network technologies), or any combination thereof.
  • PSTN Public Switch Telephone Networks
  • DSL Digital Subscriber Line
  • GSM Global System Mobile
  • GPRS General Packet Radio Service
  • CDMA Code Division Multiple Access
  • Wi-Fi® wireless fidelity
  • 4G 4G
  • WiMAX WiMAX
  • 5G 5th Generation
  • Wi-Fi® wireless fidelity
  • 4G 4G
  • LTETM long-term evolution
  • WiMAX 5G
  • 5G 5th Generation
  • the operational system 30 includes an enrolment system 42 to manage an enrolment procedure when a cryptocurrency token storage device 12 is created and issued to a user 38.
  • private keys are generated by the cryptocurrency token storage device 12, upon enrolment, with the processor 34 being arranged to detect the insertion of the cryptocurrency token storage device 12 into one of the bays 16, 16’, and record details of the owner or user 38 of each cryptocurrency token storage device 12 within the bays 16, 16’ in the database 40.
  • a new cryptocurrency token storage device 12 is issued to a user 38, typically at the start of a custodianship arrangement between a service provider of the invention and the user 38, and after the enrolment procedure, the cryptocurrency token storage device 12 with the newly created private key is physically inserted into one of the bays 16, 16’. This insertion is preferably done by the user 38 himself or in front of the user by authorised personnel 42. Confirmation of the secured insertion of the cryptocurrency token storage device 12 into the bays 16, 16’ is recorded on the database 32 and provided to the user 38.
  • the operational system 30 further includes a status monitoring system 46 to monitor the status (and in particular any change in the status) of each cryptocurrency token storage device 12 within the bays 16, 16’.
  • the status monitoring system 46 records the status of each cryptocurrency token storage device 12 in the database 40.
  • the status of the user’s cryptocurrency token storage device 12 may be viewed by the user 38 at any time, either online or via a bespoke software application (‘app’) on a mobile device 44 associated with the user 38, which is in communication with the operational system 30 to access data, securely, on the database 40 in respect of his/her cryptocurrency token storage device 12.
  • apps bespoke software application
  • the cryptocurrency token storage device 12 with the private key securely embedded is physically removed from the relevant bay 16, 16’, and handed over to the user 38. Again, this removal is ideally done by the user 38 himself or in front of the user 38 by authorised personnel 42. Confirmation of the removal of the cryptocurrency token storage device 12 from the bay 16, 16’ is recorded on the database 40 and provided to the user 38. Once the user 38 takes back the private keys, it falls on them to take proper care to safeguard their private key.
  • the user knows that the cryptocurrency token storage device is being securely kept by the host, and hence always knows the location of the private keys.
  • the invention essentially removes the user’s responsibility to manage their recovery seed or private key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A holder for cryptocurrency token storage devices is provided, the holder comprising a plurality of bays, each bay being arranged to accommodate a cryptocurrency token storage device; and a controller unit to monitor, operate and record each cryptocurrency token storage device within the bays. The cryptocurrency token storage device includes at least one chip to define an ultra-secure cryptocurrency token storage device for the secure storage of cryptocurrency tokens, with each bay or group of bays including an interface to communicate with the cryptocurrency token storage device within the bay. The invention extends to a system for managing the enrolment of a cryptocurrency token storage device to be issued to a user.

Description

HOLDER FOR CRYPTOCURRENCY STORAGE DEVICES
FIELD OF INVENTION
THIS invention relates to a holder for cryptocurrency storage devices, and in particular a holder for cryptocurrency hardware wallets.
BACKGROUND OF INVENTION
A cryptocurrency is a digital asset designed to work as a medium of exchange that uses strong cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets. Cryptocurrencies use decentralization as opposed to centralized digital currency and central banking systems.
The decentralized control of each cryptocurrency works through distributed ledger technology, typically a blockchain, that serves as a public financial transaction database.
Bitcoin
Bitcoin, first released as open-source software in 2009 by pseudonymous developer Satoshi Nakamoto, is generally considered the first decentralized cryptocurrency. The creators’ original motivation behind bitcoin was to develop a cash-like payment system that permitted electronic transactions but that also included many of the advantageous characteristics of physical cash. Bitcoin is a virtual, digital monetary unit and therefore has no physical representation.
Since the release of bitcoin, many other altcoins (alternative variants of bitcoin, or other cryptocurrencies) have been created, and continue to be created. Bitcoin uses SHA-256, a cryptographic hash function, as its proof-of-work scheme. Other cryptocurrencies use other cryptographic schemes, with LiteCoin, for example, being the first successful cryptocurrency to use scrypt as its hash function instead of SHA-256.
As of May 2018, over 1 ,800 cryptocurrency specifications existed. Within a cryptocurrency system, the safety, integrity and balance of the ledger is maintained by a community of parties referred to as miners, who use their computers to help validate and timestamp transactions, adding them to the ledger in accordance with a particular consensus scheme.
Blockchain
The validity of each cryptocurrency's coins is provided by a blockchain. A blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash function pointer as a link to a previous block, a timestamp and transaction data. By design, blockchains are inherently resistant to modification of the data. It is an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way.
For use as a distributed ledger, a blockchain is typically managed by a peer-to-peer network, collectively adhering to a protocol for validating new blocks.
The bitcoin blockchain is thus a data file that carries the records of all past bitcoin transactions, including the creation of new bitcoin units. It is often referred to as the ledger of the bitcoin system. There is a total of 21 million bitcoins that can be mined of which almost 18 million were in circulation as of October 2019. There are a little over 3 million bitcoins left that are not in circulation yet.
Cryptocurrencv Wallet
A cryptocurrency wallet stores the public and private keys or "addresses" which are used to receive and spend a cryptocurrency. With the private key, it is possible to write in the public ledger, effectively spending the associated cryptocurrency. With the public key, it is possible for others to send currency. A wallet can contain multiple public and private key pairs. As described above, the cryptocurrency is decentrally stored and maintained in a publicly available ledger called the blockchain. Every piece of cryptocurrency has a private key. With the private key, it is possible to digitally sign a transaction and write it in the public ledger, effectively spending the associated cryptocurrency.
A backup of a cryptocurrency wallet can come in different forms, as follows:
1. An encrypted file, like wallet.dat or wallet.bin, which contains all the private keys.
2. A mnemonic sentence from which the root key can be generated, from which all the private keys can be recreated. Preferably these words could be remembered or written down and stored in other physical locations.
3. A private key itself, such as:
KxSRZnttMtVhe17SX5FhPqWpKAEgMT9T3R6Eferj3sx5frM6obqA.
Significantly, when the private keys and the backup are lost, then that cryptocurrency is lost forever.
A cryptocurrency wallet can itself come in different forms, as follows:
1. A software wallet, in which, in one version, an application is installed locally on a computer, telephone or tablet. In another version, namely a web wallet, the private keys are managed by a trusted third party. In yet another version, cryptocurrency exchanges link the user's wallet to their centrally managed wallet/s.
2. A hardware wallet, which is more the focus of the present invention, and which are generally considered secure, because the private keys never leave the physical wallet i.e. the private keys are born (created), live (transaction signing) and die (deleted) inside the hardware wallet. The private keys remain safe inside the hardware wallet, and without the private key, a signed transaction cannot be altered successfully. However, hardware wallets typically use a mnemonic list of words to enable the root key to be generated, from which all the private keys can be recreated; this in turn requires users to write down these words and store them in a separate physical location. This is cumbersome, impractical and insecure for most people. 3. A watch-only wallet, to enable someone to keep track of all transactions. Only the address (public key) is needed, and thus the private key can be kept safe in another location.
4. A multisignature wallet, in which multiple users have to sign (with each of their private keys) for a transaction out of that wallet (public key address).
Security Risk
As cryptocurrencies continue to become more popular, there is an increasing need for security measures designed to help keep cryptocurrency wallets and investment portfolios safe. This has become very important in the wake of targeted attacks at specific cryptocurrency exchanges, wallet providers and holders. The onus also lies on users and investors to keep their cryptocurrency investments safe and secure. Unfortunately, individuals themselves are often the weakest link in cryptocurrency security, with it being relatively easy to hack a cryptocurrency user and/or investor’s wallet and move their assets if they are careless. The reality is that once a cryptocurrency wallet is left open and vulnerable,“crypto thieves” can compromise the cryptocurrency assets, and the funds can never be recovered.
As already indicated above, cryptocurrency, unlike most traditional currencies, is a digital currency. Thus, the approach to this kind of currency is completely different, particularly when it comes to acquiring and storing it. Since cryptocurrencies do not exist in any physical shape or form, they cannot technically be stored anywhere. Instead, a so-called private key is used to access a public cryptocurrency address and sign for transactions, and thus it is the private key that needs to be securely stored. It is thus a combination of the recipient’s public key and a private key that makes a cryptocurrency transaction possible.
There have been several cases of cryptocurrency theft, typically involving the obtaining or accessing of the private key to a victim's address. If the private key is stolen, all the cryptocurrency from the compromised address can be transferred. In that case, the network does not have any provisions to identify the thief, block further transactions of those stolen bitcoins, or return them to the legitimate owner. Current Solutions
Most professional cryptocurrency investors use custom designed hardware wallets, of the type described above, to store their cryptocurrency assets. Using a specific method designed by the manufacturer, a secure private key is generated when the hardware wallet is first enabled/set up by the user. During the setup process, the user has the option to create a backup of the device to allow the recreation of the private key, should the user lose the device, or should the device get destroyed. This is done by the device creating 12 to 24 random words (known as seeds) that the user needs to write down in the order displayed on the device, as described above. Should the user need to set up a new device, it uses the random words in the correct sequence to re-create the private key. The user then again has access to his/her cryptocurrency assets as the original private key has been restored and can be used to again sign cryptocurrency transactions.
However, there are three significant risks with hardware wallets on the market today, as follows:
1. If an investor loses the hardware wallet itself and loses the recovery seeds to their hardware wallet private key, they lose their cryptocurrency assets forever;
2. The investor is solely responsible for the safe and secure storage of the recovery seeds as anyone who has access to them can recreate the investor’s private key and hence transfer their assets as if they were the investor themselves; and
3. Man-in-the-middle attacks, with a number of consumer-grade hardware wallets on the market having been shown to be vulnerable to such attacks. A man-in-the-middle attack occurs when malware on an end- user’s computer changes the destination wallet address when sending or receiving funds, thereby stealing cryptocurrency assets by having them diverted to a different wallet address than that which was intended by the user. Some cryptocurrency traders opt to store their hardware wallets at a cryptocurrency friendly bank, in a safety deposit box environment, with the random words to recreate the private key in separate safety deposit boxes.
Problem Statement
The current landscape surrounding cryptocurrency storage, as described above, has several problems and/or shortcomings. These will be separated below into corporate cryptocurrency storage (i.e. custodian services) and personal cryptocurrency storage.
Corporate Cryptocurrencv Storaqe/Custodian Services
One of the main obstacles to institutional investors entering the cryptocurrency market is the lack of custodian services. High-profile hacks and the fact that losing the private key means losing the related crypto currency assets, has made these investors reluctant to participate in the cryptocurrency market. In terms of existing corporate cryptocurrency storage solutions, Coinbase Vault can receive funds like a normal wallet, and can also prevent stored funds from being immediately withdrawn by adding optional security steps.
In addition, institutions do not take custody of cryptocurrency assets, but instead they take custody of private keys. Significantly, within the context of the present invention, this means that once custody ends, it is critical to be able to hand back the original digital private key, prove that the digital private key has indeed been handed back and prove that no copies and/or backups of the original digital private key exist. Existing solutions do not support this, but instead transfer cryptocurrency assets to another wallet address.
Personal Cryptocurrencv Storage
One segment of the cryptocurrency financial industry that has all too often been neglected, has been cryptocurrency token storage and security. The way private and public keys are stored has remained largely unchanged since the very first hardware wallets were assembled, and the complexities of today’s wallets mean that small mistakes made by non-technically minded users can spell vulnerability for funds. Cryptocurrency storage and payment solutions ought to be just as efficient and user-friendly as asset management solutions in the fiat-based economy.
Over the last few years, a number of hardware wallet brands have come to dominate the market. While these may have been adequate devices for an early adopter economy, recent trends towards the mainstreaming of blockchain mean that hardware wallets must begin to meet the needs of regular, often not very technically- minded users.
At the moment, setting up a hardware wallet is far from intuitive. New users may be surprised to learn that the most important part of the legacy hardware wallet package is not the device itself, but rather a little piece of paper, dubbed“a recovery sheet”. Having spent USD100 plus (plus shipment) on a hardware wallet device, the user learns that the entire security of their funds depends on properly copying down (writing) and storing of a 12 to 24-word recovery phrase on a piece of paper, as described above.
This recovery phrase, or“private seed” represents a major vulnerability for hardware wallet users. Even if the hardware walled device itself is not stolen, anyone with this recovery phrase can gain access to the user’s private key, by just recreating the private key using the“private seed” on another device. Once the private key has been recreated, the cryptocurrency assets can be transferred to another wallet and the assets are lost forever.
Experienced users are happy to store this recovery sheet in a place like a home safe or a safe deposit box. New entrants into the cryptocurrency economy see taking such responsibility over one’s funds as an unnecessary hassle. In addition, for new users, the learning curve required to invest in the cryptocurrency markets is steep, presenting a significant barrier to entry. Thus, being able to address issues regarding eliminating the need to learn how to setup a trading account, how to fund an account, how to trade, how to transfer their assets, how to secure their assets, how to use hardware wallets, etc. will make the cryptocurrency markets accessible to the man-on-the-street, thereby creating an entirely new customer base and market. Users need assurance that their investments are safe, and in particular, that when the custody of a user’s private key at an institution ends, that the private key is securely handed back to the user and the user is confident that no copies and/or backups of the private key exist. It is therefore the aim of the present invention to provide a holder for cryptocurrency token storage devices to achieve this.
SUMMARY OF INVENTION
According to the invention there is provided a holder for cryptocurrency token storage devices, the holder comprising: a plurality of bays, each being arranged to accommodate a cryptocurrency token storage device; and a controller unit to monitor, operate and record each cryptocurrency token storage device within the bays.
In an embodiment, the cryptocurrency token storage device includes at least one chip, such as a HSM (Hardware Security Module), to define an ultra-secure cryptocurrency token storage device for the storage of cryptocurrency tokens securely, with each bay (or a group of bays) accordingly including an interface to communicate with the cryptocurrency token storage device within the bay (either wired or wirelessly).
In an embodiment, the controller unit is arranged to communicate with the cryptocurrency token storage devices within the bay.
In an embodiment, a holder sub-component is provided to define a plurality of bays. In one version, the holder takes the form of a rack to accommodate a multiplicity of the holder sub-components, each rack typically having a controller unit to monitor, operate and record each cryptocurrency token storage device within the bays. In one version, a token server is provided, to accommodate a plurality of the racks. In an embodiment, the controller unit in each holder communicates with a central system, which communicates and operates each cryptocurrency token storage device within the bays.
In an embodiment, the central system includes an operational module and related processor to perform various tasks with each cryptocurrency token storage device within the bays.
In an embodiment, the central system includes a database and related processor, with the database recording details of the user of each cryptocurrency token storage device within the bays.
In an embodiment, the system may include an enrolment module to manage an enrolment procedure when a cryptocurrency token storage device is created and issued to the user.
BRIEF DESCRIPTION OF DRAWINGS
The objects of this invention and the manner of obtaining them, will become more apparent, and the invention itself will be better understood, by reference to the following description of embodiments of the invention taken in conjunction with the accompanying diagrammatic drawings, wherein:
Figure 1 shows a perspective view of a holder rack for a cryptocurrency token storage device, according to a first aspect of the invention;
Figure 2 shows a perspective view of a holder sub-component for the holder rack shown in Figure 1 ;
Figure 3 shows a front view of a token server for accommodating a plurality of the holder racks shown in Figure 1 ; Figure 4 shows a functional block diagram of a central system, according to a second aspect of the invention;
Figure 5 shows a top view of a holder rack for a cryptocurrency token storage device, according to a third aspect of the invention; and
Figure 6 shows a perspective view of a holder sub-component for the holder rack shown in Figure 5.
DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS
The following description of the invention is provided as an enabling teaching of the invention. Those skilled in the relevant art will recognise that many changes can be made to the embodiment described, while still attaining the beneficial results of the present invention. It will also be apparent that some of the desired benefits of the present invention can be attained by selecting some of the features of the present invention without utilising other features. Accordingly, those skilled in the art will recognise that modifications and adaptations to the present invention are possible and can even be desirable in certain circumstances, and are a part of the present invention. Thus, the following description is provided as illustrative of the principles of the present invention and not a limitation thereof.
Referring first to Figures 1 to 3, a holder 10 for cryptocurrency token storage devices 12 is shown. In an embodiment, a holder sub-component 14 is provided to define a plurality of bays 16, each bay 16 being able to accommodate a cryptocurrency token storage device 12. In one version, as shown in Figure 2, the holder sub-component 14 defines 24 bays 16, 12 bays 16 on either side of a divider 20, with adjacent pairs of cryptocurrency token storage devices 12, on either side of the divider 20, facing each other. In this version, the cryptocurrency token storage devices 12 are orientated substantially vertically within the bays 16.
In one version, the holder 10 takes the form of a rack 22 to accommodate a multiplicity of the holder sub-components 14. Each rack 22 typically has a controller unit 24 to monitor, operate, manage and record each cryptocurrency token storage device 12 within the bays 16 (as best shown in Figure 1 ). In one version, a token server 26 is provided, to accommodate a plurality of the racks 22, as shown in Figure 3.
Typically, each bay 16 accordingly includes an interface 28 to communicate with the cryptocurrency token storage device 12 within the bay 16 (either wired or wirelessly). The interface 28 in turn communicates with the controller unit 24, again either wired or wirelessly, as will be explained in more detail further below. In one version, the interface 28 is arranged to communicate with a plurality of cryptocurrency token storage device 12 within a plurality of bays 16.
In another version, as shown in Figures 5 and 6, a holder 10’ for cryptocurrency token storage devices 12’ is shown. In an embodiment, a holder sub-component 14’ is provided to define a plurality of bays 16’ (only one of which is shown in Figure 6), each bay 16’ being able to accommodate one or more crypto currency token storage devices 12. In this version, the cryptocurrency token storage devices 12 are orientated substantially horizontally, within the bays 16’, in a row along the length of the holder sub-component 14’.
In one version, the holder 10’ takes the form of a rack 22’ to accommodate a plurality of the holder sub-components 14’. In the embodiment shown in Figure 5, 4 holder sub-components 14’ are arranged on one side of a controller unit 24’ and 3 holder sub-components 14’ are arranged on the other side of the controller unit 24’. A power supply component 25 is also provided, to complete the rack 22’. Clearly, any other configuration may be used.
As indicated above, the controller unit 24’ is arranged to monitor, operate, manage and record each cryptocurrency token storage device 12 within the bays 16’ (as best shown in Figure 5). As with the version shown in Figures 1 and 2, a token server (similar to the token server 26 in Figure 3) is provided to accommodate a plurality of the racks 22’. Each bay 16’ accordingly includes an interface 28’ to communicate with the cryptocurrency token storage device 12 within the bay 16’ (either wired or wirelessly). The interface 28’ in turn communicates with the controller unit 24’, again either wired or wirelessly, as will be explained in more detail further below. In one version, the interface 28’ is arranged to communicate with a plurality of cryptocurrency token storage device 12 within a plurality of bays 16’.
In an embodiment, the cryptocurrency token storage device 12 includes at least one chip, such as a HSM (Hardware Security Module), to define an ultra-secure cryptocurrency token storage device 12 for the storage of cryptocurrency tokens securely.
A HSM is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. Within the context of the present invention, the HSM facilitates in the secure monitoring, operational, management and recording of the cryptocurrency token storage devices 12.
In an embodiment, as shown schematically in Figure 4, the holders 10, 10’ and in particular the controller units 24, 24’ in each holder rack 22, 22’ communicate with an operational system 30 via a communications network 32. The operational system 30 includes a processor 34 and a related memory device 36 that contains instructions for the processor 34. The operational system 30 performs and manages various tasks, including but not limited to managing the enrolment of a cryptocurrency token storage device 12 when one is issued to a user 38 (which will be described in more detail further below), monitoring and reporting on the status of each cryptocurrency token storage device 12 to the user 38, and managing transaction signing in respect of each cryptocurrency token storage device 12 within the bays 16, 16’.
The operational system 30 further includes a database 40 to record details of the owner or user of each cryptocurrency token storage device 12 within the bays 16, 16’, and data and information related to the tasks performed by the operational system 30. The communications network 32 may comprise one or more different types of communication networks. In this regard, the communication networks may be one or more of the Internet, a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), various types of telephone networks (e.g., Public Switch Telephone Networks (PSTN) with Digital Subscriber Line (DSL) technology) or mobile networks (e.g., Global System Mobile (GSM) communication, General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), and other suitable mobile telecommunication network technologies), or any combination thereof. It will be noted that communication within the network may achieved via suitable wireless or hard-wired communication technologies and/or standards (e.g., wireless fidelity (Wi-Fi®), 4G, long-term evolution (LTE™), WiMAX, 5G, and the like).
The operational system 30 includes an enrolment system 42 to manage an enrolment procedure when a cryptocurrency token storage device 12 is created and issued to a user 38. As described above, private keys are generated by the cryptocurrency token storage device 12, upon enrolment, with the processor 34 being arranged to detect the insertion of the cryptocurrency token storage device 12 into one of the bays 16, 16’, and record details of the owner or user 38 of each cryptocurrency token storage device 12 within the bays 16, 16’ in the database 40.
In use, when a new cryptocurrency token storage device 12 is issued to a user 38, typically at the start of a custodianship arrangement between a service provider of the invention and the user 38, and after the enrolment procedure, the cryptocurrency token storage device 12 with the newly created private key is physically inserted into one of the bays 16, 16’. This insertion is preferably done by the user 38 himself or in front of the user by authorised personnel 42. Confirmation of the secured insertion of the cryptocurrency token storage device 12 into the bays 16, 16’ is recorded on the database 32 and provided to the user 38.
The operational system 30 further includes a status monitoring system 46 to monitor the status (and in particular any change in the status) of each cryptocurrency token storage device 12 within the bays 16, 16’. In an embodiment, the status monitoring system 46 records the status of each cryptocurrency token storage device 12 in the database 40. In one version, the status of the user’s cryptocurrency token storage device 12 may be viewed by the user 38 at any time, either online or via a bespoke software application (‘app’) on a mobile device 44 associated with the user 38, which is in communication with the operational system 30 to access data, securely, on the database 40 in respect of his/her cryptocurrency token storage device 12. At the end of the custodianship arrangement between the service provider of the invention and the user 38, the cryptocurrency token storage device 12 with the private key securely embedded is physically removed from the relevant bay 16, 16’, and handed over to the user 38. Again, this removal is ideally done by the user 38 himself or in front of the user 38 by authorised personnel 42. Confirmation of the removal of the cryptocurrency token storage device 12 from the bay 16, 16’ is recorded on the database 40 and provided to the user 38. Once the user 38 takes back the private keys, it falls on them to take proper care to safeguard their private key.
The advantages of the holder described above are numerous, and include at least the following:
1. The user knows that the private keys are being securely kept within the cryptocurrency token storage device.
2. The user knows that the cryptocurrency token storage device is being securely kept by the host, and hence always knows the location of the private keys.
3. Any change in the status of the cryptocurrency token storage device will immediately be reported to the user, thus providing the user peace of mind.
4. The security protocols of the host will regularly be audited by trusted third parties.
5. The invention essentially removes the user’s responsibility to manage their recovery seed or private key.
6. After custody ends, the cryptocurrency token storage device is handed back to the user thus in effect handing the user’s private keys back to them. Because the user’s private keys were created and securely stored with the cryptocurrency token storage device only, no copies of the private key were (or could have been) made.

Claims

1. A holder for cryptocurrency token storage devices, the holder comprising: a plurality of bays, each bay being arranged to accommodate a cryptocurrency token storage device; and a controller unit to monitor, operate and record each cryptocurrency token storage device within the bays.
2. The holder of claim 1 , wherein the cryptocurrency token storage device includes at least one chip to define an ultra-secure cryptocurrency token storage device for the secure storage of cryptocurrency tokens, with each bay or group of bays including an interface to communicate with the cryptocurrency token storage device within the bay.
3. The holder of claim 2, wherein the controller unit is arranged to communicate with the cryptocurrency token storage devices within the bays via the interface associated with each bay.
4. The holder of claim 3, wherein a holder sub-component is provided to define a plurality of bays, with the holder taking the form of a rack to accommodate a plurality of the holder sub-components, each rack having a controller unit to monitor, operate and record each cryptocurrency token storage device within the bays via the interface associated with each bay.
5. The holder of claim 4, wherein the controller unit in each holder communicates with a managing system, which communicates with each cryptocurrency token storage device within the bays.
6. The holder of claim 5, wherein the managing system includes a processor to perform tasks in respect of each cryptocurrency token storage device within the bays, via the interface associated with each bay.
7. The holder of claim 6, wherein the managing system includes a database, with the database recording details of the owner of each cryptocurrency token storage device within the bays.
8. The holder of claim 6, wherein the managing system includes an enrolment system to manage an enrolment procedure when a cryptocurrency token storage device is created and issued to the owner.
9. A system for managing the enrolment of a cryptocurrency token storage device to be issued to a user, the system comprising: a holder comprising a plurality of bays, each bay being arranged to accommodate a cryptocurrency token storage device to be issued to the user, with a controller unit being provided to communicate with each cryptocurrency token storage device; and an enrolment system in communication with the controller unit, the enrolment system comprising: at least one processor; and a memory device containing instructions which when executed cause the processor to: detect the insertion of the cryptocurrency token storage device into one of the bays; and record confirmation of the insertion of the issued cryptocurrency token storage device in a database, and the related details of the user.
10. The system of claim 9, wherein the processor is further arranged to send a message to the user to confirm the safe insertion of the cryptocurrency token storage device into the bay.
1 1. The system of claim 9, wherein the system further includes a status monitoring system in communication with the controller unit, with the processor being arranged to monitor the status of the cryptocurrency token storage device, record the status in the database, detect a status change and to send a message to the user when there is a status change.
12. The system of claim 9, wherein the processor is arranged to detect the removal of the cryptocurrency token storage device from one of the bays, send a message to the user to confirm the removal of the cryptocurrency token storage device, and record the removal of the cryptocurrency token storage device in the database.
13. A computer-implemented method of managing the enrolment of a cryptocurrency token storage device to be issued to a user, the method comprising: communicating, by at least one processor, with a controller unit in a holder, the holder comprising a plurality of bays, each bay being arranged to accommodate a cryptocurrency token storage device to be issued to the user, with the controller unit being provided to communicate with each cryptocurrency token storage device; detecting, by at least one processor, the insertion of the cryptocurrency token storage device into one of the bays; and recording, by at least one processor, confirmation of the insertion of the issued cryptocurrency token storage device in a database, and the related details of the user.
14. The method of claim 13, which includes the step of sending a message, by at least one processor, to the user to confirm the safe insertion of the cryptocurrency token storage device into the bay.
15. The method of claim 13, which includes the step of monitoring, by at least one processor, the status of the crypto currency token storage device, recording the status in the database, detecting a status change and sending a message to the user when there is a status change.
16. The method of claim 13, which includes the step of detecting, by at least one processor, the removal of the cryptocurrency token storage device from one of the bays, sending, by at least one processor, a message to the user to confirm the removal of the cryptocurrency token storage device, and recording, by at least one processor, confirmation of the removal of the cryptocurrency token storage device in the database.
PCT/IB2019/060319 2018-11-29 2019-11-29 Holder for cryptocurrency storage devices WO2020110077A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862773015P 2018-11-29 2018-11-29
US62/773,015 2018-11-29

Publications (1)

Publication Number Publication Date
WO2020110077A1 true WO2020110077A1 (en) 2020-06-04

Family

ID=70853272

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2019/060319 WO2020110077A1 (en) 2018-11-29 2019-11-29 Holder for cryptocurrency storage devices

Country Status (1)

Country Link
WO (1) WO2020110077A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210194687A1 (en) * 2021-03-05 2021-06-24 Michael Heu Device and method of storing a seed phrase
WO2024127208A1 (en) * 2022-12-14 2024-06-20 Vaultavo Inc Digital custody transactions

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180083932A1 (en) * 2016-09-16 2018-03-22 Bank Of America Corporation Systems and devices for hardened remote storage of private cryptography keys used for authentication
US20180251301A1 (en) * 2017-03-03 2018-09-06 Bank Of America Corporation Cassette system for secure resource distribution

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180083932A1 (en) * 2016-09-16 2018-03-22 Bank Of America Corporation Systems and devices for hardened remote storage of private cryptography keys used for authentication
US20180251301A1 (en) * 2017-03-03 2018-09-06 Bank Of America Corporation Cassette system for secure resource distribution

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210194687A1 (en) * 2021-03-05 2021-06-24 Michael Heu Device and method of storing a seed phrase
US11973865B2 (en) * 2021-03-05 2024-04-30 Michael Heu Device and method of storing a seed phrase
WO2024127208A1 (en) * 2022-12-14 2024-06-20 Vaultavo Inc Digital custody transactions

Similar Documents

Publication Publication Date Title
EP3740923B1 (en) Multi-approval system using m of n keys to generate a transaction address
CN108389047B (en) Method for trading between parent chain and child chain in block chain and block chain network
Kim et al. Risk management to cryptocurrency exchange and investors guidelines to prevent potential threats
US20200067697A1 (en) Method for operating a blockchain
US8578176B2 (en) Method and apparatus for tokenization of sensitive sets of characters
JP5721086B2 (en) Management method of electronic money
US11824983B2 (en) Securing cryptographic data onto a physical medium
US20200082388A1 (en) Authenticating server and method for transactions on blockchain
US10783501B1 (en) Digital currency cash grid
KR101923943B1 (en) System and method for remitting crypto currency with enhanced security
WO2020110079A1 (en) Secure cryptocurrency storage system and method
WO2002095593A1 (en) Electronic information protection system in communication terminal device
WO2020110077A1 (en) Holder for cryptocurrency storage devices
US20210004791A1 (en) Guaranteeing server and method for transaction on blockchain
KR102376783B1 (en) The blockchain-based transaction history confirmation system
Prabhu et al. Decentralized digital currency system using Merkle Hash trees
KR102689322B1 (en) Method and system for certifying balance of digital asset
US20240073016A1 (en) Distributed digital wallet seed phrase
US20230252456A1 (en) Knowledge-based authentication for asset wallets
Schumacher Technology Choices and Design Options
Ravi et al. A Framework For Securing Online Transaction Through Block Chain
US20200342448A1 (en) Virtual currency data issuing system, user terminal, management device, method, and computer program
Braam A Security Assessment Model for Crypto Asset Safekeeping
Mamun et al. Banking Management System Architecture Using AI & Blockchain
Ilyas et al. An Anonymity Preserving Framework for Associating Personally Identifying Information with a Digital Wallet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19889848

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19889848

Country of ref document: EP

Kind code of ref document: A1