WO2024016022A1 - Variable node box ("vnb") - Google Patents
Variable node box ("vnb") Download PDFInfo
- Publication number
- WO2024016022A1 WO2024016022A1 PCT/ZA2022/050035 ZA2022050035W WO2024016022A1 WO 2024016022 A1 WO2024016022 A1 WO 2024016022A1 ZA 2022050035 W ZA2022050035 W ZA 2022050035W WO 2024016022 A1 WO2024016022 A1 WO 2024016022A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- transaction
- node
- approver
- nodes
- initiator
- Prior art date
Links
- 230000000694 effects Effects 0.000 claims abstract description 6
- 239000003999 initiator Substances 0.000 claims description 41
- 238000010586 diagram Methods 0.000 claims description 12
- 239000000463 material Substances 0.000 claims description 10
- 238000013461 design Methods 0.000 claims description 5
- 238000000034 method Methods 0.000 claims description 4
- 239000000203 mixture Substances 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 15
- 230000006870 function Effects 0.000 description 15
- 238000004519 manufacturing process Methods 0.000 description 7
- 230000008520 organization Effects 0.000 description 7
- 230000007423 decrease Effects 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 230000006855 networking Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000000295 complement effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 239000004033 plastic Substances 0.000 description 2
- 229920003023 plastic Polymers 0.000 description 2
- 239000002131 composite material Substances 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000017525 heat dissipation Effects 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000007734 materials engineering Methods 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 229910001092 metal group alloy Inorganic materials 0.000 description 1
- 239000004417 polycarbonate Substances 0.000 description 1
- 229920000515 polycarbonate Polymers 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000005201 scrubbing Methods 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
- 239000010409 thin film Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Definitions
- VNB VARIABLE NODE BOX
- This patent relates to: (i) computer networking, (ii) Information Technology ("IT”) security and (iii) Blockchain technology.
- the device controls the manner in which data emanating from a transaction that has been initiated, is stored and is communicated to other nodes (computer terminals) in a computer network in order to improve IT security and decrease and/or eliminate unauthorized transactions within an organization, or between/among organizations. It provides a layer of security for, and information retention of, transactions that are initiated and approved between or among two or more computer users. It uses Blockchain technology to retain an immutable record of transactions initiated by a user of a node. 3. BACKGROUND ART
- VNT Variable Node Technology
- the device performs the functions required to give effect to VNT.
- the device also has additional features to enhance the basic functionalities of VNT which are described below, and for which patent protection is sought.
- A is an employee or a contractor in an organization, and he wants to commit fraud using a computer connected to the organization's network (for example to create a fictitious transaction to withdraw funds, or to transfer funds into a banking account that he has created), and he wants to use another person (B) to approve the fraudulent transaction, then A can approach B to collude with him to commit the fraud.
- A's plan is to use a computer in the organization to initiate the transaction, and he plans to ask B, another employee, to use her computer to approve the transaction.
- a and B want to commit fraud using their respective computers, and they decide to collude (B agrees to commit the fraud with A) then, assuming that no other variables influence the scenario, the probability that they will succeed is 100%.
- a and B do not want to commit fraud, and do not collude with each other to process a fraudulent transaction, then the probability that fraud will occur as a result of their actions is 0%. 3. If A wants to commit fraud, and B does not want to collude with A to commit such fraud, then the probability that such fraud will occur is 50% (B will not approve the transaction initiated by A if she knows that the transaction is fraudulent, but if B does not know that it is fraudulent then she will approve it).
- the Initiator Node should only be able to send the transaction for approval once. Then the system should lock itself. The IN will then need authorization to resend the transaction. The IN user will have to fill in an information field on his computer explaining why the transaction is being resent.
- VNB device is integrated into the system. If the device (the VNB or Variable Node Box) is removed or disconnected, then the Initiator Node will not function.
- the transaction initiator uses a computer called the Initiator Node (IN) to initiate the transaction
- the transaction approver uses a computer called the Approver Node (AN) to approve the transaction.
- the transaction initiator and the transaction approver want to collude with each other to commit fraud by initiating and approving a fraudulent transaction, and the transaction initiator is not able to choose a specific AN to approve the transaction, i.e. he is not able to send or route the fraudulent transaction that he has initiated to a specific AN for approval, then one of the factors determining their ability to do successfully do so will be the number of computers on the network (nodes) that have been assigned as Approver Nodes.
- n is the number of Approver Nodes (and therefore, by implication, the number of people who are designated to operate individual Approver Nodes to approve transactions initiated by the IN).
- the Device provides the functionality to minimize or eliminate the variable P in the Probability of Fraud between the IN and AN network Nodes Equation, thereby minimizing or eliminating fraud in the circumstances mentioned in the opening paragraphs of this section (D.4.).
- the Initiator Node is a computer terminal which has been configured for the use of the device (the Variable Node Box or "VNB" device).
- the user of the Initiator Node (IN) (hereafter referred to as the "Initiator") connects the Initiator Node (IN) to the VNB device (either wirelessly or with a cable).
- the VNB device could also be built into the Initiator Node (IN) so that the Initiator does not have to connect it to the Initiator Node (IN) as described in paragraph 2 above.
- the Initiator would simply have to connect to the computer network that he/she wants to use, and the VNB device would be activated automatically. This will be at a stage when the relevant agreements can be reached with computer manufacturers to either build in the device into the computers that they are manufacturing, or to build in empty slots in their computers in which the VNB can be slotted into by purchasers of the computer, so that the VNB device and the computer constitute one inseparable unit.
- the VNB device then acts as a buffer between the Initiator Node (IN) used by the Initiator, and the rest of the computer network.
- the VNB device would have been pre-configured to perform the functions that are required by the relevant organization. Not all of the features and functions that it has/contains might be required by the purchaser of the device.
- the VNB device then performs the functions that it has been built to perform, as described elsewhere in this patent document.
- the transaction data is processed by the VNB device in terms of recording it on a Blockchain, removing the IP address of the Initiator Node (IN), choosing a random Approver Node on the computer network to send the transaction to for approval, and dispatching the data constituting the transaction to the chosen Approver Node (See Diagram B for technical details pertaining to how this is done).
- the VNB device can also be configured to perform a security check on the data, and flag governance issues to the Approver.
- the Initiator does not have direct access to any of the computers that are used to approve the transaction (the Approver Nodes).
- VNB device is not network-topology dependent, so its functioning will not depend on how the Approver Nodes are clustered together in a specific computer network.
- the cluster of Approver Nodes are depicted in the diagram as AN1, AN2 and AN3.
- the VNB device can flag possible security and governance issues
- the entire system including the computer network, can be configured so that its users are made aware of any security, governance or cross-checking measures that need to be taken when transactions are sent for approval (the "Network").
- the Approver operating the Approver Node might not necessarily have the capacity to cross-check and make a decision on complex security and governance issues that are flagged by the VNB device, due to large transaction volumes requiring their approval.
- the AN can be configured to only have 'accept' or 'reject' functions, the 'reject' function being used when the transaction submitted for approval does not meet the basic, stipulated requirements set out for its approval.
- a further sub-network could be set up comprising of Governance Nodes (GN).
- the cluster of governance Nodes are depicted in the diagram as GN1, GN2 and GN3.
- the governance Nodes would perform the function of evaluating transactions with security and/or governance issues flagged by the VNB device, and of accepting or rejecting these transactions.
- the Approver Node will then accept or reject the transaction, and send this feedback to the IN.
- the VNB device will then be configured accordingly.
- the device is connected to the IN via a USB port or any other port in the IN that is suitable as a connector. Therefore, Pl could include and/or take the form of any of these alternatives.
- the user of the IN (the transaction initiator) will sign into the Device and authenticate their identity and any other required credentials that the organization has chosen for identity verification and security. This will be the first series of data packets that will pass through the device.
- IC1 Integrated Circuit
- IC2 Integrated Circuit
- Repository Chip the second Integrated Circuit
- IC2 will handle the logging of the transaction and the uploading of the transaction to a blockchain, which could either be a public, private or hybrid blockchain, and developed using any means, method and/or programming language. This will retain the transaction as evidence should it later be required to be retrieved, for example for Legal proceedings.
- IC3 Integrated Circuit
- IC3 will remove the IP address of the IN and any other information that the user of the IN has tried to insert to display, or that might indicate, his or her identity, or any other superfluous information that might have been included to alert the Approver of a specific transaction.
- Information relating to the transaction will have to be entered by the user of the Initiator Node into set, predetermined fields, so any additional information will be removed.
- the transaction data will then be routed to the fourth Integrated Circuit (IC4) (the "Node Selector Chip”), which stores a list of all of the Approver Nodes (AN) on the network in its memory. It will randomly choose an AN for that specific transaction, and assign the transaction to the selected Approver Node.
- IC4 the "Node Selector Chip”
- the fifth Integrated Circuit (IC5) (the "Dispatch Chip”) will dispatch the transaction data to the selected Approver Node on the network for approval, and it will then send details of the AN to IC2 for addition to the blockchain. This could be done either through a wired ethernet cable or wirelessly.
- Exit port P2 the exit port (P2) is used for the deployment of the data/data packets to their destination (the AN). This is after the data has been processed and/or modified by the relevant components in the device.
- the circuit board at the exit port (P2) is constructed with traces (paths) that are required for the deployment of the data to their destination (the AN).
- MCM A multi-chip module (MCM) is an electronic package consisting of multiple integrated circuits (ICs) assembled into a single device. An MCM works as a single component and is capable of handling an entire function.
- SiP A system in package, is a way of bundling two or more ICs inside a single package. This is in contrast to a system on chip, or SOC.
- SoP A systems-on-package goes a step beyond SiP by integrating thin-film components on a package substrate. 6. BEST MODES FOR CARRYING OUT THE INVENTION
- the outer case of the device can be manufactured from any suitable metal and/or metal alloy, plastics (any of the plastic types that are suitable), polycarbonate materials, composites (made from two or more materials combined together), or any other suitable material from a materials engineering perspective to encase the Device, taking into account the requirements that must be complied with that are set out below.
- the outer case will be manufactured using suitable materials with the most appropriate material composition taking into account: i. the heat dissipation that is required for it to function effectively, ii. the requirement for the Device to be tamper-proof taking into account that its primary use is as an 'anti-fraud' device, i.e. to combat/minimize/eliminate fraud, and iii. the requirement for the components comprising the Device to be impossible to be tampered with and/or modified so that a user of the Device cannot bypass the security measures that it enables,
- the design of the outer box that encases the internal components of the Device will: i. comply with and complement the Outer Case Material Requirements, ii. be of such a nature that it draws peoples' attention to the fact that it is an anti-fraud device with the objective of deterring fraud, and iii. in addition will be configured in terms of shape and size that enables easy storage, transport and use of the Device on a daily basis.
- Design Requirements (hereafter referred to as the "Design Requirements"). .
- the naming of the device and its associated branding will also comply with and/or complement the Outer Case Material Requirements and the Design requirements.
- VNB device The use cases for the VNB device are numerous. It will play a critical role in reducing and/or eliminating fraud in organizations where a computer or other electronic devices are used to initiate and approve transactions.
- the apparatus or device for which patent protection is claimed is essentially an antifraud device.
- it is recommended that this is done so as a single unit, and it will have a form factor very similar to any other computer peripheral such as a USB stick or a USB hard-drive, in the sense that it will be an enclosed unit with a cover which will house all of the components inside of it.
- any other computer peripheral such as a USB stick or a USB hard-drive
- it will be an enclosed unit with a cover which will house all of the components inside of it.
- it is not intended to give parties who wish to contravene and/or circumvent this patent a workaround to being able to do so. It will be marketed as an anti-fraud device, which is self-contained, i.e.
- the specific individual components that can be used may vary, and their configuration might vary as well, to achieve the outcome of the invention.
- the methods of manufacturing the individual components, configuring them and assembling them can vary (hereafter referred to as the "Manufacturing Alternatives").
- Patent protection for the invention shall cover all Manufacturing Alternatives, manufacturing methods and technological component configuration alternatives that can be used to manufacture the Invention.
- the internal architecture of the Invention comprises of an Integrated Circuit (IC) or 'Chip'.
- IC Integrated Circuit
- 'Chip' Integrated Circuit
- SoC Systems on a Chip'
- SoC complete system on one chip
- MCM multi-chip module - interconnects components
- SiP stacked chips or packages
- SoP optimizes between chip and/or package
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The patent claims are for an apparatus (device) that is connected to any computing device (including mobile devices), either wirelessly or with a cable, that gives effect to, and is characterized by Variable Node Technology ("VNT") which has been disclosed in this patent. The device implements VNT in a computer network, and it adds a layer of IT Security using specialized integrated circuits. It uses Blockchain technology to retain an immutable record of transactions created by a user as evidence of such transactions. The device also has additional features to enhance the basic functionality of VNT.
Description
1. TITLE OF INVENTION:
Rule 5.1(a), Section 204(b)
VARIABLE NODE BOX ("VNB")
2. TECHNICAL FIELD:
Rule 5.1(a)(1), Section 204(a)(1)
INDUSTRIAL CATEGORY OF PATENT (TECHNICAL FIELDS TO WHICH IT RELATES)
This patent relates to: (i) computer networking, (ii) Information Technology ("IT") security and (iii) Blockchain technology. The device controls the manner in which data emanating from a transaction that has been initiated, is stored and is communicated to other nodes (computer terminals) in a computer network in order to improve IT security and decrease and/or eliminate unauthorized transactions within an organization, or between/among organizations. It provides a layer of security for, and information retention of, transactions that are initiated and approved between or among two or more computer users. It uses Blockchain technology to retain an immutable record of transactions initiated by a user of a node.
3. BACKGROUND ART
A. NOVELTY & PRIOR ART
1. A search of global patent databases for patents in the field of computer networking, and a perusal of the results of the aforementioned search which yielded details of patents, do not reveal any patent which might constitute a prior art, or a patent that exists, for the subject matter of, or the Claims in this patent.
2. Relevant keywords such as "variable" were included in addition to the keywords used for computer networking/networks.
3. The same was done for "Information Technology ("IT") security" and "Blockchain technology".
4. The subject matter constituting this patent is therefore novel, and it currently does not exist.
5. Aside from the patents relating to modems, routers and other related packet-switching devices, there are no patents that relate to devices controlling a computer network in the manner in which the VNB device does, and in particular controlling the data and
data packets deployed to a computer network from a specific node on the network, in the manner in which the VNB device (for which patent protection is sought in this patent) does.
A. DISCLOSURE AND EXPLANATION OF THE PATENT CLAIMS
1. The patent claims are for an apparatus (device) that gives effect to, and which is characterized by Variable Node Technology ("VNT") (defined below) that has been invented by the applicant for this patent, and which has been disclosed in this patent.
2. The device performs the functions required to give effect to VNT. The device also has additional features to enhance the basic functionalities of VNT which are described below, and for which patent protection is sought.
3. The subject matter of the patent has application in a variety of industries where technology is required to be deployed to prevent fraud and fraudulent transactions, and it uses Blockchain technology to retain an immutable record of transactions created by a user as evidence of such transactions.
B. FURTHER EXPLANATION: VARIABLE NODE TECHNOLOGY
Explanation of variable node technology
1. It is technology that enables a device that deploys data/data packets to a computer network to automatically assign electronic transaction approval randomly to a single node (computer) in a multi-node network. Electronic transactions are submitted and approved on a 'variable and unknown-node' basis, so that the party initiating the transaction and the party approving the transaction do not know beforehand which node will be approving the transaction.
2. It also makes provision for a single node in a network to have multiple virtual nodes associated with it on one computer, in order to further reduce the probability of the node that has been designated to approve the transaction from communicating its identity on the network to the initiator node.
3. Finally, the device has other features that are included in it, and their functionality is described in detail later on in this patent application.
C. BACKGROUND & CONTEXTUAL FRAMEWORK
Cl. Background Scenario
1. If A is an employee or a contractor in an organization, and he wants to commit fraud using a computer connected to the organization's network (for example to create a fictitious transaction to withdraw funds, or to transfer funds into a banking account that he has created), and he wants to use another person (B) to approve the fraudulent transaction, then A can approach B to collude with him to commit the fraud.
2. A's plan is to use a computer in the organization to initiate the transaction, and he plans to ask B, another employee, to use her computer to approve the transaction.
C2. Assigning the Variables
1. Let us call A the Initiator, and A's computer the Initiator Node (IN).
2. Let's call B the Approver, and B's computer the Approver Node (AN).
3. Let's assume a system, including a computer network, where there are no security, governance, or cross-checking measures when transactions are conducted (the "Network"). The topology of the Network is also not relevant. Also assume that there are no other external or internal variables affecting the scenario.
C3. The Probabilities of Fraud
In the abovementioned hypothetical Network, where there is an Initiator Node 'A', and an Approver Node 'B':
1. If A and B want to commit fraud using their respective computers, and they decide to collude (B agrees to commit the fraud with A) then, assuming that no other variables influence the scenario, the probability that they will succeed is 100%.
2. If A and B do not want to commit fraud, and do not collude with each other to process a fraudulent transaction, then the probability that fraud will occur as a result of their actions is 0%.
3. If A wants to commit fraud, and B does not want to collude with A to commit such fraud, then the probability that such fraud will occur is 50% (B will not approve the transaction initiated by A if she knows that the transaction is fraudulent, but if B does not know that it is fraudulent then she will approve it).
C4. The Solution
How can the probabilities of fraud in the scenarios in paragraphs 1 and 3 above be reduced or eliminated?
The following measures can be implemented:
1. Increase the number of Approver Nodes.
2. Choose the Approver Node for a specific transaction randomly. Automate the random selection of the node.
3. Automate the assigning of the approval of the transaction (deployment of the transaction for approval) to a random Approver Node.
4. Prevent the Initiator Node from being able to know which Approver Node the transaction has been assigned to. The Approver must not be able to see who the Initiator is, or the computer from which the transaction emanated (i.e. the identity of the IN).
5. Ensure that the unique numbers identifying nodes changes frequently. The unique number of a specific node must change on a frequent basis, so that the transaction initiator cannot establish the identity of a specific node, and who is operating it.
6. The Initiator and the Approver Nodes will not be able to identify each other from the unique numbers assigned to them, and which will change on a frequent basis.
7. Publish the transaction to all Approver Nodes on the network, so that other approver nodes that have not been assigned to the approval of a specific transaction can also see the transaction, and will have an opportunity to spot and report suspicious activity. When all nodes can see the transaction, then suspicious activity can be detected more easily. For example, other approver nodes will be able to see a transaction that keeps coming up repeatedly, if a user is trying to collude with a specific node with whom he has an arrangement to do so, and he keeps trying to send the same transaction to the randomly selected approver nodes on the network for approval, hoping that the approver that he is colluding with will eventually receive the transaction for approval.
8. The Initiator Node (IN) should only be able to send the transaction for approval once. Then the system should lock itself. The IN will then need authorization to resend the transaction. The IN user will have to fill in an information field on his computer explaining why the transaction is being resent.
9. Create Approver Node channels for different parts of the business, e.g. for geographic or other segments of the business, and randomly assign groups of Approver Nodes to these channels. Rotate the Approver Nodes assigned to the Channels on a regular basis, with no fixed time assigned for this. This could be implemented through the use of one sub-network or multiple sub-networks.
10. Provide governance cross-checks to be undertaken a further set of nodes. This could also be implemented through the use of one sub-network or multiple sub-networks.
11. Create virtual nodes, so that each physical Approver Node can serve as more than one virtual node. There could, for example, be 5 virtual nodes on 1 computer.
12. To secure immutable proof of the transaction, hash the transaction using an encryption algorithm and upload it to a blockchain.
13. Ensure that the VNB device is integrated into the system. If the device (the VNB or Variable Node Box) is removed or disconnected, then the Initiator Node will not function.
14. Ensure that the Approver cannot override the checks and balances that have been put in place to approve the transaction. In order to override these checks and balances, he/she will have to get authorization from a Governance Node user.
D. REDUCING THE ODDS OF FRAUD: A PRACTICAL EXAMPLE OF THE USE OF THE
DEVICE
1. Assume that two (2) parties are involved in a transaction: the transaction initiator, and the transaction approver. The transaction initiator uses a computer called the Initiator Node (IN) to initiate the transaction, and the transaction approver uses a computer called the Approver Node (AN) to approve the transaction.
2. If the transaction initiator and the transaction approver want to collude with each other to commit fraud by initiating and approving a fraudulent transaction, and the transaction initiator is not able to choose a specific AN to approve the transaction, i.e. he is not able to send or route the fraudulent transaction that he has initiated to a specific AN for approval, then one of the factors determining their ability to do successfully do so will be the number of computers on the network (nodes) that have been assigned as Approver Nodes.
3. As the number of Approver Nodes is increased, the probability of 2 parties colluding to approve a fraudulent transaction decreases proportionally.
4. Let's assume a system, inclusive of a computer network, where there are no security, governance or cross-checking measures when transactions are conducted (the "Network"). The topology of the Network is also not relevant. Assume that the transaction initiator is not able to choose a specific AN to approve the transaction, i.e. he is not able to send or route the fraudulent transaction that he has initiated to a specific AN for approval. Also assume that there are no other external or internal variables affecting the scenario.
5. As can be observed in the above equation, P inversely proportional to n.
6. The probability of fraud/collusion in the stipulated circumstances is reduced as you increase n, which is the number of Approver Nodes (and therefore, by implication, the number of people who are designated to operate individual Approver Nodes to approve transactions initiated by the IN).
7. Where the IN and AN are not able to identify each other, then P decreases even further.
8. The Device provides the functionality to minimize or eliminate the variable P in the Probability of Fraud between the IN and AN network Nodes Equation, thereby minimizing or eliminating fraud in the circumstances mentioned in the opening paragraphs of this section (D.4.).
DIAGRAM 1
FUNCTIONING OF THE DEVICE IN A CORPORATE/ORGANIZATIONAL (PRIVATE) OR PUBLIC NETWORK EXPLAINED DIAGRAMMATICALLY
A. Refer to Diagram 1.
1. The Initiator Node (IN) is a computer terminal which has been configured for the use of the device (the Variable Node Box or "VNB" device).
2. The user of the Initiator Node (IN) (hereafter referred to as the "Initiator") connects the Initiator Node (IN) to the VNB device (either wirelessly or with a cable).
Note that the VNB device could also be built into the Initiator Node (IN) so that the Initiator does not have to connect it to the Initiator Node (IN) as described in paragraph 2 above. The Initiator would simply have to connect to the computer network that he/she wants to use, and the VNB device would be activated automatically. This will be at a stage when the relevant agreements can be reached with computer manufacturers to either build in the device into the computers that they are manufacturing, or to build in empty slots in their computers in which the VNB can be slotted into by purchasers of the computer, so that the VNB device and the computer constitute one inseparable unit. The VNB device then acts as a buffer between the Initiator Node (IN) used by the Initiator, and the rest of the computer network. The VNB device would have been pre-configured to perform the functions that are required by the relevant organization. Not all of the features and functions that it has/contains might be required by the purchaser of the device. The VNB device then performs the functions that it has been built to perform, as described elsewhere in this patent document. When the Initiator initiates a transaction on the Initiator Node (IN), the transaction data is processed by the VNB device in terms of recording it on a Blockchain, removing the IP address of the Initiator Node (IN), choosing a random Approver Node on the computer network to send the transaction to for approval, and dispatching the data constituting the transaction to the chosen Approver Node (See Diagram B for technical details pertaining to how this is done).
9. The VNB device can also be configured to perform a security check on the data, and flag governance issues to the Approver.
10. Due to the VNB device, the Initiator does not have direct access to any of the computers that are used to approve the transaction (the Approver Nodes).
11. As stated in the Notes below, the VNB device is not network-topology dependent, so its functioning will not depend on how the Approver Nodes are clustered together in a specific computer network.
12. The Approver of the transaction that was initiated by the IN, uses a computer called the Approver Node (AN).
13. The cluster of Approver Nodes (AN) are depicted in the diagram as AN1, AN2 and AN3.
14. Since the VNB device can flag possible security and governance issues, the entire system, including the computer network, can be configured so that its users are made aware of any security, governance or cross-checking measures that need to be taken when transactions are sent for approval (the "Network").
15. The Approver operating the Approver Node might not necessarily have the capacity to cross-check and make a decision on complex security and governance issues that are flagged by the VNB device, due to large transaction volumes requiring their approval.
16. The AN can be configured to only have 'accept' or 'reject' functions, the 'reject' function being used when the transaction submitted for approval does not meet the basic, stipulated requirements set out for its approval.
17. A further sub-network could be set up comprising of Governance Nodes (GN).
18. The Approver would then be able to refer the issues mentioned in paragraph 15 above to the Governance Nodes.
19. The cluster of Governance Nodes (GN) are depicted in the diagram as GN1, GN2 and GN3.
20. The Governance Nodes would perform the function of evaluating transactions with security and/or governance issues flagged by the VNB device, and of accepting or rejecting these transactions.
21. It (the GN) would then send feedback to the person operating the Approver Node, who (Approver Node) has referred the transaction to it.
22. The Approver Node will then accept or reject the transaction, and send this feedback to the IN. In the case of Governance Nodes (GNs) being used, the VNB device will then be configured accordingly.
23. Since there will be a high level of visibility across the network, rejected transactions will be able to be seen by all nodes, and the node (Initiator Node) from which the transaction emanated will also be visible.
24. This information in itself will indicate a pattern or patterns of behavior. If a specific Initiator Node is regularly submitting transactions that are rejected by Approver Nodes
25. or Governance Nodes, then this will enable suspicion to be raised, and will prompt further investigation.
26. In this way, fraudulent transactions can be prevented, and persons attempting to commit fraud can be prevented from doing so, and/or be brought to account for it.
DIAGRAM 2
HARDWARE CONFIGURATION & COMPONENTS
A. Refer to Diagram 2
1. The data packets from the Initiator Node (IN) (refer to its definition in paragraph A.l. in the commentary on Diagram 1 in this Section) enter the Device through the Entry Port Pl.
2. The device is connected to the IN via a USB port or any other port in the IN that is suitable as a connector. Therefore, Pl could include and/or take the form of any of these alternatives.
3. The user of the IN (the transaction initiator) will sign into the Device and authenticate their identity and any other required credentials that the organization has chosen for identity verification and security. This will be the first series of data packets that will pass through the device.
4. User authentication, security and linking of the Device to the IN as a prerequisite for initiating a transaction on the IN will all be dealt with by the first Integrated Circuit (IC1), also called the "Security Chip".
5. The user of the IN will not be able to proceed with any further actions, either on the IN or on the device, if they have not successfully passed the required security measures (hereafter referred to as "security clearance").
6. Once the user (transaction initiator) has obtained security clearance, then he/she can initiate a transaction.
7. The transaction data will be routed to the second Integrated Circuit (IC2) also called the "Repository Chip". IC2 will handle the logging of the transaction and the uploading of the transaction to a blockchain, which could either be a public, private or hybrid blockchain, and developed using any means, method and/or programming language. This will retain the transaction as evidence should it later be required to be retrieved, for example for Legal proceedings.
8. The transaction data will then be routed to the third Integrated Circuit (IC3) also called the "Identity Removal and Transaction Scrubbing Chip" or the "IRTS" Chip. IC3 will remove the IP address of the IN and any other information that the user of the IN has tried to insert to display, or that might indicate, his or her identity, or any other superfluous information that might have been included to alert the Approver of a specific transaction. Information relating to the transaction will have to be entered by the user of the Initiator Node into set, predetermined fields, so any additional information will be removed.
9. The transaction data will then be routed to the fourth Integrated Circuit (IC4) (the "Node Selector Chip"), which stores a list of all of the Approver Nodes (AN) on the network in its memory. It will randomly choose an AN for that specific transaction, and assign the transaction to the selected Approver Node.
10. The fifth Integrated Circuit (IC5) (the "Dispatch Chip") will dispatch the transaction data to the selected Approver Node on the network for approval, and it will then send details of the AN to IC2 for addition to the blockchain. This could be done either through a wired ethernet cable or wirelessly.
11. Exit port P2: the exit port (P2) is used for the deployment of the data/data packets to their destination (the AN). This is after the data has been processed and/or modified by the relevant components in the device. The circuit board at the exit port (P2) is constructed with traces (paths) that are required for the deployment of the data to their destination (the AN).
12. The hardware configuration and components have been listed and explained in relation to Diagram 2. They can be combined and manufactured in any of the following configurations: MCM, SiP, SoP (explained below) or in any other configuration that is available at the time.
B. Notes:
Definitions:
1. MCM: A multi-chip module (MCM) is an electronic package consisting of multiple integrated circuits (ICs) assembled into a single device. An MCM works as a single component and is capable of handling an entire function.
2. SiP: A system in package, is a way of bundling two or more ICs inside a single package. This is in contrast to a system on chip, or SOC.
3. SoP: A systems-on-package goes a step beyond SiP by integrating thin-film components on a package substrate.
6. BEST MODES FOR CARRYING OUT THE INVENTION
A. EXTERNAL DESIGN, CONFIGURATION AND MATERIAL COMPOSITION OF THE OUTER CASE OF THE DEVICE
1. The outer case of the device can be manufactured from any suitable metal and/or metal alloy, plastics (any of the plastic types that are suitable), polycarbonate materials, composites (made from two or more materials combined together), or any other suitable material from a materials engineering perspective to encase the Device, taking into account the requirements that must be complied with that are set out below.
2. The outer case will be manufactured using suitable materials with the most appropriate material composition taking into account: i. the heat dissipation that is required for it to function effectively, ii. the requirement for the Device to be tamper-proof taking into account that its primary use is as an 'anti-fraud' device, i.e. to combat/minimize/eliminate fraud, and
iii. the requirement for the components comprising the Device to be impossible to be tampered with and/or modified so that a user of the Device cannot bypass the security measures that it enables,
(hereafter referred to as the "Outer Case Material Requirements").
3. The design of the outer box that encases the internal components of the Device will: i. comply with and complement the Outer Case Material Requirements, ii. be of such a nature that it draws peoples' attention to the fact that it is an anti-fraud device with the objective of deterring fraud, and iii. in addition will be configured in terms of shape and size that enables easy storage, transport and use of the Device on a daily basis.
(hereafter referred to as the "Design Requirements"). . The naming of the device and its associated branding will also comply with and/or complement the Outer Case Material Requirements and the Design requirements.
5. The internal architecture of the device for which patent protection is sought (the Invention) is set out in Diagram 2. Commentary on Diagram 2 is contained in Section 5 above titled "Brief Description of Drawings".
A. THE USE CASES
1. The use cases for the VNB device are numerous. It will play a critical role in reducing and/or eliminating fraud in organizations where a computer or other electronic devices are used to initiate and approve transactions.
2. The subject matter of this patent has application in a variety of industries where technology is required to be deployed to prevent fraud and unauthorized/fraudulent transactions, and to retain an immutable record of transactions created by a user as evidence of such transactions.
3. The apparatus or device for which patent protection is claimed, is essentially an antifraud device.
When it is manufactured, it is recommended that this is done so as a single unit, and it will have a form factor very similar to any other computer peripheral such as a USB stick or a USB hard-drive, in the sense that it will be an enclosed unit with a cover which will house all of the components inside of it. However, if there are other more optimal options, then these can be chosen. By recommending that the device be manufactured as a single unit, and in the manner as stated, it is not intended to give parties who wish to contravene and/or circumvent this patent a workaround to being able to do so. It will be marketed as an anti-fraud device, which is self-contained, i.e. it will not require any further peripherals. This is necessary in order to prevent tampering with and/or manipulation of the device. All of the hardware and software (firmware) required to achieve the required functionality will be within the device. The only software outside of the device will be the drivers that will have to be installed on a computer to enable it to interface with the device. However, if there are other more optimal options, then these can be chosen. By making the statement in the first sentence of this paragraph, it is not intended to give parties who wish to contravene and/or circumvent this patent a workaround to being able to do so. It will be portable or fixed in a computer or in any other device that serves as a node on a network. Where portable, it will be capable of being held in the hand and being transported/carried around at will. However, if there are other more optimal options, then these can be chosen. By making the statement in the first sentence of this paragraph, it is not intended to give parties who wish to contravene and/or circumvent this patent a workaround to being able to do so.
8. It is envisaged that it will be used primarily in the banking and financial services industry, however, it can also be used in any organization where transactions need to be initiated and approved.
9. Companies all over the world face the risk of financial losses due to fraud and corruption, and the device will be able to be used effectively to reduce and combat such fraud and corruption. 0. Where the fraud has already taken place, the device will be able to be used to retrieve immutable evidence of the identity of the fraudster and the details of the fraudulent transaction.
B. THE WAYS IN WHICH IT CAN BE MADE
1. It is crucial to note that the patent claim for the intellectual property to be protected is for the device, including:
(i) the functions that the individual components in the device execute, and
(ii) the outcomes that they achieve in clusters, and collectively in unison.
2. The specific individual components that can be used may vary, and their configuration might vary as well, to achieve the outcome of the invention. The methods of manufacturing the individual components, configuring them and assembling them can vary (hereafter referred to as the "Manufacturing Alternatives").
3. The Patent protection for the invention shall cover all Manufacturing Alternatives, manufacturing methods and technological component configuration alternatives that can be used to manufacture the Invention.
T1
4. To amplify this statement, an example is where the internal architecture of the Invention comprises of an Integrated Circuit (IC) or 'Chip'. The Chips referred to in the internal architecture set out herein (the Internal Architecture) could be:
(i) manufactured individually, and soldered separately onto a circuit board, or
(ii) a 'Systems on a Chip' (SoC) approach could be used, where all of the individual Chips are combined in a single Chip,
(ii) certain Chips can be combined in clusters on a single Chip,
(iv) certain functions (a combination of any functions or all of them) could be consolidated onto one chip,
(v) certain functions (a combination of any functions or all of them) could be achieved using any other component and/or software technology, and/or
(vi) the following Chip manufacturing configurations: SoC (complete system on one chip), MCM (multi-chip module - interconnects components), SiP (stacked chips or packages), SoP (optimizes between chip and/or package) could be used.
5. The patent is claimed for a device that is manufactured using any of the above technologies or any combinations of the aforementioned.
6. Therefore, the Internal Architecture set out herein encapsulates the core principles of the Invention, its functioning and capability. The patent is claimed for all of the aforementioned.
The above paragraphs (1. To 6.) are guidelines. If there are other, more optimal options, then these can be chosen. By making the above statements, it is not intended to give parties who wish to contravene and/or circumvent this patent a workaround for being able to do so.
Claims
8. THE CLAIMS
Patent Claims
The patent claims are for:
An apparatus (hereafter referred to as the "Device", "Variable Node Box", "VNB", "VNB Box", or "VNB device") with the following properties:
Claim 1
It sends or deploys a transaction (by means of the transaction data) that has been initiated by a user (initiator of the transaction) from a computer (hereinafter referred to as the "Initiator Node" or "IN"), to a randomly selected node, chosen by the Device, in any network comprising of computing devices (nodes) (hereinafter referred to as the "Approver Nodes" or "AN") that have been set up for the purpose of approving the transaction.
Claim 2
It sends the transaction (by means of the transaction data) initiated by the IN to a random Approver node that has been assigned a unique identification number, without the IN having access to, or being able to display the identity of the specific AN that the transaction has been sent to for approval, so that that the user of the IN will not be able to see the details of, or identify which specific Approver node the transaction has been sent to for approval.
Claim 3
The device also sends data pertaining to details of the transaction and the user of the Initiator Node to be stored on a blockchain (public, private or hybrid; developed using any means, method and/or programming language) so that such data can be retrieved later on as evidence of the transaction and the user's identity. The details that will be sent to the blockchain include, but are not limited to: a digital photograph of the node user (obtained from the webcam of the node computer or mobile device, by the user taking a photograph of themselves using a mobile device, or by any other means), the user's IP address, full names, social security or identity number, employee or contractor number, transaction amount, date, time, type, origin and destination account.
Claim 4
The device has a combination of any number of, or all of the following properties and functionality:
1. It chooses the Approver Node (AN) for a specific transaction randomly. It automates the random selection of the node.
2. It automates the assigning of the approval of the transaction to a specific Approver Node.
3. It changes the unique numbers identifying the Approver Nodes on a frequent basis (the time intervals can be pre-set by the party implementing the system). The unique number of the Approver Node changes so that the initiator cannot establish the identity of a specific Approver Node and who is operating it.
2. The Initiator and Approver Nodes cannot identify each other from the unique numbers or codes assigned to them by the device.
2. The device will have the functionality to provide for an option to publish the transaction to all nodes in the network so that non-involved nodes can also see the transaction, spot and report suspicious activity.
2. The device can create virtual channels for different parts of the business, e.g. geographic or other segments of the business, randomly assign groups of Approver Nodes to channels, and rotate them on a regular basis, with a variable timeframe for this.
. The VNB Box can detect suspicious transactions such as repeated names, and repeat transactions sent apart in time. It can also detect transactions that are not consistent with the governance protocols that have been programmed into the device.
Claim 5
The external design, configuration and material composition of the outer case of the device are as set out in Section 5.
Claim 6
The internal architecture of the invention is as set out in Section 6.
Claim 7
The hardware configuration & components are as set out in Diagram B.
Claim 8
The device can either be:
(i) connected to a computer or mobile device via a connection port (such as USB) or wirelessly, or
(ii) built into a computer or mobile device.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ZA2022/07819 | 2022-07-15 | ||
ZA202207819 | 2022-07-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2024016022A1 true WO2024016022A1 (en) | 2024-01-18 |
Family
ID=89537532
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/ZA2022/050035 WO2024016022A1 (en) | 2022-07-15 | 2022-07-25 | Variable node box ("vnb") |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2024016022A1 (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200058032A1 (en) * | 2018-08-20 | 2020-02-20 | Denikumar Dalpatbhai Lad | Biometric Payment Transaction Without Mobile or Card |
US20200126075A1 (en) * | 2018-10-18 | 2020-04-23 | Temujin Labs, Inc. | Confidential transaction auditing using an authenticated data structure |
US20210352077A1 (en) * | 2020-05-05 | 2021-11-11 | International Business Machines Corporation | Low trust privileged access management |
US20210377045A1 (en) * | 2020-05-27 | 2021-12-02 | Securrency, Inc. | Method, apparatus, and computer-readable medium for authentication and authorization of networked data transactions |
-
2022
- 2022-07-25 WO PCT/ZA2022/050035 patent/WO2024016022A1/en unknown
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20200058032A1 (en) * | 2018-08-20 | 2020-02-20 | Denikumar Dalpatbhai Lad | Biometric Payment Transaction Without Mobile or Card |
US20200126075A1 (en) * | 2018-10-18 | 2020-04-23 | Temujin Labs, Inc. | Confidential transaction auditing using an authenticated data structure |
US20210352077A1 (en) * | 2020-05-05 | 2021-11-11 | International Business Machines Corporation | Low trust privileged access management |
US20210377045A1 (en) * | 2020-05-27 | 2021-12-02 | Securrency, Inc. | Method, apparatus, and computer-readable medium for authentication and authorization of networked data transactions |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11861616B2 (en) | Child support and centralized distribution network | |
Khan et al. | Blockchain smart contracts: Applications, challenges, and future trends | |
US11341490B2 (en) | Carbon footprint blockchain network | |
US20190164151A1 (en) | Method, Apparatus, and Computer-Readable Medium For Compliance Aware Tokenization and Control of Asset Value | |
TW202105299A (en) | Transaction processing in a service blockchain | |
TWI733349B (en) | Block chain-based bill number distribution method, device and electronic equipment | |
WO2020033832A1 (en) | Self-enforcing security token implementing smart-contract-based compliance rules consulting smart-contract-based global registry of investors | |
CN106651303A (en) | Intelligent contract processing method and system based on templates | |
Hakak et al. | Recent advances in blockchain technology: A survey on applications and challenges | |
CN111356995A (en) | System and method for identity resolution across disparate immutable distributed ledger networks | |
CN110047008A (en) | A kind of Claims Resolution method and apparatus based on block chain | |
Jani | Smart contracts: Building blocks for digital transformation | |
CN111639125A (en) | Resource circulation method and device based on block chain | |
Luntovskyy et al. | Cryptographic technology blockchain and its applications | |
Duan et al. | Attacks against cross-chain systems and defense approaches: A contemporary survey | |
CN110347750A (en) | Data processing method and device based on block chain | |
WO2024016022A1 (en) | Variable node box ("vnb") | |
Ravishankar et al. | Blockchain Applications that are Transforming the Society | |
CN115913734A (en) | User authority management method, device and equipment applied to alliance chain | |
Ncube et al. | Land registry using a distributed ledger | |
CN114372280A (en) | Block chain service execution method and device based on multi-sign intelligent contract | |
Furtado et al. | Decentralized Supply Chain Management Smart Contract Using Block-Chain | |
WO2024050569A1 (en) | Product authentication device (pad) | |
Jondhale et al. | Blockchain in Cloud Computing: Design Challenges | |
Khandelwal | Storing Student Records Using Blockchain and IPFS |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 22951355 Country of ref document: EP Kind code of ref document: A1 |