Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
PRIVACY-ENABLED PAYMENT CARDSA case study of
Combining asylum seekers’ privacy and AML/KYC regulation
Pietu Pohjalainen, Ph.D.
CONTENTSCompany presentationProblem definitionBlockchain solutionNew business models Outlook to the future
Nets is the leader in the Nordics
Nets’ strong presence in the Nordic
market means that we know local
market conditions, legislation ,
trends and languages.
COPENHAGENHQ
OSLO
STOCKHOLM
HELSINKI
TALLINN VILNIUS
RIGA
A coordinator in a strong digital ecosystem
MERCHANTS300,000+
30,000+ online
CONSUMERS
-
BUSINESS & PUBLIC SECTOR
240,000 CORPORATES
BANKS200+
DATA CENTERS
7.3 billion transactions8.1 billion digital identities
2,500 employees6.8 bn in turnover
DISTRIBUTORS & PARTNERS500+
• Year 2015 brought Europe a shockwave of asylum seekers
• Using prepaid payment cards would significantlysave in monthly allowance process costs
• KYC/AML requirements associated with a payment card issuing license require the issuerto know the name of the card holder
• Privacy requirements to protect identity prohibitgovernments to give out the names of theirasylum seekers to 3rd parties
Issuing cards to asylum seekers
• International bodies are publishing sanctionlists of individuals whose assets ought to befrozen or otherwise restricted
International sanctions lists
• The standard way is to check the issuedcardholder nameagainst the list
Normal way to operate corp cardsRoles – corporate <–> card issuer
Issue to name JOHN SMITH
JOHN SMITH’s card
What if the cardholder name is
MIGRI 00001
Privacy-preserving issuing of cardsRoles – immigration agency – sanctions list indexer – query API provider – card issuer
Ethereumblockchain
Crea
teid
entit
y0x
de0B
2956
69a9
FD9
3d5F
28D9
Ec85
E40f
4cb6
97BA
e
Write sanctionlist data
Notifymatches
Role: Immigration agencyCreate a blockchain identity e.g. 0xde0B295669a9FD93d5F28D9Ec85E40f4cb697BAeNotify the indexer the public key to use for encryptionAgree with indexer about the shared secret key to useMIGRI_VERY_SECRET_PASSWORDQuery against the blockchain database for hits in the sanctions list, using SHA256(’secret’ + ’query term’)In case of a match, decrypt contents with the privatekey associated to the identityNotify the card issuer in a case of match
Role: Payment card issuerIssue cards to anonymized cardholdersBe prepared to place an issued card into a restricted listupon notification
I don’t need to change anything ..
SUITS ME FINE!
Role: List indexerMonitor the published listsUpdate the shared blockchain database stateIndex new entries from the the published list to the Ethereum blockchainEncrypt the data by elliptic curve Diffie-Hellmanencryption using ephemeral keys (ECDHE) to protect the identitiesHandles only public or contracted information
Ethereumblockchain
Write(SHA256(’MIGRI_SECRET’ + ’SADDAM’),ECDHE(’ <ENTITY Id="13" Type="P"
legal_basis="1210/2003 (OJ L169)“pdf_link="http://eur-lex.europ.PDF”programme="IRQ"
…>’);
Role: API providerOperate the infrastructure to make queriesDoes not see what was asked or what was returned
Due to query key being one-way hashedDue to returned answer being Diffie-Hellman encrypted
New business models
New roles of the database indexer and API connectionprovider
Are independent of each otherAre designed not to contain vendor lock-inProviders can concurrently co-exist
New aspects of qualityDegree of privacy preservation(fully public / queries anonymized / matches anonymized / everything anonymized)
Questions and discussion
He fumbled for the doorhandleof the refrigerator, to get out a carton of milk.”Ten cents, please”, the refrigerator said. ”Five cents for opening my door; five cents for the cream.”UBIK – Philip K. Dick, 1969