WO2024016022A1 - Variable node box ("vnb") - Google Patents

Variable node box ("vnb") Download PDF

Info

Publication number
WO2024016022A1
WO2024016022A1 PCT/ZA2022/050035 ZA2022050035W WO2024016022A1 WO 2024016022 A1 WO2024016022 A1 WO 2024016022A1 ZA 2022050035 W ZA2022050035 W ZA 2022050035W WO 2024016022 A1 WO2024016022 A1 WO 2024016022A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
node
approver
nodes
initiator
Prior art date
Application number
PCT/ZA2022/050035
Other languages
French (fr)
Inventor
Vivek Anand RAMDASS
Original Assignee
Ramdass Vivek Anand
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ramdass Vivek Anand filed Critical Ramdass Vivek Anand
Publication of WO2024016022A1 publication Critical patent/WO2024016022A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Definitions

  • VNB VARIABLE NODE BOX
  • This patent relates to: (i) computer networking, (ii) Information Technology ("IT”) security and (iii) Blockchain technology.
  • the device controls the manner in which data emanating from a transaction that has been initiated, is stored and is communicated to other nodes (computer terminals) in a computer network in order to improve IT security and decrease and/or eliminate unauthorized transactions within an organization, or between/among organizations. It provides a layer of security for, and information retention of, transactions that are initiated and approved between or among two or more computer users. It uses Blockchain technology to retain an immutable record of transactions initiated by a user of a node. 3. BACKGROUND ART
  • VNT Variable Node Technology
  • the device performs the functions required to give effect to VNT.
  • the device also has additional features to enhance the basic functionalities of VNT which are described below, and for which patent protection is sought.
  • A is an employee or a contractor in an organization, and he wants to commit fraud using a computer connected to the organization's network (for example to create a fictitious transaction to withdraw funds, or to transfer funds into a banking account that he has created), and he wants to use another person (B) to approve the fraudulent transaction, then A can approach B to collude with him to commit the fraud.
  • A's plan is to use a computer in the organization to initiate the transaction, and he plans to ask B, another employee, to use her computer to approve the transaction.
  • a and B want to commit fraud using their respective computers, and they decide to collude (B agrees to commit the fraud with A) then, assuming that no other variables influence the scenario, the probability that they will succeed is 100%.
  • a and B do not want to commit fraud, and do not collude with each other to process a fraudulent transaction, then the probability that fraud will occur as a result of their actions is 0%. 3. If A wants to commit fraud, and B does not want to collude with A to commit such fraud, then the probability that such fraud will occur is 50% (B will not approve the transaction initiated by A if she knows that the transaction is fraudulent, but if B does not know that it is fraudulent then she will approve it).
  • the Initiator Node should only be able to send the transaction for approval once. Then the system should lock itself. The IN will then need authorization to resend the transaction. The IN user will have to fill in an information field on his computer explaining why the transaction is being resent.
  • VNB device is integrated into the system. If the device (the VNB or Variable Node Box) is removed or disconnected, then the Initiator Node will not function.
  • the transaction initiator uses a computer called the Initiator Node (IN) to initiate the transaction
  • the transaction approver uses a computer called the Approver Node (AN) to approve the transaction.
  • the transaction initiator and the transaction approver want to collude with each other to commit fraud by initiating and approving a fraudulent transaction, and the transaction initiator is not able to choose a specific AN to approve the transaction, i.e. he is not able to send or route the fraudulent transaction that he has initiated to a specific AN for approval, then one of the factors determining their ability to do successfully do so will be the number of computers on the network (nodes) that have been assigned as Approver Nodes.
  • n is the number of Approver Nodes (and therefore, by implication, the number of people who are designated to operate individual Approver Nodes to approve transactions initiated by the IN).
  • the Device provides the functionality to minimize or eliminate the variable P in the Probability of Fraud between the IN and AN network Nodes Equation, thereby minimizing or eliminating fraud in the circumstances mentioned in the opening paragraphs of this section (D.4.).
  • the Initiator Node is a computer terminal which has been configured for the use of the device (the Variable Node Box or "VNB" device).
  • the user of the Initiator Node (IN) (hereafter referred to as the "Initiator") connects the Initiator Node (IN) to the VNB device (either wirelessly or with a cable).
  • the VNB device could also be built into the Initiator Node (IN) so that the Initiator does not have to connect it to the Initiator Node (IN) as described in paragraph 2 above.
  • the Initiator would simply have to connect to the computer network that he/she wants to use, and the VNB device would be activated automatically. This will be at a stage when the relevant agreements can be reached with computer manufacturers to either build in the device into the computers that they are manufacturing, or to build in empty slots in their computers in which the VNB can be slotted into by purchasers of the computer, so that the VNB device and the computer constitute one inseparable unit.
  • the VNB device then acts as a buffer between the Initiator Node (IN) used by the Initiator, and the rest of the computer network.
  • the VNB device would have been pre-configured to perform the functions that are required by the relevant organization. Not all of the features and functions that it has/contains might be required by the purchaser of the device.
  • the VNB device then performs the functions that it has been built to perform, as described elsewhere in this patent document.
  • the transaction data is processed by the VNB device in terms of recording it on a Blockchain, removing the IP address of the Initiator Node (IN), choosing a random Approver Node on the computer network to send the transaction to for approval, and dispatching the data constituting the transaction to the chosen Approver Node (See Diagram B for technical details pertaining to how this is done).
  • the VNB device can also be configured to perform a security check on the data, and flag governance issues to the Approver.
  • the Initiator does not have direct access to any of the computers that are used to approve the transaction (the Approver Nodes).
  • VNB device is not network-topology dependent, so its functioning will not depend on how the Approver Nodes are clustered together in a specific computer network.
  • the cluster of Approver Nodes are depicted in the diagram as AN1, AN2 and AN3.
  • the VNB device can flag possible security and governance issues
  • the entire system including the computer network, can be configured so that its users are made aware of any security, governance or cross-checking measures that need to be taken when transactions are sent for approval (the "Network").
  • the Approver operating the Approver Node might not necessarily have the capacity to cross-check and make a decision on complex security and governance issues that are flagged by the VNB device, due to large transaction volumes requiring their approval.
  • the AN can be configured to only have 'accept' or 'reject' functions, the 'reject' function being used when the transaction submitted for approval does not meet the basic, stipulated requirements set out for its approval.
  • a further sub-network could be set up comprising of Governance Nodes (GN).
  • the cluster of governance Nodes are depicted in the diagram as GN1, GN2 and GN3.
  • the governance Nodes would perform the function of evaluating transactions with security and/or governance issues flagged by the VNB device, and of accepting or rejecting these transactions.
  • the Approver Node will then accept or reject the transaction, and send this feedback to the IN.
  • the VNB device will then be configured accordingly.
  • the device is connected to the IN via a USB port or any other port in the IN that is suitable as a connector. Therefore, Pl could include and/or take the form of any of these alternatives.
  • the user of the IN (the transaction initiator) will sign into the Device and authenticate their identity and any other required credentials that the organization has chosen for identity verification and security. This will be the first series of data packets that will pass through the device.
  • IC1 Integrated Circuit
  • IC2 Integrated Circuit
  • Repository Chip the second Integrated Circuit
  • IC2 will handle the logging of the transaction and the uploading of the transaction to a blockchain, which could either be a public, private or hybrid blockchain, and developed using any means, method and/or programming language. This will retain the transaction as evidence should it later be required to be retrieved, for example for Legal proceedings.
  • IC3 Integrated Circuit
  • IC3 will remove the IP address of the IN and any other information that the user of the IN has tried to insert to display, or that might indicate, his or her identity, or any other superfluous information that might have been included to alert the Approver of a specific transaction.
  • Information relating to the transaction will have to be entered by the user of the Initiator Node into set, predetermined fields, so any additional information will be removed.
  • the transaction data will then be routed to the fourth Integrated Circuit (IC4) (the "Node Selector Chip”), which stores a list of all of the Approver Nodes (AN) on the network in its memory. It will randomly choose an AN for that specific transaction, and assign the transaction to the selected Approver Node.
  • IC4 the "Node Selector Chip”
  • the fifth Integrated Circuit (IC5) (the "Dispatch Chip”) will dispatch the transaction data to the selected Approver Node on the network for approval, and it will then send details of the AN to IC2 for addition to the blockchain. This could be done either through a wired ethernet cable or wirelessly.
  • Exit port P2 the exit port (P2) is used for the deployment of the data/data packets to their destination (the AN). This is after the data has been processed and/or modified by the relevant components in the device.
  • the circuit board at the exit port (P2) is constructed with traces (paths) that are required for the deployment of the data to their destination (the AN).
  • MCM A multi-chip module (MCM) is an electronic package consisting of multiple integrated circuits (ICs) assembled into a single device. An MCM works as a single component and is capable of handling an entire function.
  • SiP A system in package, is a way of bundling two or more ICs inside a single package. This is in contrast to a system on chip, or SOC.
  • SoP A systems-on-package goes a step beyond SiP by integrating thin-film components on a package substrate. 6. BEST MODES FOR CARRYING OUT THE INVENTION
  • the outer case of the device can be manufactured from any suitable metal and/or metal alloy, plastics (any of the plastic types that are suitable), polycarbonate materials, composites (made from two or more materials combined together), or any other suitable material from a materials engineering perspective to encase the Device, taking into account the requirements that must be complied with that are set out below.
  • the outer case will be manufactured using suitable materials with the most appropriate material composition taking into account: i. the heat dissipation that is required for it to function effectively, ii. the requirement for the Device to be tamper-proof taking into account that its primary use is as an 'anti-fraud' device, i.e. to combat/minimize/eliminate fraud, and iii. the requirement for the components comprising the Device to be impossible to be tampered with and/or modified so that a user of the Device cannot bypass the security measures that it enables,
  • the design of the outer box that encases the internal components of the Device will: i. comply with and complement the Outer Case Material Requirements, ii. be of such a nature that it draws peoples' attention to the fact that it is an anti-fraud device with the objective of deterring fraud, and iii. in addition will be configured in terms of shape and size that enables easy storage, transport and use of the Device on a daily basis.
  • Design Requirements (hereafter referred to as the "Design Requirements"). .
  • the naming of the device and its associated branding will also comply with and/or complement the Outer Case Material Requirements and the Design requirements.
  • VNB device The use cases for the VNB device are numerous. It will play a critical role in reducing and/or eliminating fraud in organizations where a computer or other electronic devices are used to initiate and approve transactions.
  • the apparatus or device for which patent protection is claimed is essentially an antifraud device.
  • it is recommended that this is done so as a single unit, and it will have a form factor very similar to any other computer peripheral such as a USB stick or a USB hard-drive, in the sense that it will be an enclosed unit with a cover which will house all of the components inside of it.
  • any other computer peripheral such as a USB stick or a USB hard-drive
  • it will be an enclosed unit with a cover which will house all of the components inside of it.
  • it is not intended to give parties who wish to contravene and/or circumvent this patent a workaround to being able to do so. It will be marketed as an anti-fraud device, which is self-contained, i.e.
  • the specific individual components that can be used may vary, and their configuration might vary as well, to achieve the outcome of the invention.
  • the methods of manufacturing the individual components, configuring them and assembling them can vary (hereafter referred to as the "Manufacturing Alternatives").
  • Patent protection for the invention shall cover all Manufacturing Alternatives, manufacturing methods and technological component configuration alternatives that can be used to manufacture the Invention.
  • the internal architecture of the Invention comprises of an Integrated Circuit (IC) or 'Chip'.
  • IC Integrated Circuit
  • 'Chip' Integrated Circuit
  • SoC Systems on a Chip'
  • SoC complete system on one chip
  • MCM multi-chip module - interconnects components
  • SiP stacked chips or packages
  • SoP optimizes between chip and/or package

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The patent claims are for an apparatus (device) that is connected to any computing device (including mobile devices), either wirelessly or with a cable, that gives effect to, and is characterized by Variable Node Technology ("VNT") which has been disclosed in this patent. The device implements VNT in a computer network, and it adds a layer of IT Security using specialized integrated circuits. It uses Blockchain technology to retain an immutable record of transactions created by a user as evidence of such transactions. The device also has additional features to enhance the basic functionality of VNT.

Description

Figure imgf000002_0001
1. TITLE OF INVENTION:
Rule 5.1(a), Section 204(b)
VARIABLE NODE BOX ("VNB")
2. TECHNICAL FIELD:
Rule 5.1(a)(1), Section 204(a)(1)
INDUSTRIAL CATEGORY OF PATENT (TECHNICAL FIELDS TO WHICH IT RELATES)
This patent relates to: (i) computer networking, (ii) Information Technology ("IT") security and (iii) Blockchain technology. The device controls the manner in which data emanating from a transaction that has been initiated, is stored and is communicated to other nodes (computer terminals) in a computer network in order to improve IT security and decrease and/or eliminate unauthorized transactions within an organization, or between/among organizations. It provides a layer of security for, and information retention of, transactions that are initiated and approved between or among two or more computer users. It uses Blockchain technology to retain an immutable record of transactions initiated by a user of a node. 3. BACKGROUND ART
A. NOVELTY & PRIOR ART
1. A search of global patent databases for patents in the field of computer networking, and a perusal of the results of the aforementioned search which yielded details of patents, do not reveal any patent which might constitute a prior art, or a patent that exists, for the subject matter of, or the Claims in this patent.
2. Relevant keywords such as "variable" were included in addition to the keywords used for computer networking/networks.
3. The same was done for "Information Technology ("IT") security" and "Blockchain technology".
4. The subject matter constituting this patent is therefore novel, and it currently does not exist.
5. Aside from the patents relating to modems, routers and other related packet-switching devices, there are no patents that relate to devices controlling a computer network in the manner in which the VNB device does, and in particular controlling the data and data packets deployed to a computer network from a specific node on the network, in the manner in which the VNB device (for which patent protection is sought in this patent) does.
4. DISCLOSURE AND SUMMARY OF INVENTION
Figure imgf000005_0001
A. DISCLOSURE AND EXPLANATION OF THE PATENT CLAIMS
1. The patent claims are for an apparatus (device) that gives effect to, and which is characterized by Variable Node Technology ("VNT") (defined below) that has been invented by the applicant for this patent, and which has been disclosed in this patent.
2. The device performs the functions required to give effect to VNT. The device also has additional features to enhance the basic functionalities of VNT which are described below, and for which patent protection is sought.
3. The subject matter of the patent has application in a variety of industries where technology is required to be deployed to prevent fraud and fraudulent transactions, and it uses Blockchain technology to retain an immutable record of transactions created by a user as evidence of such transactions. B. FURTHER EXPLANATION: VARIABLE NODE TECHNOLOGY
Explanation of variable node technology
1. It is technology that enables a device that deploys data/data packets to a computer network to automatically assign electronic transaction approval randomly to a single node (computer) in a multi-node network. Electronic transactions are submitted and approved on a 'variable and unknown-node' basis, so that the party initiating the transaction and the party approving the transaction do not know beforehand which node will be approving the transaction.
2. It also makes provision for a single node in a network to have multiple virtual nodes associated with it on one computer, in order to further reduce the probability of the node that has been designated to approve the transaction from communicating its identity on the network to the initiator node.
3. Finally, the device has other features that are included in it, and their functionality is described in detail later on in this patent application.
C. BACKGROUND & CONTEXTUAL FRAMEWORK
Cl. Background Scenario
1. If A is an employee or a contractor in an organization, and he wants to commit fraud using a computer connected to the organization's network (for example to create a fictitious transaction to withdraw funds, or to transfer funds into a banking account that he has created), and he wants to use another person (B) to approve the fraudulent transaction, then A can approach B to collude with him to commit the fraud. 2. A's plan is to use a computer in the organization to initiate the transaction, and he plans to ask B, another employee, to use her computer to approve the transaction.
C2. Assigning the Variables
1. Let us call A the Initiator, and A's computer the Initiator Node (IN).
2. Let's call B the Approver, and B's computer the Approver Node (AN).
3. Let's assume a system, including a computer network, where there are no security, governance, or cross-checking measures when transactions are conducted (the "Network"). The topology of the Network is also not relevant. Also assume that there are no other external or internal variables affecting the scenario.
C3. The Probabilities of Fraud
In the abovementioned hypothetical Network, where there is an Initiator Node 'A', and an Approver Node 'B':
1. If A and B want to commit fraud using their respective computers, and they decide to collude (B agrees to commit the fraud with A) then, assuming that no other variables influence the scenario, the probability that they will succeed is 100%.
2. If A and B do not want to commit fraud, and do not collude with each other to process a fraudulent transaction, then the probability that fraud will occur as a result of their actions is 0%. 3. If A wants to commit fraud, and B does not want to collude with A to commit such fraud, then the probability that such fraud will occur is 50% (B will not approve the transaction initiated by A if she knows that the transaction is fraudulent, but if B does not know that it is fraudulent then she will approve it).
C4. The Solution
How can the probabilities of fraud in the scenarios in paragraphs 1 and 3 above be reduced or eliminated?
The following measures can be implemented:
1. Increase the number of Approver Nodes.
2. Choose the Approver Node for a specific transaction randomly. Automate the random selection of the node.
3. Automate the assigning of the approval of the transaction (deployment of the transaction for approval) to a random Approver Node.
4. Prevent the Initiator Node from being able to know which Approver Node the transaction has been assigned to. The Approver must not be able to see who the Initiator is, or the computer from which the transaction emanated (i.e. the identity of the IN).
5. Ensure that the unique numbers identifying nodes changes frequently. The unique number of a specific node must change on a frequent basis, so that the transaction initiator cannot establish the identity of a specific node, and who is operating it. 6. The Initiator and the Approver Nodes will not be able to identify each other from the unique numbers assigned to them, and which will change on a frequent basis.
7. Publish the transaction to all Approver Nodes on the network, so that other approver nodes that have not been assigned to the approval of a specific transaction can also see the transaction, and will have an opportunity to spot and report suspicious activity. When all nodes can see the transaction, then suspicious activity can be detected more easily. For example, other approver nodes will be able to see a transaction that keeps coming up repeatedly, if a user is trying to collude with a specific node with whom he has an arrangement to do so, and he keeps trying to send the same transaction to the randomly selected approver nodes on the network for approval, hoping that the approver that he is colluding with will eventually receive the transaction for approval.
8. The Initiator Node (IN) should only be able to send the transaction for approval once. Then the system should lock itself. The IN will then need authorization to resend the transaction. The IN user will have to fill in an information field on his computer explaining why the transaction is being resent.
9. Create Approver Node channels for different parts of the business, e.g. for geographic or other segments of the business, and randomly assign groups of Approver Nodes to these channels. Rotate the Approver Nodes assigned to the Channels on a regular basis, with no fixed time assigned for this. This could be implemented through the use of one sub-network or multiple sub-networks. 10. Provide governance cross-checks to be undertaken a further set of nodes. This could also be implemented through the use of one sub-network or multiple sub-networks.
11. Create virtual nodes, so that each physical Approver Node can serve as more than one virtual node. There could, for example, be 5 virtual nodes on 1 computer.
12. To secure immutable proof of the transaction, hash the transaction using an encryption algorithm and upload it to a blockchain.
13. Ensure that the VNB device is integrated into the system. If the device (the VNB or Variable Node Box) is removed or disconnected, then the Initiator Node will not function.
14. Ensure that the Approver cannot override the checks and balances that have been put in place to approve the transaction. In order to override these checks and balances, he/she will have to get authorization from a Governance Node user.
D. REDUCING THE ODDS OF FRAUD: A PRACTICAL EXAMPLE OF THE USE OF THE
DEVICE
1. Assume that two (2) parties are involved in a transaction: the transaction initiator, and the transaction approver. The transaction initiator uses a computer called the Initiator Node (IN) to initiate the transaction, and the transaction approver uses a computer called the Approver Node (AN) to approve the transaction.
2. If the transaction initiator and the transaction approver want to collude with each other to commit fraud by initiating and approving a fraudulent transaction, and the transaction initiator is not able to choose a specific AN to approve the transaction, i.e. he is not able to send or route the fraudulent transaction that he has initiated to a specific AN for approval, then one of the factors determining their ability to do successfully do so will be the number of computers on the network (nodes) that have been assigned as Approver Nodes.
3. As the number of Approver Nodes is increased, the probability of 2 parties colluding to approve a fraudulent transaction decreases proportionally.
4. Let's assume a system, inclusive of a computer network, where there are no security, governance or cross-checking measures when transactions are conducted (the "Network"). The topology of the Network is also not relevant. Assume that the transaction initiator is not able to choose a specific AN to approve the transaction, i.e. he is not able to send or route the fraudulent transaction that he has initiated to a specific AN for approval. Also assume that there are no other external or internal variables affecting the scenario.
Figure imgf000012_0001
5. As can be observed in the above equation, P inversely proportional to n.
6. The probability of fraud/collusion in the stipulated circumstances is reduced as you increase n, which is the number of Approver Nodes (and therefore, by implication, the number of people who are designated to operate individual Approver Nodes to approve transactions initiated by the IN).
Figure imgf000013_0001
Figure imgf000013_0002
Figure imgf000014_0001
7. Where the IN and AN are not able to identify each other, then P decreases even further.
8. The Device provides the functionality to minimize or eliminate the variable P in the Probability of Fraud between the IN and AN network Nodes Equation, thereby minimizing or eliminating fraud in the circumstances mentioned in the opening paragraphs of this section (D.4.).
5. BRIEF DESCRIPTION OF DRAWINGS
Figure imgf000015_0001
Figure imgf000015_0002
DIAGRAM 1
FUNCTIONING OF THE DEVICE IN A CORPORATE/ORGANIZATIONAL (PRIVATE) OR PUBLIC NETWORK EXPLAINED DIAGRAMMATICALLY
A. Refer to Diagram 1.
1. The Initiator Node (IN) is a computer terminal which has been configured for the use of the device (the Variable Node Box or "VNB" device).
2. The user of the Initiator Node (IN) (hereafter referred to as the "Initiator") connects the Initiator Node (IN) to the VNB device (either wirelessly or with a cable).
Note that the VNB device could also be built into the Initiator Node (IN) so that the Initiator does not have to connect it to the Initiator Node (IN) as described in paragraph 2 above. The Initiator would simply have to connect to the computer network that he/she wants to use, and the VNB device would be activated automatically. This will be at a stage when the relevant agreements can be reached with computer manufacturers to either build in the device into the computers that they are manufacturing, or to build in empty slots in their computers in which the VNB can be slotted into by purchasers of the computer, so that the VNB device and the computer constitute one inseparable unit. The VNB device then acts as a buffer between the Initiator Node (IN) used by the Initiator, and the rest of the computer network. The VNB device would have been pre-configured to perform the functions that are required by the relevant organization. Not all of the features and functions that it has/contains might be required by the purchaser of the device. The VNB device then performs the functions that it has been built to perform, as described elsewhere in this patent document. When the Initiator initiates a transaction on the Initiator Node (IN), the transaction data is processed by the VNB device in terms of recording it on a Blockchain, removing the IP address of the Initiator Node (IN), choosing a random Approver Node on the computer network to send the transaction to for approval, and dispatching the data constituting the transaction to the chosen Approver Node (See Diagram B for technical details pertaining to how this is done). 9. The VNB device can also be configured to perform a security check on the data, and flag governance issues to the Approver.
10. Due to the VNB device, the Initiator does not have direct access to any of the computers that are used to approve the transaction (the Approver Nodes).
11. As stated in the Notes below, the VNB device is not network-topology dependent, so its functioning will not depend on how the Approver Nodes are clustered together in a specific computer network.
12. The Approver of the transaction that was initiated by the IN, uses a computer called the Approver Node (AN).
13. The cluster of Approver Nodes (AN) are depicted in the diagram as AN1, AN2 and AN3.
14. Since the VNB device can flag possible security and governance issues, the entire system, including the computer network, can be configured so that its users are made aware of any security, governance or cross-checking measures that need to be taken when transactions are sent for approval (the "Network").
15. The Approver operating the Approver Node might not necessarily have the capacity to cross-check and make a decision on complex security and governance issues that are flagged by the VNB device, due to large transaction volumes requiring their approval.
16. The AN can be configured to only have 'accept' or 'reject' functions, the 'reject' function being used when the transaction submitted for approval does not meet the basic, stipulated requirements set out for its approval. 17. A further sub-network could be set up comprising of Governance Nodes (GN).
18. The Approver would then be able to refer the issues mentioned in paragraph 15 above to the Governance Nodes.
19. The cluster of Governance Nodes (GN) are depicted in the diagram as GN1, GN2 and GN3.
20. The Governance Nodes would perform the function of evaluating transactions with security and/or governance issues flagged by the VNB device, and of accepting or rejecting these transactions.
21. It (the GN) would then send feedback to the person operating the Approver Node, who (Approver Node) has referred the transaction to it.
22. The Approver Node will then accept or reject the transaction, and send this feedback to the IN. In the case of Governance Nodes (GNs) being used, the VNB device will then be configured accordingly.
23. Since there will be a high level of visibility across the network, rejected transactions will be able to be seen by all nodes, and the node (Initiator Node) from which the transaction emanated will also be visible.
24. This information in itself will indicate a pattern or patterns of behavior. If a specific Initiator Node is regularly submitting transactions that are rejected by Approver Nodes
25. or Governance Nodes, then this will enable suspicion to be raised, and will prompt further investigation.
26. In this way, fraudulent transactions can be prevented, and persons attempting to commit fraud can be prevented from doing so, and/or be brought to account for it.
Figure imgf000019_0001
DIAGRAM 2
HARDWARE CONFIGURATION & COMPONENTS
A. Refer to Diagram 2
1. The data packets from the Initiator Node (IN) (refer to its definition in paragraph A.l. in the commentary on Diagram 1 in this Section) enter the Device through the Entry Port Pl.
2. The device is connected to the IN via a USB port or any other port in the IN that is suitable as a connector. Therefore, Pl could include and/or take the form of any of these alternatives.
3. The user of the IN (the transaction initiator) will sign into the Device and authenticate their identity and any other required credentials that the organization has chosen for identity verification and security. This will be the first series of data packets that will pass through the device.
4. User authentication, security and linking of the Device to the IN as a prerequisite for initiating a transaction on the IN will all be dealt with by the first Integrated Circuit (IC1), also called the "Security Chip".
5. The user of the IN will not be able to proceed with any further actions, either on the IN or on the device, if they have not successfully passed the required security measures (hereafter referred to as "security clearance").
6. Once the user (transaction initiator) has obtained security clearance, then he/she can initiate a transaction. 7. The transaction data will be routed to the second Integrated Circuit (IC2) also called the "Repository Chip". IC2 will handle the logging of the transaction and the uploading of the transaction to a blockchain, which could either be a public, private or hybrid blockchain, and developed using any means, method and/or programming language. This will retain the transaction as evidence should it later be required to be retrieved, for example for Legal proceedings.
8. The transaction data will then be routed to the third Integrated Circuit (IC3) also called the "Identity Removal and Transaction Scrubbing Chip" or the "IRTS" Chip. IC3 will remove the IP address of the IN and any other information that the user of the IN has tried to insert to display, or that might indicate, his or her identity, or any other superfluous information that might have been included to alert the Approver of a specific transaction. Information relating to the transaction will have to be entered by the user of the Initiator Node into set, predetermined fields, so any additional information will be removed.
9. The transaction data will then be routed to the fourth Integrated Circuit (IC4) (the "Node Selector Chip"), which stores a list of all of the Approver Nodes (AN) on the network in its memory. It will randomly choose an AN for that specific transaction, and assign the transaction to the selected Approver Node.
10. The fifth Integrated Circuit (IC5) (the "Dispatch Chip") will dispatch the transaction data to the selected Approver Node on the network for approval, and it will then send details of the AN to IC2 for addition to the blockchain. This could be done either through a wired ethernet cable or wirelessly. 11. Exit port P2: the exit port (P2) is used for the deployment of the data/data packets to their destination (the AN). This is after the data has been processed and/or modified by the relevant components in the device. The circuit board at the exit port (P2) is constructed with traces (paths) that are required for the deployment of the data to their destination (the AN).
12. The hardware configuration and components have been listed and explained in relation to Diagram 2. They can be combined and manufactured in any of the following configurations: MCM, SiP, SoP (explained below) or in any other configuration that is available at the time.
B. Notes:
Definitions:
1. MCM: A multi-chip module (MCM) is an electronic package consisting of multiple integrated circuits (ICs) assembled into a single device. An MCM works as a single component and is capable of handling an entire function.
2. SiP: A system in package, is a way of bundling two or more ICs inside a single package. This is in contrast to a system on chip, or SOC.
3. SoP: A systems-on-package goes a step beyond SiP by integrating thin-film components on a package substrate. 6. BEST MODES FOR CARRYING OUT THE INVENTION
& DESCRIPTION OF EMBODIMENTS
Figure imgf000023_0001
A. EXTERNAL DESIGN, CONFIGURATION AND MATERIAL COMPOSITION OF THE OUTER CASE OF THE DEVICE
1. The outer case of the device can be manufactured from any suitable metal and/or metal alloy, plastics (any of the plastic types that are suitable), polycarbonate materials, composites (made from two or more materials combined together), or any other suitable material from a materials engineering perspective to encase the Device, taking into account the requirements that must be complied with that are set out below.
2. The outer case will be manufactured using suitable materials with the most appropriate material composition taking into account: i. the heat dissipation that is required for it to function effectively, ii. the requirement for the Device to be tamper-proof taking into account that its primary use is as an 'anti-fraud' device, i.e. to combat/minimize/eliminate fraud, and iii. the requirement for the components comprising the Device to be impossible to be tampered with and/or modified so that a user of the Device cannot bypass the security measures that it enables,
(hereafter referred to as the "Outer Case Material Requirements").
3. The design of the outer box that encases the internal components of the Device will: i. comply with and complement the Outer Case Material Requirements, ii. be of such a nature that it draws peoples' attention to the fact that it is an anti-fraud device with the objective of deterring fraud, and iii. in addition will be configured in terms of shape and size that enables easy storage, transport and use of the Device on a daily basis.
(hereafter referred to as the "Design Requirements"). . The naming of the device and its associated branding will also comply with and/or complement the Outer Case Material Requirements and the Design requirements.
5. The internal architecture of the device for which patent protection is sought (the Invention) is set out in Diagram 2. Commentary on Diagram 2 is contained in Section 5 above titled "Brief Description of Drawings".
7. INDUSTRIAL APPLICABILITY
Figure imgf000025_0001
A. THE USE CASES
1. The use cases for the VNB device are numerous. It will play a critical role in reducing and/or eliminating fraud in organizations where a computer or other electronic devices are used to initiate and approve transactions.
2. The subject matter of this patent has application in a variety of industries where technology is required to be deployed to prevent fraud and unauthorized/fraudulent transactions, and to retain an immutable record of transactions created by a user as evidence of such transactions.
3. The apparatus or device for which patent protection is claimed, is essentially an antifraud device. When it is manufactured, it is recommended that this is done so as a single unit, and it will have a form factor very similar to any other computer peripheral such as a USB stick or a USB hard-drive, in the sense that it will be an enclosed unit with a cover which will house all of the components inside of it. However, if there are other more optimal options, then these can be chosen. By recommending that the device be manufactured as a single unit, and in the manner as stated, it is not intended to give parties who wish to contravene and/or circumvent this patent a workaround to being able to do so. It will be marketed as an anti-fraud device, which is self-contained, i.e. it will not require any further peripherals. This is necessary in order to prevent tampering with and/or manipulation of the device. All of the hardware and software (firmware) required to achieve the required functionality will be within the device. The only software outside of the device will be the drivers that will have to be installed on a computer to enable it to interface with the device. However, if there are other more optimal options, then these can be chosen. By making the statement in the first sentence of this paragraph, it is not intended to give parties who wish to contravene and/or circumvent this patent a workaround to being able to do so. It will be portable or fixed in a computer or in any other device that serves as a node on a network. Where portable, it will be capable of being held in the hand and being transported/carried around at will. However, if there are other more optimal options, then these can be chosen. By making the statement in the first sentence of this paragraph, it is not intended to give parties who wish to contravene and/or circumvent this patent a workaround to being able to do so. 8. It is envisaged that it will be used primarily in the banking and financial services industry, however, it can also be used in any organization where transactions need to be initiated and approved.
9. Companies all over the world face the risk of financial losses due to fraud and corruption, and the device will be able to be used effectively to reduce and combat such fraud and corruption. 0. Where the fraud has already taken place, the device will be able to be used to retrieve immutable evidence of the identity of the fraudster and the details of the fraudulent transaction.
B. THE WAYS IN WHICH IT CAN BE MADE
1. It is crucial to note that the patent claim for the intellectual property to be protected is for the device, including:
(i) the functions that the individual components in the device execute, and
(ii) the outcomes that they achieve in clusters, and collectively in unison.
2. The specific individual components that can be used may vary, and their configuration might vary as well, to achieve the outcome of the invention. The methods of manufacturing the individual components, configuring them and assembling them can vary (hereafter referred to as the "Manufacturing Alternatives").
3. The Patent protection for the invention shall cover all Manufacturing Alternatives, manufacturing methods and technological component configuration alternatives that can be used to manufacture the Invention. T1
4. To amplify this statement, an example is where the internal architecture of the Invention comprises of an Integrated Circuit (IC) or 'Chip'. The Chips referred to in the internal architecture set out herein (the Internal Architecture) could be:
(i) manufactured individually, and soldered separately onto a circuit board, or
(ii) a 'Systems on a Chip' (SoC) approach could be used, where all of the individual Chips are combined in a single Chip,
(ii) certain Chips can be combined in clusters on a single Chip,
(iv) certain functions (a combination of any functions or all of them) could be consolidated onto one chip,
(v) certain functions (a combination of any functions or all of them) could be achieved using any other component and/or software technology, and/or
(vi) the following Chip manufacturing configurations: SoC (complete system on one chip), MCM (multi-chip module - interconnects components), SiP (stacked chips or packages), SoP (optimizes between chip and/or package) could be used.
5. The patent is claimed for a device that is manufactured using any of the above technologies or any combinations of the aforementioned.
6. Therefore, the Internal Architecture set out herein encapsulates the core principles of the Invention, its functioning and capability. The patent is claimed for all of the aforementioned. The above paragraphs (1. To 6.) are guidelines. If there are other, more optimal options, then these can be chosen. By making the above statements, it is not intended to give parties who wish to contravene and/or circumvent this patent a workaround for being able to do so.

Claims

8. THE CLAIMS
Patent Claims
The patent claims are for:
An apparatus (hereafter referred to as the "Device", "Variable Node Box", "VNB", "VNB Box", or "VNB device") with the following properties:
Claim 1
It sends or deploys a transaction (by means of the transaction data) that has been initiated by a user (initiator of the transaction) from a computer (hereinafter referred to as the "Initiator Node" or "IN"), to a randomly selected node, chosen by the Device, in any network comprising of computing devices (nodes) (hereinafter referred to as the "Approver Nodes" or "AN") that have been set up for the purpose of approving the transaction.
Claim 2
It sends the transaction (by means of the transaction data) initiated by the IN to a random Approver node that has been assigned a unique identification number, without the IN having access to, or being able to display the identity of the specific AN that the transaction has been sent to for approval, so that that the user of the IN will not be able to see the details of, or identify which specific Approver node the transaction has been sent to for approval.
Claim 3
The device also sends data pertaining to details of the transaction and the user of the Initiator Node to be stored on a blockchain (public, private or hybrid; developed using any means, method and/or programming language) so that such data can be retrieved later on as evidence of the transaction and the user's identity. The details that will be sent to the blockchain include, but are not limited to: a digital photograph of the node user (obtained from the webcam of the node computer or mobile device, by the user taking a photograph of themselves using a mobile device, or by any other means), the user's IP address, full names, social security or identity number, employee or contractor number, transaction amount, date, time, type, origin and destination account.
Claim 4
The device has a combination of any number of, or all of the following properties and functionality:
1. It chooses the Approver Node (AN) for a specific transaction randomly. It automates the random selection of the node.
2. It automates the assigning of the approval of the transaction to a specific Approver Node.
3. It changes the unique numbers identifying the Approver Nodes on a frequent basis (the time intervals can be pre-set by the party implementing the system). The unique number of the Approver Node changes so that the initiator cannot establish the identity of a specific Approver Node and who is operating it.
2. The Initiator and Approver Nodes cannot identify each other from the unique numbers or codes assigned to them by the device.
2. The device will have the functionality to provide for an option to publish the transaction to all nodes in the network so that non-involved nodes can also see the transaction, spot and report suspicious activity.
2. The device can create virtual channels for different parts of the business, e.g. geographic or other segments of the business, randomly assign groups of Approver Nodes to channels, and rotate them on a regular basis, with a variable timeframe for this. . The VNB Box can detect suspicious transactions such as repeated names, and repeat transactions sent apart in time. It can also detect transactions that are not consistent with the governance protocols that have been programmed into the device.
Claim 5
The external design, configuration and material composition of the outer case of the device are as set out in Section 5.
Claim 6
The internal architecture of the invention is as set out in Section 6.
Claim 7
The hardware configuration & components are as set out in Diagram B.
Claim 8
The device can either be:
(i) connected to a computer or mobile device via a connection port (such as USB) or wirelessly, or
(ii) built into a computer or mobile device.
PCT/ZA2022/050035 2022-07-15 2022-07-25 Variable node box ("vnb") WO2024016022A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2022/07819 2022-07-15
ZA202207819 2022-07-15

Publications (1)

Publication Number Publication Date
WO2024016022A1 true WO2024016022A1 (en) 2024-01-18

Family

ID=89537532

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/ZA2022/050035 WO2024016022A1 (en) 2022-07-15 2022-07-25 Variable node box ("vnb")

Country Status (1)

Country Link
WO (1) WO2024016022A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200058032A1 (en) * 2018-08-20 2020-02-20 Denikumar Dalpatbhai Lad Biometric Payment Transaction Without Mobile or Card
US20200126075A1 (en) * 2018-10-18 2020-04-23 Temujin Labs, Inc. Confidential transaction auditing using an authenticated data structure
US20210352077A1 (en) * 2020-05-05 2021-11-11 International Business Machines Corporation Low trust privileged access management
US20210377045A1 (en) * 2020-05-27 2021-12-02 Securrency, Inc. Method, apparatus, and computer-readable medium for authentication and authorization of networked data transactions

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200058032A1 (en) * 2018-08-20 2020-02-20 Denikumar Dalpatbhai Lad Biometric Payment Transaction Without Mobile or Card
US20200126075A1 (en) * 2018-10-18 2020-04-23 Temujin Labs, Inc. Confidential transaction auditing using an authenticated data structure
US20210352077A1 (en) * 2020-05-05 2021-11-11 International Business Machines Corporation Low trust privileged access management
US20210377045A1 (en) * 2020-05-27 2021-12-02 Securrency, Inc. Method, apparatus, and computer-readable medium for authentication and authorization of networked data transactions

Similar Documents

Publication Publication Date Title
US11861616B2 (en) Child support and centralized distribution network
Khan et al. Blockchain smart contracts: Applications, challenges, and future trends
US11341490B2 (en) Carbon footprint blockchain network
US20190164151A1 (en) Method, Apparatus, and Computer-Readable Medium For Compliance Aware Tokenization and Control of Asset Value
TW202105299A (en) Transaction processing in a service blockchain
TWI733349B (en) Block chain-based bill number distribution method, device and electronic equipment
WO2020033832A1 (en) Self-enforcing security token implementing smart-contract-based compliance rules consulting smart-contract-based global registry of investors
CN106651303A (en) Intelligent contract processing method and system based on templates
Hakak et al. Recent advances in blockchain technology: A survey on applications and challenges
CN111356995A (en) System and method for identity resolution across disparate immutable distributed ledger networks
CN110047008A (en) A kind of Claims Resolution method and apparatus based on block chain
Jani Smart contracts: Building blocks for digital transformation
CN111639125A (en) Resource circulation method and device based on block chain
Luntovskyy et al. Cryptographic technology blockchain and its applications
Duan et al. Attacks against cross-chain systems and defense approaches: A contemporary survey
CN110347750A (en) Data processing method and device based on block chain
WO2024016022A1 (en) Variable node box ("vnb")
Ravishankar et al. Blockchain Applications that are Transforming the Society
CN115913734A (en) User authority management method, device and equipment applied to alliance chain
Ncube et al. Land registry using a distributed ledger
CN114372280A (en) Block chain service execution method and device based on multi-sign intelligent contract
Furtado et al. Decentralized Supply Chain Management Smart Contract Using Block-Chain
WO2024050569A1 (en) Product authentication device (pad)
Jondhale et al. Blockchain in Cloud Computing: Design Challenges
Khandelwal Storing Student Records Using Blockchain and IPFS

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22951355

Country of ref document: EP

Kind code of ref document: A1