METHOD, PLATFORM AND SYSTEM FOR ENSURING AUDITABILITY OF AN IMMUTABLE DIGITAL TRANSACTION

Abstract

The present invention is in the area of auditability protocols for secure communication transactions, applying a Blockchain based methodology. It includes a method for ensuring auditability of a digital transaction comprising the receipt of a set of hashes corresponding to the hashing of an encrypted digital transaction sent from a sender device (2) to a recipient in a first trusted validating peer system (5), the broadcasting of such hashes to a plurality of trusted validating peer systems (5), the consensus between trusted validating peer systems (5) on an agreed order and appending of said set of hashes in said order to a block in each trusted validating peer systems (5), thereby forming a digital ledger in each of said trusted validating peer systems (5) and a corresponding state table. It also comprises a platform which implements such method and a distributed system (1) comprising such platform.

Claims

1. A method for ensuring auditability of a digital transaction comprising the following steps: a) on receipt of a set of hashes corresponding to the hashing of an encrypted digital transaction sent from a sender device to a recipient device in a first trusted validating peer system from a plurality of trusted validating peer systems, dissemination of such set of hashes from said first trusted validating peer system to the remaining trusted validating peer systems; b) consensus by the plurality of trusted validating peer systems on an agreed order associated with said set of hashes; c) appending of said set of hashes in said agreed order to a block in each of said trusted validating peer systems, thereby forming a digital ledger in each of said trusted validating peer systems and a corresponding state table, said trusted validating peer systems being connected between each other by a minimum number of connections per trusted validating peer system, such number being greater than 1.

2. The method according to claim 1 wherein said set of hashes is maintained in the referred blocks of each of the trusted validating peer systems through a Merkle Tree structure, each of the trusted validating peer systems maintaining an internal state of such Merkle Tree.

3. The method according to claim 1 wherein each hashing further comprises: a public key of a key pair associated with the sender device and the digital transaction being signed with the private key of said key pair.

4. The method according to claim 1 wherein said hashing consists of a Secure Hash Algorithm (SHA), preferably an agile algorithm such as Secure Hash Algorithm 3 (SHA-3).

5. The method according to claim 1 wherein each hashing further comprises: an identifier of the sender device and/or an identifier of a user associated with the sender device, an identifier of the recipient device and, preferably, a nonce associated with the encrypted digital transaction.

6. The method according to claim 1 wherein said appending of the set of hashes to a block in each of said trusted validating peer systems further comprises the appending of: an identifier of the sender device and/or an identifier of a user associated with the sender device, an identifier of the recipient device and, preferably, a nonce associated with the encrypted digital transaction and/or the time of the digital transaction.

7. The method according to claim 1 wherein said consensus between trusted validating peer systems is reached via Practical Byzantine Fault Tolerance algorithm (PBFT), the number of trusted validating peer systems consisting of a pre-defined number.

8. The method according to claim 1 wherein said digital transaction comprises chat, voice, email, file and/or video data.

9. The method according to claim 1 wherein each hashing further comprises a classification parameter, such classification parameter being associated with a security level and/or protocol of said encrypted digital transaction.

10. The method according to claim 1 wherein each trusted validating peer system of the plurality of trusted validating peer devices consists of an individual system having a unique identifier.

11. The method according to claim 1 wherein a trusted central server accesses more than one of the trusted validating peer systems, obtains at least one corresponding hash of said block, to be audited, and subsequently compares such hashes, preferably further obtaining an identifier of the recipient device and an identifier of the sender device associated with said hash.

12. The method according to claim 1 wherein, prior to step a), the sender device sends an identifier to at least one trusted central server which assigns to the sender device an identifier of such sender device and/or an identifier of a user associated with such sender device and/or, prior to the consensus of step c), trusted validating peer systems perform consensus on the digital transaction associated with said set of hashes, such that all execute the same transaction.

13. A platform for ensuring auditability of a digital transaction comprising a plurality of trusted validating peer systems configured to implement the method of claim 1.

14. A distributed system for ensuring auditability of a digital transaction comprising the platform of claim 13.

15. The distributed system for ensuring auditability of a digital transaction of claim 13 wherein the distributed system further comprising at least one sender device and at least one recipient device, the sender device (2) being configured to: send an encrypted digital transaction from the sender device (2) to a recipient device and, in parallel, perform hashing of such encrypted digital transaction into a set of hashes and subsequently transmitting such set of hashes to a first trusted validating peer system from said plurality of trusted validating peer systems.

Description

DESCRIPTION OF FIGURES

[0032] FIG. 1representation of an embodiment of the distributed system (1) of the present invention, highlighting: [0033] the plurality of trusted validating peer systems (5)indicated as VP in FIG. 1, each maintaining a ledger and being connected between each other: the minimum number of connections between trusted validating peer systems (5) is n1, n being the number of trusted validating peer systems (5), [0034] a trusted central server (4), which has access to the plurality of trusted validating peer systems (5) and which manages sending and corresponding receiving devices (3) configuration, such as over the air configuration or contact list management, [0035] a set of sender devices (2) (virtually linked through the identifier of a user associated with such sender devices (2)), one of which sends an encrypted digital transaction to a recipient device and, in parallel, sends a set of hashes of such encrypted digital transaction to one of the trusted validating peer systems (5), [0036] a recipient device, which in turn is part of a set of recipient devices (virtually linked through the identifier of a user associated with such recipient devices).

[0037] The transaction is sent in parallel through adequate end-to-end encryption protocol(s), to a corresponding receiving device (3).

[0038] FIG. 2representation of the main steps of the method of the present invention.

DETAILED DESCRIPTION

[0039] The more general and advantageous configurations of the present invention are described in the Summary of the invention. Such configurations are detailed below in accordance with other advantageous and/or preferred embodiments of implementation of the present invention.

[0040] In a preferred embodiment of the described method, prior to the consensus of step c), the trusted validating peer systems (5) perform consensus on the digital transaction associated with said set of hashes, such that all execute the same transaction. Hence, all execute the same transaction at all ledger instances. An example consists of deploying a transaction (step d) and subsequent query of transactions (for auditing).

[0041] In any of the described embodiments, each trusted validating peer system (5) may consist of a device or of a set of devices, in both cases operating as described.

[0042] In a preferred embodiment of the method of the present invention, said consensus between trusted validating peer systems (5) is reached via Practical Byzantine Fault Tolerance algorithm (PBFT), the number of trusted validating peer systems (5) consisting of a pre-defined number.

[0043] In a preferred embodiment of such method, a trusted central server (4) accesses more than one of the trusted validating peer systems (5), obtains at least one corresponding hash (i.e., hash path) of said block, to be audited, and thereby subsequently compares corresponding hashes, preferably further obtaining an identifier of the recipient device and an identifier of the sender device (2) associated with said hash (to be audited).

[0044] In a preferred embodiment of such method, prior to step a), the sender device (2) sends an identifier to at least one trusted central server (4) which assigns to the sender device (2) an identifier of such sender device (2) and/or an identifier of a user associated with such sender device.

[0045] In a preferred embodiment of the distributed system (1) for ensuring auditability of a digital transaction, the trusted central server (4) is configured to access more than one of the trusted validating peer systems (5), obtain at least one corresponding hash (i.e., hash path) of said block and subsequently compares such hashes, preferably further obtaining an identifier of the recipient device and an identifier of the sender device (2) associated with said hash.

[0046] Additionally, in an embodiment such distributed system (1) further comprises at least one sender device (2) and at least one recipient device, the sender device (2) being configured to: [0047] send an encrypted digital transaction from the sender device (2) to a recipient device and, in parallel, [0048] perform hashing of such encrypted digital transaction into a set of hashes and subsequently transmitting such set of hashes to a first trusted validating peer system (5) from said plurality of trusted validating peer systems (5).

[0049] As the referred sender device, the recipient device may also be virtually linked with other recipient devices by means of an identifier of a user associated with such recipient devices.

[0050] The method of the present invention falls within the scope of Blockchain technologies, yet comprising innovative features which distinguish from such technologies, thereby enhancing them, as above described. The present invention applies a Blockchain based methodology.

[0051] Further, the method of the present invention enables the analysis of data maintained in the validating peer systemfor example by using an Artificial Intelligence engineto identify usage anomalies such as (i) IP discrepancies (sender identifiers), (ii) locations/Geolocations mismatch, (iii) concurrent communication channels, or (iv) recipients' anomalies.

[0052] The present invention thus provides auditability for several applications, such as dispute resolution, legal recourse, investigations, or proactive risk management.

[0053] Further, access from the trusted central server (4) (to an Auditor) can be limited to individual users (with associated identifiers) or devices (also through associated identifiers) and/or to circumscribed transaction time periods and/or associated nonces. Furthermore, access can be graduated so as to release transaction-specific data to only if there is an established cause.

[0054] As will be clear to one skilled in the art, the present invention should not be limited to the embodiments described herein, and a number of changes are possible which remain within the scope of the present invention.

[0055] Of course, the preferred embodiments shown above are combinable, in the different possible forms, being herein avoided the repetition all such combinations.