privacy-enabled payment cards - standards australia · roles – immigration agency – sanctions...
TRANSCRIPT
![Page 1: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/1.jpg)
PRIVACY-ENABLED PAYMENT CARDSA case study of
Combining asylum seekers’ privacy and AML/KYC regulation
Pietu Pohjalainen, Ph.D.
![Page 2: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/2.jpg)
CONTENTSCompany presentationProblem definitionBlockchain solutionNew business models Outlook to the future
![Page 3: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/3.jpg)
Nets is the leader in the Nordics
Nets’ strong presence in the Nordic
market means that we know local
market conditions, legislation ,
trends and languages.
COPENHAGENHQ
OSLO
STOCKHOLM
HELSINKI
TALLINN VILNIUS
RIGA
![Page 4: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/4.jpg)
A coordinator in a strong digital ecosystem
MERCHANTS300,000+
30,000+ online
CONSUMERS
-
BUSINESS & PUBLIC SECTOR
240,000 CORPORATES
BANKS200+
DATA CENTERS
7.3 billion transactions8.1 billion digital identities
2,500 employees6.8 bn in turnover
DISTRIBUTORS & PARTNERS500+
![Page 5: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/5.jpg)
• Year 2015 brought Europe a shockwave of asylum seekers
• Using prepaid payment cards would significantlysave in monthly allowance process costs
• KYC/AML requirements associated with a payment card issuing license require the issuerto know the name of the card holder
• Privacy requirements to protect identity prohibitgovernments to give out the names of theirasylum seekers to 3rd parties
Issuing cards to asylum seekers
![Page 6: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/6.jpg)
• International bodies are publishing sanctionlists of individuals whose assets ought to befrozen or otherwise restricted
International sanctions lists
• The standard way is to check the issuedcardholder nameagainst the list
![Page 7: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/7.jpg)
Normal way to operate corp cardsRoles – corporate <–> card issuer
Issue to name JOHN SMITH
JOHN SMITH’s card
What if the cardholder name is
MIGRI 00001
![Page 8: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/8.jpg)
Privacy-preserving issuing of cardsRoles – immigration agency – sanctions list indexer – query API provider – card issuer
Ethereumblockchain
Crea
teid
entit
y0x
de0B
2956
69a9
FD9
3d5F
28D9
Ec85
E40f
4cb6
97BA
e
Write sanctionlist data
Notifymatches
![Page 9: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/9.jpg)
Role: Immigration agencyCreate a blockchain identity e.g. 0xde0B295669a9FD93d5F28D9Ec85E40f4cb697BAeNotify the indexer the public key to use for encryptionAgree with indexer about the shared secret key to useMIGRI_VERY_SECRET_PASSWORDQuery against the blockchain database for hits in the sanctions list, using SHA256(’secret’ + ’query term’)In case of a match, decrypt contents with the privatekey associated to the identityNotify the card issuer in a case of match
![Page 10: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/10.jpg)
Role: Payment card issuerIssue cards to anonymized cardholdersBe prepared to place an issued card into a restricted listupon notification
I don’t need to change anything ..
SUITS ME FINE!
![Page 11: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/11.jpg)
Role: List indexerMonitor the published listsUpdate the shared blockchain database stateIndex new entries from the the published list to the Ethereum blockchainEncrypt the data by elliptic curve Diffie-Hellmanencryption using ephemeral keys (ECDHE) to protect the identitiesHandles only public or contracted information
Ethereumblockchain
Write(SHA256(’MIGRI_SECRET’ + ’SADDAM’),ECDHE(’ <ENTITY Id="13" Type="P"
legal_basis="1210/2003 (OJ L169)“pdf_link="http://eur-lex.europ.PDF”programme="IRQ"
…>’);
![Page 12: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/12.jpg)
Role: API providerOperate the infrastructure to make queriesDoes not see what was asked or what was returned
Due to query key being one-way hashedDue to returned answer being Diffie-Hellman encrypted
![Page 13: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/13.jpg)
New business models
New roles of the database indexer and API connectionprovider
Are independent of each otherAre designed not to contain vendor lock-inProviders can concurrently co-exist
New aspects of qualityDegree of privacy preservation(fully public / queries anonymized / matches anonymized / everything anonymized)
![Page 14: privacy-enabled payment cards - Standards Australia · Roles – immigration agency – sanctions list indexer – query API provider – card issuer. Ethereum. blockchain. Create](https://reader035.vdocuments.net/reader035/viewer/2022063011/5fc5d3915877ec10146a47bc/html5/thumbnails/14.jpg)
Questions and discussion
He fumbled for the doorhandleof the refrigerator, to get out a carton of milk.”Ten cents, please”, the refrigerator said. ”Five cents for opening my door; five cents for the cream.”UBIK – Philip K. Dick, 1969