The emerging virtual asset service providers (VASP) industry currently faces a number of challenges related to the Travel Rule, notably in connection to customer personal information, account number and cryptographic key information. Given that VASPs will be handling virtual assets of different forms, where each may be bound to a different private-public key pairs on the blockchain, VASPs also face the additional problem of key management generally. The key management aspects pertain not only to VASPs themselves – as owners of their private-public keys – but also to customers who posses wallets (non-custodial) that hold their private-public keys. Most end-user consumers have never had to “handle” raw keys or own wallets . From the perspective of the Travel Rule the private-public keys in customer wallets become a concern to a VASP when the customer associates their public-key with their account at the VASP, but then use the private-key for direct wallet-to-wallet transactions.
In cases where a VASP becomes a custodial of a customer’s private-public key, then the VASP must apply the same degree of protection as it does for its own keys. That is, the key management lifecycle  must be a core part of the cyber-security strategy of the VASP. The cyber-resilience a VASP’s key management infrastructure has an impact on the business of being a VASP, including obtaining insurance for the virtual assets in its possession. Reports of successful hacks on cryptocurrencies [3, 4, 5] has the potential to tarnish the VASP industry as a whole. Thus, a move towards a new decentralized economy [6, 7] brings with it new challenges arising from the need to decentralized computing infrastructures, and the need to understand “trust” through a decentralized lens.
The recent FATF Recommendations treats virtual assets as a digital representation of value, and as such is covered under the existing Anti-Money Laundering (AML) regulations and the Travel Rule. This means VASPs must be able to obtain, verify, retain and share respective customer information (originator and beneficiary) in the same manner as existing financial institutions. This means, among others, personal information, account information, and transactions information. However, as pointed out in , in the case of virtual assets on a blockchain, the key-ownership information and key-operator information becomes another aspect of the customer’s account that VASPs must manage. This is because virtual assets on blockchains are directly controlled by cryptographic keys, and therefore by the entity who controls the private-public key pair.
In this paper, we seek to address technological means to provide the ownership information for private-public keys that are located within a customers wallet device. More specifically, we explore how attestation technologies as applied to wallet systems can provide VASPs with means to prove operational controls of keys in wallets. The capability to obtain “visibility” into the state of keying material in a wallet device – without revealing the customer’s private-keys – provides a good basis for a VASP to perform management (remote management) of the customer wallet. This in turn allows VASPs to address some of the regulatory compliance requirements arising from the Travel Rule.
In Section 4 we review the concept of device attestations in the context of the VASPs and blockchains use-case, as a means to assist a VASP in obtaining better visibility into the internal state of the wallet devices [9, 10]. We review the current efforts in industry relating to the standardization of attestation architectures and evidence conveyance protocols. We discuss the application of device attestations to wallets in Section 5, and explore how communities of VASPs arranged in a consortium or “trust network” can use of shared attestation services as a means for VASPs to collectively address some of the challenges arising due to the Travel Rule.
In the current work, we seek to make the concepts around device attestations to be more easily understandable and more accessible to the broad readership interested in VASPs, wallets and the virtual assets industry generally. Much of the language describing attestations come from the area of trusted computing, which has been heavily influenced by the two-decades of the development of the Trusted Platform Module (TPM) chip [11, 12]. As such, we will strive to abstract-up from the various design features of the TPM and focus on the intent of some of these features, narrowing our interest on those features that support attestation and its potential use for VASPs in their ecosystem. Readers interested in details of the TPM are directed to the excellent works of [13, 14, 15].
2 Virtual Assets, VASPs and the Travel Rule
Since the advent of the Bitcoin system in 2008 , there has been an ever-growing interest among the general public in the potential use of crypto-currencies (“crypto”) and virtual assets for decentralized unmediated financial transaction. One of the key issues in this nascent crypto industry is the need for virtual asset service providers to comply with the various financial regulations related to Anti-Money Laundering (AML), terrorism financing and other banking related regulations. At the international level, the inter-governmental body established to set the standards and promote the effective implementation of legal, regulatory and operational measures is the Financial Action Task Force (FATF) .
2.1 FATF Recommendations No. 15 and the Travel Rule
A major milestone event in the crypto-currencies industry was the publication of the FATF Recommendation No. 15 in late 2018 which provided a comprehensive definition the notion of virtual Assets and virtual Asset Service Providers (VASP) :
Virtual Asset: A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities and other financial assets that are already covered elsewhere in the FATF Recommendations.
Virtual Asset Service Providers (VASP): Virtual asset service provider means any natural or legal person who is not covered elsewhere under the Recommendations, and as a business conducts one or more of the following activities or operations for or on behalf of another natural or legal person: (i) exchange between virtual assets and fiat currencies; (ii) exchange between one or more forms of virtual assets; (iii) transfer of virtual assets; (iv) safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and (v) participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.
In this context of virtual assets, transfer means to conduct a transaction on behalf of another natural or legal person that moves a virtual asset from one virtual asset address or account to another .
One of the main requirements called out in the FATF Recommendation No. 15 and its accompanying Guidelines document  is the mandated need for VASPs to retain information regarding the originator and beneficiaries of virtual asset transfers. That is, a VASP must posses accurate information regarding a customer before aiding that customer in conducting transactions in virtual assets.
Another important implication of the Recommendation No. 15 is that cryptocurrency exchanges and related VASPs must be able to share the originator and beneficiary information for virtual asset transactions. This process – also known as the funds Travel Rule – originates from the US Bank Secrecy Act (BSA 31 USC Secs. 5311-5330), which mandates that financial institutions deliver certain types of information to the next financial institution when a funds transmittal event involves more than one financial institution. This rule became effective in May 1996 and was issued by the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN). Other groups of financial institutions (e.g. Wolfsberg Group ) have also tailored their AML principles based on the FATF Recommendations.
2.2 Key Management Configurations
In contrast to traditional banking institutions – which have been operating under the same Travel Rule for over two decades – VASPs today have the additional problem of dealing with cryptographic keys associated with customers. This stems from the fact that virtual assets on a blockchain is directly controlled through the private-public key associated with that virtual asset.
For VASPs there are a number of possible models or configurations with regards the management and use of the private-public key pair used to sign transaction on the blockchain. Two of the configurations relevant to the current discussion are shown in Figure 1 (see  for other variations).
In configuration (a) of Figure 1, the customer holds its private-public keys in the customer’s wallet. The Originator-VASP holds a copy of the customer’s public key, possibly enveloped within a digital certificate (e.g. X.509 certificate [21, 22, 23]). There are at least two ways involving VASPs for a wallet-based key-pair to be used by the originator customer to transfer virtual assets to a beneficiary. In the first case, the originator creates the signed transaction (addressed to the beneficiary) and delivers to its VASP (Originator-VASP), requesting the VASP to transmit the virtual asset onto the blockchain. This provides the opportunity for the VASP to perform the relevant Travel Rule verifications with regards to the destination beneficiary. Thus, technically speaking the VASP acts similar to a forwarding “gateway” that processes “ready-to-transmit” transactions signed by the private-key in the customer wallet. In the second case, the originator customer is the entity actually transmitting the transaction (i.e. direct from its wallet). However, before doing so the the originator relies on its VASP to perform the Travel Rule verifications regarding the destination beneficiary. Then, once the originator customer obtains permission (“green light”) from its VASP, the originator transmits the transaction directly from its wallet. In either of these cases, the Travel Rule applies to the VAPSs, the originator and the beneficiary.
In configuration (b) of Figure 1 the customer does not hold any private-public keys or own any wallet. Instead, the customer opens an account at the VASP and all the customer’s asset-transactions are dealt with by the VASP. In this approach, the VASP has at least two options with regards key management. In the first option, the VASP could hold a separate private-public key pair for each customer and employ that key-pair on behalf of the customer when transacting the customer’s virtual assets. This approach is often referred to as the key custodial configuration . In the second option, the VASP employs its own private-public key pair to sign all asset-related transactions. In this case various customer assets can be said to be commingled. With commingled assets/accounts, the VASP can batch together multiple transactions from its various customers, thereby reducing the overall cost (fees) of the transaction.
2.3 Customer Accounts & Key Ownership Information
Aside from the customer personal or business information, the Travel Rule also requires that financial institutions and VASPs furnish the account numbers when performing asset transfers. This brings a number of interesting challenges with regards to how “account numbers” are to be realized in the case of virtual assets on the blockchain and how private-public keys are to be associated with accounts.
With regards to account numbers, the work of OpenVASP  has proposed the establishment of a standardized VASP code for each VASP consisting of the last 32-bits of the public-key of the VASP. Although the proposal is expressed in the context of the Ethereum system , the notion of a 32-bit VASP code is generally speaking logical, practical and indeed necessary from a VASP operations point of view. The 32-bit VASP code provides sufficient bit-space to uniquely identify up to millions of VASPs in the future. When used in the context of Ethereum, VASPs also have the option of claiming a namespace within the Ethereum Name Service (ENS), and thus allowing the VASPs public-keys (i.e. its customer’s public-keys) to be known and discoverable within the ENS context. The proposal of  also includes the notion of a unique Virtual Asset Account Number (VAAN) for each customer, where the first 32-bit of the VAAN number is the VASP code. This proposal is logical and reasonable, and it mimics the familiar bank ABA routing numbers and account numbers.
Given that private-public key pairs are the means to control virtual assets, we believe that for compliance to the Travel Rule, VASPs will also need to maintain information regarding the key-pairs of their customers. VASPs most likely will be required to share key-related information or certificates with other VASPs and financial institutions involved in virtual asset transfers. Key-related information should be considered as another attribute of the customer account information that is required in order to comply to the Travel Rule.
Thus, in the context of the various possible key management configurations (Section 2.2 and Figure 1), it is useful to distinguish between key-ownership information and key-operator information . This is particularly important for VASPs from a risk management and assets-insurance perspective [27, 28].
Key ownership information: This is information pertaining to the legal ownership of cryptographic public-private keys. The traditional mechanism to denote legal ownership is through the registration of the public-key to a Certification Authority (CA), and for the CA to issue a public-key certificate for that key . The certificate itself is signed by the CA, effectively making the CA a notary asserting the ownership of the key-pair. The CA itself must be a registered business operating under a service contract (known as the Certificate Practices Statement).
It is worth noting that ability for an entity to prove possession of a private-key – such as exercising the private-key in a challenge-response protocol (e.g. CHAP ) or in signing a transaction on the blockchain – does not imply legal ownership of the key.
Key operator information: This is information or evidence pertaining to the legal custody by a VASP of a customer’s public-private keys. This information is relevant for VASPs which adopt a key-custodial business model, where the VASP holds and operates the customer’s public-private keys to sign transactions on behalf of the customer. Here, the customer legally owns the public-private key-pair, but the customer-authorized legal operator of the key-pair is the VASP.
In the next section we review a number of challenges faced by the emerging VASP industry. Some of these challenges are related to the Travel Rule, while others are related to the operational aspects of VASPs and the need for VASP industry to develop and establish new trust infrastructures to support transaction on decentralized blockchain networks.
3 Current Challenges in the VASP Industry
Aside from crypto-asset insurance issues, there are currently a number of challenges faced by the VASP community globally. These challenges arise not only because of existing regulations with regards to AML/FT, but also because the of the rapid changes occurring in blockchain and DLT technologies. We briefly discuss some of these issues as a background to the discussion on attestations in the ensuing sections, and later to a discussion on the benefits of wallet attestations to VASPs and to crypto-asset insurers.
In the following we use the term regulated wallet to denote a wallet system (hardware and software) that is in possession of a customer of a supervised (regulated) VASP . The understanding is that the customer’s private-public keys are within the wallet device, and that the wallet device is in the possession and under the control of the customer (Figure 1(a)). From the perspective of customer information we use the term “regulated” in the sense of FINMA . This means that the customer is registered at a VASP, owns an account at the VASP, and the VASP is able to fulfill the compliance requirements of the Travel Rule for that customer.
We use the term private wallet to denote a wallet system belonging to an unverified entity. This implies that in the extreme case the wallet-holder information is unattainable by a VASP, despite the VASP querying other VASPs in the messaging network and querying certification authorities (CA) reachable by the VASP.
3.1 A Secure Messaging Network for VASPs
The need to exchange customer account information and other private information raises the question regarding the need for a secure messaging network for VASPs [32, 33]. Such a messaging network may or may not be implemented using blockchain technology. However, there are a number of fundamental requirements for such a messaging network. Among others, it must: (i) protect customer/VASP data privacy, (ii) provide secure transport of customer/VASP information between endpoints, (iii) operate based on the strong identification and authentication of VASPs in the network, and (iv) be able to operate independent of any specific virtual-asset blockchain network, current or future.
The need for a secure transport (e.g. SSL/TLS connection) from one VASP to another implies that VASPs will also need to posses private-public keys designated for negotiating the secure transport. It is good security practice to keep the SSL/TLS private-public keys distinct from the private-public keys used by a VASP to sign transactions for the blockchain. Ideally, the SSL/TLS private-public keys should be wrapped in a digital certificate (e.g. X.509), possibly using Extended Validation (EV) certificates that carry business information regarding the VASP that owns the EV-Certificate .
Such a messaging network must be able to evolve and persist over the next few decades, independent of (but informed by) the technological advancements in blockchains. It must allow a community of VASPs to exchange information pertinent to the Travel Rule, for any type of virtual asset transfers (e.g. crypto-currencies, tokenized assets, etc) on current and future blockchain systems. Figure 2 provides a high level illustration of a VASP messaging network, shown to be logically separate from the virtual asset blockchain. Figure 3 illustrates a possible layered architecture for the VASP messaging network.
In Figure 2 the Originator (Beneficiary) customer is assumed to have a business relationship (e.g. account) with the Originator-VASP (Beneficiary-VASP). This is shown as (A) and (B). The VASP messaging network is denoted as (C) and (D), where the Originator-VASP can securely transmit the originator customer information to the Beneficiary-VASP in (C), and vice versa in (D).
Efforts are currently underway to develop such a messaging network and the related trust infrastructures (e.g. certificates, decentralized directories) to support VASPs in complying to the various aspects of the Travel Rule (see [33, 25]). A standard customer information model has recently been developed  that would allow VASPs to interoperate with each other with semantic consistency when exchanging customer data.
3.2 Synchronization of Customer Information with Transactions
The Travel Rule requires VASPs to “synchronize” (track or correlate) between transactions on the virtual assets blockchain with customer information. More specifically, this means that both the Originator-VASP and the Beneficiary-VASP must account for every customer transaction, and correlate transaction-related information to the correct originator and beneficiary respectively.
Related to this is the question of customer data privacy . Every instance of the exchange of customer information must be driven by (pertain to) transactions from the customers. The corollary is that VASPs are not permitted to exchange customer-related information outside the context of a customer transaction.
This introduces a number of complications for VASPs with regards to the latency in the completion of customer transactions. A given VASP may need to delay the transmission of customer transaction until the relevant Travel Rule information (ie. regarding the beneficiary) has been obtained and verified. This requirement is bi-directional or mutual between VASPs. This means that the Beneficiary-VASP must also obtain and verify the originator customer information (e.g. from the Originator-VASP) before accepting transfers of virtual assets from the originator or its Originator-VASP. Such delays may be deemed to be “disappointing” by customers accustomed to media crypto-hype [37, 38]. Solving this challenge is beneficial for all VASPs around the world, but will require corporation among competing VASPs.
3.3 Direct Transactions from Wallets
One of the dilemmas faced by VASPs is the desired (demand) on the part of customers to perform direct transactions from the customer’s wallet (i.e. peer-to-peer). This is illustrated in Figure 2 in flow (3a) and flow (3b). This demand can be addressed if both wallets (originator and beneficiary) are regulated wallets respectively. However, the dilemma arises when only the originator wallet is regulated, and the beneficiary information is not verifiable immediately by the Originator-VASP.
One possible solution is for VASPs to permit (pre-authorize) customers with regulated-wallets to transact up to a maximum daily limit as defined by local regulations (e.g. $3K per day). The Originator-VASP must then perform the verification of the beneficiary information after the transaction has been confirmed on the blockchain. The task of post-event verification would be made easier if the beneficiary is found to be associated with a Beneficiary-VASP.
This limited pre-authorized solution could be tightly integrated into user authentication/authorization Single Sign-On (SSO) protocol [39, 40, 41] via the customer’s wallet. When a customer seeks to perform a direct transaction from its wallet, the customer/user would need to perform SSO (using the user’s wallet) to the authorization service of the VASP, which should just take a few seconds. This process essentially provides a mechanism for the wallet to notify the VASP authorization server that the wallet will soon be transmitting a transaction in a direct P2P fashion to a beneficiary wallet. The SSO event provides a window of time for the VASP to verify whether the beneficiary is a known entity to the VASP (e.g. previously transacted from the customer) and whether a Beneficiary-VASP can be located corresponding to the beneficiary wallet holder.
3.4 VASP Transactions to Private Wallets
Another acute problem pertains to cases where an originator customer of a regulated VASP requests asset transfers to an address (public-key) of a private wallet. This is shown as flow (2a) and flow (2b) in Figure 2.
The originator customer may only have informal and incomplete information regarding the beneficiary holder of the private wallet (i.e. either a person or an organization). The challenge, therefore, becomes one in which the Originator-VASP needs to seek information at other VASPs regarding that destination address. Indeed, this is one of the main reasons VASPs need to create a trust network or industry consortium operating under a legal trust framework (see ). Efforts such as TRISA  are aimed at solving this dilemma, based on discovery protocols as well as VASP-level federated directories.
The problem also has data privacy dimension . A remote VASP located in a different jurisdiction may have verified information regarding holder of a private wallet or address. However, that remote VASP may be prohibited (e.g. under local data privacy regulations) from disclosing knowledge of the owner of a given address or public-key. As such, the remote VASP maybe prohibited from even responding to the query.
3.5 On-Boarding and Off-Boarding Customers
There are a number of challenges related to the on-boarding of a customer possessing a wallet. In the case that the customer wallet is regulated (i.e. previously known to another regulated VASP), then there are a number of practical issues that the acquiring VASP needs to face. These include: (i) validating whether prior to on-boarding the wallet was regulated or private; (ii) validating that the keys present within the wallet corresponds to the customer’s historical transactions (confirmed on the blockchain); (iii) verifying whether a backup/migration of the wallet has occurred in the past; (iv) determining whether the customer’s assets should be moved to new keys, and if so, how the “old” keys will be archived; and so on.
In the case where the customer’s wallet is private, then the VASP may choose to require the customer to create a separate instance of the wallet application within the device, associated with the VASP. This provides a way for the VASP to be responsible only for the “regulated partition” of the wallet while allowing the customer to retain the private portions of the wallet. Trusted Execution Environment (TEE) technologies such as Intel SGX [44, 45] may provide a way to achieve this partition, and at the same time provide evidence regarding the partition on the wallet device which is under the Travel Rule responsibility of the VASP.
The case of a customer leaving a VASP also introduces a number of questions that may be relevant under the Travel Rule. The releasing VASP may need to address various question, including: (i) preparing evidence that the wallet was in a regulated state whilst the owner of the wallet was a customer of the VASP; (ii) whether the customer’s assets should be moved to a temporary set of keys, denoting the end of the VASP’s responsibilities for the customer under the Travel Rule; (iii) obtaining evidence from the wallet that the “old” keys (non-migrateable keys) have been erased from the wallet device, thereby rendering the keys unusable in the future by the customer; and so on.
3.6 Cross-Jurisdiction Asset Transfers
Within certain jurisdictions the operational requirements may be more stringent. For example, in Switzerland the FINMA ordinance on Anti-Money Laundering (AMLO) makes it unambiguously clear that no exception is permitted for payments (i.e. virtual asset transfers) involving “unregulated wallet providers” . This rule, among others, is to prevent (reduce) problems faced by supervised providers (i.e. VASPs) in cases where it has to deal with virtual asset transfers from an unregulated wallet provider.
This brings into focus the challenge of how virtual asset transfers will occur between two VASPs where each are operating under different jurisdictions with different levels of stringencies. Furthermore, as long as an institution (i.e. VASP) supervised by FINMA is not able to send and receive the customer information required in payment transactions, such transactions are only permitted between wallets of the institution’s own customers.
Relevant to the current work on attestations is the requirement in FINMA that the ownership of a wallet be proven using “suitable technical means” .
4 A Standard Architecture for Attestations
Recently, the notion of attestations has have garnered interest within different technical standards organizations and industry consortiums, beyond the TCG alliance (e.g. FIDO Alliance , Global-Platform , IETF ). Despite the notion of device attestations nearing two-decades in age , the concepts around attestations – such as endorsements, validations and freshness – are just recently coming into wider attention in the broader industry. The hope is that a canonical attestation architecture will allow standards to be developed that implement the various protocols and flows for relevant sectors and products (routers and network equipment [51, 52], mobile devices , cloud stacks , etc). By having a common reference architecture, different efforts can share common terminologies, concepts and implementations and therefore affect a reduction in costs of developing and deploying the infrastructures supporting cyber-resilience and trustworthy computing generally.
The fundamental idea of attestations of a “thing” (e.g. a computing device) is that of the conveyance of truthful information regarding the (internal) state of the thing being attested to. In the related literature on trustworthy computing the term “measurement” is used to mean the act of collecting (introspecting) claims or assertions about the internal state, and delivering these claims as evidence to an external party or entity for automated review and security assessment.
However, as we know today computing environments can be structurally complex and may consist of multiple elements (e.g. memory, CPU, storage, networking, firmware, software), and computational elements can be linked and composed to form computational pipelines, arrays and networks. Thus, the dilemma is that not every computational element can be expected to be capable of attestation. Furthermore, attestation-capable elements may not be capable of attesting every computing element with which it interacts. The attestation capability could in fact be a computing environment itself (Figure 4). The act of monitoring trustworthiness attributes, collecting them into an interoperable format, integrity protecting, authenticating and conveying them requires a computing environment – one that should be separate from the one being attested. Figure 4 illustrates the recognition of this distinction, namely of the target environment being attested to, and the attesting environment that performs the work stated above111An example of an attesting environment is the Quoting Enclave within Intel SGX [44, 45]..
The complexity of the problem has led to a number of efforts in industry to define an attestation architecture that incorporates some of these key concepts – such as the concept of the root-of-trust – and to develop standards that implement attestation concepts [54, 49]. The roles and functions of the attestation architecture is shown in Figure 4. In a nutshell, in Figure 4 an attester conveys evidence of trustworthiness (of the attested target environment) to a verifier entity. The verifier operates based on policies that are supplied by the owner of the verifier.
4.2 Entities, Roles and Actors
The attestation architecture of  defines of a set of roles that implement attestation flows. Roles are hosted by actors, where actors are deployment entities. Different deployment models may coalesce or separate various actor components and may call for differing attestation conveyance mechanisms. However, different deployment models do not fundamentally modify attestation roles, the responsibilities of each role, nor the information that flows between them. In the following sections, we may use the actor and role terminology interchangeably when appropriate in order to simplify discussion (see Figure 5).
Attester: The Attester (e.g. target device) provides attestation Evidence to a Verifier. The Attester must have an attestation identity that is used to authenticate the conveyed Evidence and establishes an attestation endpoint context. The attestation identity is often established as part of a manufacturing process that embeds identity credentials in the entity that implements an Attester.
Verifier: The Verifier accepts Endorsements (from Endorsers) and Evidence (from the Attester) then conveys Attestation Results to one or more Relying Parties. The Verifier must evaluate the received Endorsements and Evidences against the internal appraisal policies chosen or configured by the owner of the Verifier . The Attestation Service Provider (ASP) is typically the actor which implements the Verifier role. An example of the ASP role is described in .
Relying Party: The Relying Party (RP) role is implemented by a resource manager that accepts Attestation Results from a Verifier. The Relying Party trusts the Verifier to correctly evaluate attestation Evidence and Policies, and to produce a correct Attestation Result. Thus, we assume that the RP and the Verifier has a business relationship or some other basis for trusting one another. The Relying Party may further evaluate Attestation Results according to Policies it may receive from an Owner. The Relying Party may take actions based on the evaluation of the Attestation Results.
Endorser: An Endorser role is typically implemented by a supply chain entity that creates reference Endorsements (i.e., claims, values or measurements that are known to be authentic). Endorsements contain assertions about the device’s intrinsic trustworthiness and correctness properties. Endorsers implement manufacturing, productization, or other techniques that establish the trustworthiness properties of the Attesting Environment. This is shown as flows (a) and (b) in Figure 5.
Owner of Verifier: The Verifier Owner role has policy oversight for the Verifier. It generates Appraisal Policy for Evidence and conveys the policy to the Verifier. The Verifier Owner sets policy for acceptable (or unacceptable) Evidence and Endorsements that may be supplied by Attesters and Endorsers respectively.
The policies determine the trustworthiness state of the Attester and how best to represent the state to Relying Parties in the form of Attestation Results. The Verifier Owner manages Endorsements supplied by Endorsers and may maintain a database of acceptable and/or unacceptable Endorsements. The Verifier Owner authenticates Verifiers and maintains lists of trustworthy Endorsers, peer Verifiers and Relying Parties with which the Verifier might interact.
Owner of Relying Party:
The Relying Party (RP) Owner role has policy oversight for the Relying Party (RP). The RP-Owner sets appraisal policy regarding acceptable (or unacceptable) Attestation Results about an Attester that was produced by a Verifier. The RP-Owner sets appraisal policies on the Relying Party that authorizes use of Attestation Results in the context of the relevant services, management consoles, network equipment, an enforcement policies used by the Relying Party. The Relying Party Owner authenticates the Relying Party and maintains lists of trustworthy Verifiers and peer Relying Parties with which the Relying Party might interact.
Evidence: The Attestation Evidence is a role message containing assertions from the Attester role. Evidence should have freshness and recentness claims that help establish Evidence relevance. For example, a Verifier supplies a nonce that can be included with the Evidence supplied by the Attester. Evidence typically describes the state of the device or entity. Normally, Evidence is collected in response to a request (e.g. challenge from Verifier).
Evidence may also describe historical device states (e.g. the state of the Attester during initial boot). It may also describe operational states that are dynamic and likely to change from one request to the next. Attestation protocols may be helpful in providing timing context for correct evaluation of Evidence that is highly dynamic.
Endorsements: Endorsement structures contain reference Claims that are signed by an entity performing the Endorser role (e.g. supply-chain entity or manufacturer of the target device). Endorsements are reference values that may be used by Owners to form attestation Policies.
Some endorsements may be considered “intrinsic” in that they convey static trustworthiness properties relating to a given actor (e.g., device, environment, component, TCB, layer, RoT, or entity). These may exist as part of the design, implementation, validation and manufacture of that actor implementation.
An Endorser (e.g. manufacturer) may assert immutable and intrinsic claims in its Endorsements, which then allows the Verifier to carry-out appraisal of the Attester (e.g. device) without requiring Attester reporting beyond simple authentication.
4.3 Summary of an Attestation Event
Figure 5 illustrates the canonical attestation model. When an Attester (e.g. target device) seeks to perform an action at the Relying Party (e.g. access resources or services controlled by the Relying Party) the Attester must first be evaluated by the Verifier. Among its inputs, the Verifier obtains endorsements from the Endorser (e.g. device manufacturer) in flow (a) of Figure 5. Prior to allowing any entity to be evaluated by the Verifier, the Owner of the Verifier must first configure a number of appraisal policies into the Verifier for evaluating Evidences. The policies are use-case specific but may require other information about the Attester (or User) to be furnished to the Verifier. This is shown in Step 1 of Figure 5. Similarly, in Step 2 the owner of the Relying Party (e.g. resource or service) must configure a number of Appraisal Policies for Attestation Results into the Relying Party.
When the Attester requests access to the resources at the Relying Party (Step 3), it will be redirected to the Verifier (Step 4) – the understanding being that the Attester must deliver attestation Evidence to the Verifier. Included here are the endorsement(s) that the Attester obtained previously from the Endorser (flow(b) of Figure 5). The flow represented by Step 3 may be multi-round and may include a nonce challenge that the Attester must include in its computation of the Evidence as a means to establish freshness.
After verification and appraisal of the Attester completes, the Verifier delivers the Attestation Result to the Relying Party in Step 5. The Relying Party in its turn must evaluate the Result against its own policies (set previously in Step 2). If the Relying Party is satisfied with its evaluation of the Attestation Result regarding the Attester, it will provide the Attester with permission to complete the action it seeks to perform (e.g. access resources at the RP).
5 Wallet Attestations to Support VASPs
Following from the previous discussion regarding the emerging standard architecture for attestations, we explore the application of the attestation architecture for the case of wallet devices. We consider the potential benefits of wallet attestations for VASPs, notably in the context of regulated wallets. Readers interested in the application of attestations to nodes (i.e. mining nodes , validator nodes ) are directed the work of .
In the current work we use the generic term wallet device to encompass both the hardware and software of the wallet system (see the NIST definition of wallets in ). Furthermore, we use the term broadly to mean wallet systems located within consumer electronic devices (e.g. mobile devices, smartphones, PC computers, etc.) as well as Enterprise-grade key management systems deployed within organizations . Thus, as will be seen, attestation capabilities should be used by wallets regardless of their portability factor (i.e. smartphones) or legal ownership (i.e. individuals or organizations).
The need to protect keys has been a requirement since the emergence of digital cryptography. The need for key protection capabilities expanded with the adoption of public-key cryptography  into the mainstream computing and networking industry. In the late 1990s the demand for key protection capabilities in industry emerged with the rise of the Certification Authorities (CA) business model. The high-cost of Hardware Security Module (HSM) cards in the late 1990s meant that only CAs and corporate buyers could afford these HSM cards.
The effort to produce a low-cost trusted hardware chip commenced in 1999 with the formation of the Trusted Computing Platform Alliance (TCPA), which was subsequently renamed the Trusted Computing Group (TCG) . The goal of the TCG was to develop a trusted hardware specifications that permitted the hardware to be manufactured at very low cost (e.g. less than a couple of dollars). The cost had to be extremely low – compared with HSM cards, that could cost several hundred dollars per card – because the initial targeted market segment was the PC computer market (i.e. PC OEMs), which is a very cost-sensitive segment of the market. At the same time, Smart Cards  were under development and was targeted primarily for the newly emerging mobile phone market. Thus the TCG trusted hardware must also be below the cost of smart cards.
The specifications for trusted hardware from the TCG alliance was called the Trusted Platform Module (TPM), with the hardware version 1.2 becoming available in the 2004-2005 timeframe. Wide deployment of the TPMv1.2 begun in 2006, notably with the new purchase requirements from the U.S. Army. More specifically, in February 2006 the U.S. Army Small Computer Program published a new Consolidated Buy-2 (CB2) Desktop and Notebook minimum specifications for Army customers. The Army’s new specification requires desktop and laptop personal computers be equipped with the new TPM (v1.2) hardware. This event represented a milestone in the adoption of trusted computing standards.
It is fair to say that the notion of “attestations” and device “measurements” originated from the TCPA/TCG alliance, whose members in the early 2000s were grappling with the very hard problem of defining technical trust (i.e. trust derived from technical means) [50, 13]. Being able to truthfully prove or attest as to the system state was considered core to the definition and value-proposition of trusted computing. Unlike HSM cards and Smart Cards, one of the main driving use-cases for the TPM hardware was to protect the PC computer, such as protecting the PC computer through its boot-up sequence (e.g. secure boot). Thus, the idea is that with the aid of a low-cost well-designed hardware (i.e. the TPM) that was soldered to the motherboard, the computer should be able to report (or attest) about its boot-up sequence. Other applications in the PC context included encrypting files/folders and self-encrypting disk-drives [64, 65].
5.1 Wallet Devices and Trusted Hardware
There are several features of trusted hardware that make it attractive for use in the virtual assets industry :
Cryptographic engine, protected storage and tamper-resistance: Current trusted hardware typically contains a cryptographic processor which implements a number of rudimentary functions related to cryptography. Examples include encryption (symmetric key), digital signatures, hash functions and key-generation. Trusted hardware typically possess protected storage for securing keys during system use, and when shutdown.
Tamper-resistance in trusted hardware provides protection against forced exportation of cryptographic keys (up to a point). A number of trusted hardware implementation may provide an auto-erasure of keys should physical tampering occur to sensitive parts in the interior of the hardware. As such, the value of the asset being protected by the keys should be measured against the approximate cost of attacking the hardware.
Hardware-bound and non-migratable keys: A core feature of trusted hardware such as the TPM is the ability of certain types of cryptographic keys to be generated inside the hardware, and for internal key hierarchies to be established. Using the example of the TPM, certain types of keys can be designated as non-migrateable at creation time, meaning that the key is bound to that single TPM and that it can not be migrated or exported from the TPM (see Figure 6 (a) and (b)). The use of non-migratable keys are advantageous when addressing the need to prevent the copying of keys.
Application-level keys linked to non-migratable keys: Certain types of keys generated inside the trusted hardware can be designated to be accessible to application softwares. Thus, for the use-case of virtual assets transfers, one or more key-pairs maybe generated and stored inside the trusted hardware and be invoked to sign transactions for the blockchain. The public-key of such key-pairs can be copied to locations external to the hardware, allowing certificates to be created for that public-key.
A non-migratable key can be used internally to “certify” the application-level keys (Figure 6 (c) and (d)), thereby providing a provenance link to the non-migratable key (and therefore to trusted hardware). This feature maybe useful in attestation cases where the user has to prove the origins of an application-level key-pair. Typically, application-level keys can be designated to be migrateable at creation time, allowing the key-pair to me migrated (or backed-up) to a new compatible trusted hardware using a secure key migration protocol .
Hardware-based attestations: Certain types of trusted hardware support the truthful reporting of one or more of its internal state variables, signed using a reporting-key that is derived from a non-migratable key. This capability permits an external entity to query the trusted hardware regarding attributes, including internal possession of keys (i.e. private-keys), without revealing the keys.
Common examples of trusted hardware that posses some or all of the above features include the Trusted Platform Module (TPM) hardware (version 1.2  and version 2.0 ), and the ARM TrustZone .
5.2 Basic Wallet Attestation Flows
Appraisal policies defined by VASP: The wallet’s attributes of interest to the VASP can be determined by the VASP configuring the relevant appraisal policies at the ASP (Step 1). This drives the ASP to request evidences from the wallet device as appropriate to the configured policies.
In the case that the VASP belongs to a consortium of VASPs (Section 6) then additional consortium-level policies may also be configured at the ASP (Step 2).
Wallet as Attester: The target device being evaluated in this case is the wallet hardware, as a result of the customer seeking to perform a transaction (Step 3). The wallet is expected to provide evidence (Step 4), among others, regarding its installed hardware, software and firmware.
The ASP as Verifier: The function of the verifier is represented as the ASP, which could be a service owned and operated by the VASP, by a VASP consortium, or by a trusted third party.
The VASP as the Relying Party: The relying party in Figure 7 is the VASP itself. In the regulated-wallet scenario where the VASPs customers posses wallet devices with trusted hardware, one goal of the VASP is to obtain attestation-evidence from these devices. Step 5 illustrates the ASP yielding the attestations results to the VASP as the relying party.
5.3 Types of Attestation Evidence and Relevance to VASPs
The evidence reportable by trusted hardware depends largely on the capabilities of the trusted hardware and the surrounding system implementing the crypto-wallet functionality. In general there are a number of system attributes reportable from a wallet that may complement the customer information in the context of the Travel Rule. With regards to key-ownership information and key-operator information (Section 2.3), attestations technologies allows a VASP to obtain truthful (unforgeable) information from the wallet, such as: (i) how a key-pair was created (e.g. generated onboard, or injected from outside), (ii) where it was created (e.g. under shielded storage), and (iii) the current location of the key-pair (e.g. geolocation of wallet).
The following is a non-exhaustive list of some of the possible wallet and key information that can be obtained using attestations:
Key creation provenance: Most (if not all) current generation crypto-processor trusted hardware have the capability to create/generate a new private-public key pairs inside the protected/shielded location of the hardware, and to maintain keys inside its long-term non-volatile protected storage. Furthermore, evidence regarding this process can be yielded by the trusted hardware, allowing the provenance of such keys to be asserted.
Key-provenance evidence is useful for VASPs in many use-case scenarios. For example, in the case of a newly on-boarded customer with a wallet, the VASP may wish to ascertain the provenance of the existing customer transaction signing key-pair found in the wallet. If the provenance of the existing key-pair in the wallet is unverifiable, then the VASP may require the customer (i.e. wallet) to generate a new key-pair inside the wallet.
This, in turn, provides the VASP with a clear line of responsibility and accountability under the Travel Rule with regards to customer-originated transactions. The VASP has exculpatory evidence regarding the on-boarding of the new customer and the start of use of the new key-pair.
Key-type evidence and key loss recovery: As mentioned previously, some crypto-processor trusted hardware (e.g. TPMv1.2 and TPM2.0) support the creation of non-migratable keys (Figure 6). A VASP may request periodic attestation-evidences from its customers’ wallets regarding the type of the transaction signing key-pair(s) currently in use (e.g. whether private-key non-migratable). The VASP may also require these non-migratable keys to be backed-up to a secure storage location at the VASP, using a secure backup/migration protocol appropriate for the trusted hardware in the wallet . This migration “blob” is typically cryptographically sealed in that it can only be installed onto a new equivalent trusted hardware under the customer’s authorization (e.g. migration password). The combined use of key-type evidence and key backup procedure allows VASPs to more effectively handle emergency cases (e.g. perceived loss of private-key, actual loss of wallet device, etc.).
For example, if a wallet device is lost/stolen and the VASP has recent attestation-evidence that the transaction key is non-migratable, then this gives the VASP some time to carry out emergency measures (i.e. assuming it will take some time for the thieves to crack the the tamper-resistance of trusted hardware). Such emergency procedures, for example, could mean: (i) recovering the sealed migration keys (i.e. migration “blob”) from the VASP backup storage into a new wallet device with the same/equivalent trusted hardware; (ii) activation of trusted hardware and the affected certified transaction signing key-pair; (iii) moving all asset on the blockchain from that affected public-key (address) to a new temporary private-public key-pair (e.g. owned by the VASP).
Aside from providing crucial customer service in times of emergency, the VASP will also obtain sufficient technical evidence to justify this customer emergency asset transfer should the VASP be queried under the Travel Rule (e.g. why large amounts of assets moved from a customer address to the VASP address).
Evidence of signature-origin of transactions on the blockchain: Related to the key creation provenance and key-type, the use of a hardware-bound private-key to sign transactions permits the device-origin of that transaction to be ascertained.
This kind of evidence may be important in scenarios in which the VASP needs proof that a set of confirmed transactions on the blockchain originated from the specific device belonging to one of its customers.
Evidence of geolocation of wallet: VASPs can obtain evidence regarding the geolocation of a wallet device, and therefore evidence regarding the geolocation of the hardware-bound keys in the wallet. This may provide a means for VASPs to enforce geolocation-related policies for customers to ensure that the VASPs customers are operating within the permissible jurisdiction (e.g. customer wallet must be in-country to sign transactions).
For example, the work of  includes the ability to report location coordinates (latitude, longitude and altitude) of the attester device. In turn, this can be reinforced with geo-fence policies relevant to the specific deployment scenario.
Key usage sequence: VASPs can also make use of a number built-in features of trusted hardware via the application software (e.g. mobile app) on the wallet. For example, the application can use the underlying trusted hardware to maintain a sequential history of the objects (transactions) signed using the private key inside the trusted hardware (e.g. in the TPM using the hash-extend operation with the PCR registers and monotonic counter [11, 12]).
For a VASP, this feature allows the VASP to perform an accurate accounting as to which order transactions were signed by the wallet system, as compared to the order in which the transactions were processed (i.e. confirmed) on the blockchain, and whether any transactions were lost (e.g. transmitted from the wallet, but never reaching the unprocessed-pool (UTXO model ), etc.).
Evidence of wallet system configurations: Attestation technologies allows a VASP to obtain visibility into the components (hardware, software and firmware) of the wallets of its customers.
Although this may appear to be intrusive, this has the advantage of allowing the VASP to advise (or require) customers to replace a weak wallet system with a stronger system. More broadly, this allows VASPs to offer remote device-manageability services to its customers, including continuous monitoring of the system health of the wallets.
Figure 6 provides a high level illustration of a simple key-hierarchy inside the trusted hardware of a wallet system. A given device platform may ship with one or more of manufacturer installed keys. This is shown as the Device Identity Key in Figure 6 (a). Examples include the manufacturer Endorsement Key (EK) in the TPM , the DeviceID key in routers [67, 52] and the Secret Device Key in server chassis/hardware [79, 80]. A corresponding certificate may be issued by the manufacturer (Figure 6 (e)).
The customer’s transaction signing key-pair (d) may be derived from the non-migrateable device identity key (b). This generational-link between the key (d) to key (b) and to key (a) in Figure 6 allows the attestation process to discover this link and report it as evidence to the VASP. Finally, in Figure 6 (f) the VASP could issue an X.509 certificate for the customer’s transaction public-key. The VASP can be the issuing CA, or the VASP can outsource this function to a commercial CA (see  for a discussion of VASPs and CAs). The resulting customer X.509 certificate could bear some markings (i.e. specific fields or tags) indicating that the provenance of the public-key is known to the issuing VASP. This allows other VASPs and their customers (beneficiaries) to obtain some degree of confidence regarding the signing key and the wallet system employed by the originator customer.
6 Attestation Services within VASP Trust Networks
In order to begin solving the various issues around the Travel Rule and the challenges in obtaining originator/beneficiary customer information, the nascent VASP industry should establish VASP trust networks or interconnected communities in a manner similar to the ISP communities on the Internet . The term “trust network” is used here to denote a community of VASPs (e.g. regional level or national level) that has come together in a consortium arrangement to collaborate under a common legal trust framework (system rules definition) for all its membership. As an industry consortium, the members of the VASP trust network would then define the technical specifications and profiles that would need to be adopted by all members of the consortium. This ensures a high degree of functional interoperability within the community of VASPs.
As part of the service definition of the VASP trust network, the following services maybe useful to consider in the context of wallet attestations (Figure 8):
Common baseline appraisal policies: The VASP community should develop a set of baseline policies for the appraisal of wallet systems used in the community. This may include appraisal policies specific for customer wallets (consumer-grade), and also appraisal policies for a VASPs key management system, which could be an enterprise-grade system built also using trusted hardware. Figure 8(a) illustrates the notion of a consortium-level appraisal policies.
Common device configuration manifests: The community of VASPs should define a number of approved wallet device configurations (hardware, software, firmware) in order to allow their customer to obtain one of the approved configurations. These approved configuration as defined by their manufacturer is also known as reference manifests [81, 82]. For each device configuration, a matching set of appraisal policies should be created by the consortium and be made accessible to all VASP members.
Shared attestation verification service: The consortium as a community should provide attestation verification services. This is illustrated in Figure 8(b). These are also referred to as Attestation Service Providers (ASP) for the community (see Section 4.2). The work of  points to an example of an ASP service in the cloud.
Shared integration model for customer single sign-on: All VASPs should seek to ensure good customer experiences, with minimal friction across a variety of wallet application softwares (e.g. mobile app, dekstop app, browsers, etc).
To this end, the VASP community should harmonize the various single sign-on (SSO) protocols and flows, across the various approved types of wallet devices and applications. Several identity management and SSO protocols have been standardized over the past two decades (e.g. SAML2.0 [39, 83], OAuth2.0 , OpenID-Connect ).
Cross-VASP attestation verifications: A given VASP should posses its own attestation verification system distinct from the consortium’s shared attestation verification service. This is illustrated in Figure 8(d)-(e).
The goal is to allow a VASP to perform appraisals of evidences conveyed by the wallet trusted hardware belonging to a customer of a different VASP (within the consortium). Having this capability, the VASP should then be open to appraising evidences from regulated wallets belonging to customers of non-member VASPs, and even private-wallets of holders seeking to be on-boarded as new customers.
The notion of Cross-VASP attestation appraisals is summarized in Figure 9. Here, an originator customer of VASP1 holding a regulated wallet with trusted hardware seeks to perform a direct transaction with a beneficiary entity who is customer of VASP2. Both VASP1 and VASP2 are members of the trust network consortium. This is shown as Step (1) of Figure 9. The wallet of the originator is referred to as Attester A, while the wallet of the beneficiary is referred to as Attester B. Upon request from VASP1, the beneficiary (Attester B) generates attestation-evidence in Step (2a) and conveys it to the Verifier (ASP) within VASP1. If both the wallets of the originator and the beneficiary complies to the appraisal policies of VASP1, the originator is then given authorization from VASP1 to transact directly with the beneficiary (Step (3)). Alternatively, the VASP1 may require the beneficiary (Attester B) to convey its attestation-evidence to the consortium’s ASP, as shown in Step (2b).
7 Areas for Innovation
There are a number of potential areas of innovation for the newly emerging VASP industry. Related to the topic of device attestations and trusted hardware for wallets, Some of these are as follows
Wallet Levels of Assurance: Similar to the notion of Levels of Assurance (LOA) of authentication events defined by NIST [86, 87, 88], a VASP trust network consortium could define a number of levels assurance as a function of the wallet condition and other key management aspects. Today the highest level (Level 4) achievable in the NIST scheme  is one in which a remote network authentication event employs cryptographic hardware.
For example, a VASP consortium could recognize a number of different types of wallets (e.g. client software, browser plugins, etc.), the types of acceptable trusted hardware, user biometric authentication to the wallet device, and so on, and use these as input into the wallet LOA matrix.
Using attestations, wallets could convey evidence to the ASP Service of the VASP consortium in order to obtain a wallet LOA assignment. In turn, this provides some basis for the insurance industry to begin risk assessment of crypto-asset, wallets and VASPs.
Wallet LOA for Crypto-Asset Insurance: There is interest in the insurance industry to provide insurance services to crypto-funds . However, the insurance industry will need some technically measurable representation of “trust” in the VASP management of cryptographic keys. We believe it is insufficient for VASPs to describe (e.g. in a document) the type of trusted hardware employed by a VASP and employed by the VASP’s customer-wallets. Instead, attestations evidences should be yielded directly by the wallets (both enterprise-grade and consumer-grade wallets).
Wallet attestations maybe able to provide insurers with strong evidence regarding the internal state of the trusted hardware, the keying material protected by the trusted hardware, and other aspects of the wallet system. Crypto-asset insurers may choose to operate its own evidence verification service (e.g. ASP service) in order to be able to obtain an independent attestation-result evaluation.
VASP Consortium Repository of Approved Software and Firmware: Related to the attestation of wallet devices, the VASP trust network consortium could maintain a repository of software, firmware and patches for the various approved wallet devices in it ecosystem. This could be done in collaboration with the various software vendors and hardware manufacturers in the wallet space.
Such a repository would assist VASPs in the on-boarding of new customers, by (i) requiring new customers to obtain one of the devices and configurations approved by the VASP trust network consortium, and (ii) by ensuring that these customer devices subsequently install only known good software, firmware and patches from the consortium’s repository.
VASP certificate profile for wallet non-migrateable keys: The VASP trust network consortium could develop a certificate profile for transaction signing public-keys that are provably non-migrateable.
The X.509 certificate for a transaction public-key (non-migrateable private-key) could bear some markings that conveys assurance to the recipient that the corresponding private-key was bound to a trusted hardware. In turn, this may increase confidence in the counter-party in dealing with the customer wilding the wallet associated with the X.509 certificate.
Today there is a great opportunity for VASPs to shape and influence the development of future wallets systems with features, such as attestations, that would aid VASPs in complying to the the Travel Rule and help in the manageability of customer wallets. The ability for a VASP to obtain unforgeable evidence from a wallet system regarding the provenance of keys, as well as their usage and location, provides the VASP with additional means to address the problem of the synchronization between transaction on the blockchains and the account information required by the Travel Rule.
Wallet attestations maybe able to provide crypto-funds insurers with strong evidence regarding the key management aspects of a wallet device, thereby providing the insurance industry with measurable levels of assurance that can become the basis for insurers to perform risk management about a crypto-asset.
Looking more broadly, if virtual assets and blockchain technology are going to become a fundamental building block of the new economy then infrastructures that support the establishment of trust between counter-parties will need to be developed and deployed. Because VASPs are the primary touch-points with users seeking to transact in virtual assets, this means that deploying trust-infrastructures will be largely the task of VASPs and the VASP communities globally.
-  L. H. Newman, “Cryptocurrency Hardware Wallets Can Get Hacked Too,” Wired Magazine, May 2020, https://www.wired.com/story/cryptocurrency-hardware-wallets-can-get-hacked-too/.
-  E. Barker, “Recommendation for Key management (Part 1),” National Institute of Standards and Technology, NIST Special Publication SP 800-57, Part 1, Rev 4, January 2016, http://dx.doi.org/10.6028/NIST.SP.800-57pt1r4.
-  D. Shane, “$530 million cryptocurrency heist may be biggest ever,” CNN Business, January 2018. [Online]. Available: https://money.cnn.com/2018/01/29/technology/coincheck-cryptocurrency-exchange-hack-japan/index.html
-  A. Reddy, “Hackers stole $40 million of bitcoin from one of the world’s largest crypto exchanges (BTC),” Business Insider, May 2019, https://markets.businessinsider.com/currencies/news/btc-binance-suffers-40-million-hack-2019-5-1028182318.
-  N. Reiff, “The Largest Cryptocurrency Hacks So Far ,” Investopedia, June 2019, https://www.investopedia.com/news/largest-cryptocurrency-hacks-so-far-year/.
-  A. Pentland, “Building the New Economy: what we need and how to get there,” in Building the New Economy, A. Pentland, A. Lipton, and T. Hardjono, Eds. MIT Press - Work in Progress (WIP), 2020. [Online]. Available: https://wip.mitpress.mit.edu/new-economy
-  A. Lipton, T. Hardjono, and A. Pentland, “Digital Trade Coin (DTC): Towards a more stable digital currency,” Journal of the Royal Society Open Science (RSOS), August 2018, available at https://doi.org/10.1098/rsos.180155.
-  T. Hardjono, A. Lipton, and A. Pentland, “Towards a Public Key Management Framework for Virtual Assets and Virtual Asset Service Providers,” 2020, Journal of FinTech (to appear) – Available at https://arxiv.org/pdf/1909.08607.
-  Trusted Computing Group, “TCG Glossary,” Trusted Computing Group, TCG Published Specification – Version 1.1 Revision 1.0, May 2017. [Online]. Available: https://trustedcomputinggroup.org/wp-content/uploads/TCG-Glossary-V1.1-Rev-1.0.pdf
-  A. Regenscheid, “Platform Firmware Resiliency Guidelines,” National Institute of Standards and Technology, NIST Publication SP 800-193, May 2018. [Online]. Available: https://csrc.nist.gov/publications/detail/sp/800-193/final
-  Trusted Computing Group, “TPM Main – Specification Version 1.2,” Trusted Computing Group, TCG Published Specification, October 2003, available at http://www.trustedcomputinggroup.org/ resources/ tpm_main_specification.
-  ——, “Trusted Platform Module Library Part 1: Architecture – Specification Family 2.0 ,” Trusted Computing Group, TCG Published Specification, March 2014. [Online]. Available: https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.07-2014-03-13.pdf
-  B. Balacheff, L. Chen, S. Pearson, D. Plaquin, and G. Proudler, Trusted Computing Platforms: TCPA Technology in Context. New York: Prentice Hall, 2002.
-  D. Challener, K. Yoder, R. Catherman, D. Safford, and L. Van Doorn, Practical Guide to Trusted Computing. New York: IBM Press, 2008.
-  G. Proudler, L. Chen, and C. Dalton, Trusted Computing Platforms: TPM2.0 in Context. New York: Springer, 2014.
-  S. Nakamoto, “Bitcoin: A Peer-to-Peer Electronic Cash System,” 2008. [Online]. Available: https://bitcoin.org/bitcoin.pdf
-  FATF, “Financial Action Task Force (FATF),” 2019, http://www.fatf-gafi.org.
-  ——, “International Standards on Combating Money Laundering and the Financing of Terrorism and Proliferation,” Financial Action Task Force (FATF), FATF Revision of Recommendation 15, October 2018, available at: http://www.fatf-gafi.org/publications/fatfrecommendations/documents/fatf-recommendations.html.
-  ——, “Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers,” Financial Action Task Force (FATF), FATF Guidance, June 2019, available at: www.fatf-gafi.org/publications/fatfrecommendations/documents/Guidance-RBA-virtual-assets.html.
-  Wolfsberg Group, “Wolfsberg Anti-Money Laundering Principles for Private Banking (2012),” The Wolfsberg Group, Wolfsberg AML Principles, 2012. [Online]. Available: https://www.wolfsberg-principles.com/sites/default/files/wb/pdfs/wolfsberg-standards/10.%20Wolfsberg-Private-Banking-Prinicples-May-2012.pdf
-  R. Housley, W. Ford, W. Polk, and D. Solo, “Internet X.509 public key infrastructure certificate and crl profile,” January 1999, RFC2459. [Online]. Available: http://tools.ietf.org/rfc/rfc2459.txt
-  D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk, “Internet X.509 public key infrastructure certificate and certificate revocation list (crl) profile,” May 2008, RFC5280. [Online]. Available: http://tools.ietf.org/rfc/rfc5280.txt
-  ISO, “Information Technology – Open Systems Interconnection – The Directory – Part 8: Public-key and Attribute Certificate Frameworks,” International Organization for Standardization, ISO/IEC 9594-8:2017, February 2017.
-  Global Digital Finance, “Crypto Asset Safekeeping and Custody: Key Considerations and Takeaways,” April 2019. [Online]. Available: https://www.gdf.io/wp-content/uploads/2019/02/GDF-Crypto-Asset-Safekeeping_20-April-2019-2-cust-providers-additions-1-2.pdf
-  D. Riegelnig, “OpenVASP: An Open Protocol to Implement FATF’s Travel Rule for Virtual Assets,” November 2019. [Online]. Available: https://www.openvasp.org/wp-content/uploads/2019/11/OpenVasp_Whitepaper.pdf
-  V. Buterin, “Ethereum: A Next-Generation Cryptocurrency and Decentralized Application Platform,” Bitcoin Magazine, Report, January 2014, https://bitcoinmagazine.com/articles/ethereum-next-generation-cryptocurrency-decentralized-application-platform-1390528211/.
-  A. John, “Cryptocurrency industry faces insurance hurdle to mainstream ambitions,” Reuters, December 2018. [Online]. Available: https://www.reuters.com/article/us-crypto-currency-insurance/cryptocurrency-industry-faces-insurance-hurdle-to-mainstream-ambitions-idUSKCN1OJ0BU
-  O. Kharif, B. Louis, J. Edde, and K. Chiglinsky, “Interest in Crypto Insurance Grows, Despite High Premiums, Broad Exclusions,” Insurance Journal, July 2018. [Online]. Available: https://www.insurancejournal.com/news/national/2018/07/23/495680.htm
-  United States Congress, “Electronic Signatures in Global and National Commerce Act (ESIGN) - Pub.L. 106–229,” United States Congress, ESIGN, June 2000.
-  W. Simpson, “Ppp challenge handshake authentication protocol (chap),” August 1996, RFC1994. [Online]. Available: http://tools.ietf.org/rfc/rfc1994.txt
-  FINMA, “FINMA Guidance: Payments on the blockchain,” Swiss Financial Market Supervisory Authority (FINMA), FINMA Guidance Report, August 2019. [Online]. Available: https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/myfinma/4dokumentation/finma-aufsichtsmitteilungen/20190826-finma-aufsichtsmitteilung-02-2019.pdf
-  T. Hardjono, “Compliant Solutions for VASPs,” May 2019, presentation to the FATF Private Sector Consultative Forum (PSCF) 2019, Vienna (6 May 2019).
-  TRISA, “Travel Rule Information Sharing Architecture for Virtual Asset Service Providers (TRISA) – Version 5,” December 2019. [Online]. Available: https://trisacrypto.github.io/white-papers/white-paper-trisa-v5.pdf
-  CAB-Forum, “Guidelines For The Issuance And Management of Extended Validation Certificates,” CA Browser Forum, Specification Version 1.7.2, March 2020.
-  InterVASP, “InterVASP Messaging Standards IVMS101,” Joint Working Group on interVASP Messaging Standards, interVASP data model standard – Issue 1 – FINAL, May 2020.
-  European Commission, “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation),” Official Journal of the European Union, vol. L119, pp. 1–88, 2016.
-  D. Furlonger and R. Kandaswamy, “Hype Cycle for Blockchain Technologies 2018,” Gartner, Research Report G00340388, July 2018.
-  A. Litan and A. Leow, “Hype Cycle for Blockchain Technologies 2019,” Gartner, Research Report G00383155, July 2019.
-  OASIS, “Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0,” March 2005, available on http://docs.oasisopen.org/security/ saml/v2.0/ saml-core-2.0-os.pdf.
-  D. Hardt, “The OAuth 2.0 Authorization Framework,” October 2012, IETF Standard RFC6749. [Online]. Available: https://tools.ietf.org/html/rfc6749
-  T. Hardjono, E. Maler, M. Machulak, and D. Catalano, “User-Managed Access (UMA) Profile of OAuth2.0 – Specification Version 1.0,” Kantara Initiative, Kantara Published Specification, April 2015, https://docs.kantarainitiative.org/uma/rec-uma-core.html.
-  I. L. Traiger, J. Gray, C. A. Galtieri, and B. G. Lindsay, “Transactions and Consistency in Distributed Database Systems,” IBM Research Report, vol. RJ2555, 1979.
-  J. Gray, “The Transaction Concept: Virtues and Limitations,” in Very Large Data Bases – Proceedings of the 7th International Conference, Cannes, France, September 1981, pp. 144–154.
-  F. Mckeen, I. Alexandrovich, A. Berenzon, C. Rozas, H. Shafi, V. Shanbhogue, and U. Savagaonkar, “Innovative Instructions and Software Model for Isolated Execution,” in Proc. Second Workshop on Hardware and Architectural Support for Security and Privacy HASP2013, Tel-Aviv, June 2013, https://sites.google.com/site/haspworkshop2013/workshop-program.
-  F. McKeen, I. Alexandrovich, I. Anati, D. Caspi, S. Johnson, R. Leslie-Hurd, and C. Rozas, “Intel Software Guard Extensions (Intel SGX) Support for Dynamic Memory Management Inside an Enclave,” in Proc. Workshop on Hardware and Architectural Support for Security and Privacy (HASP) 2016, Seoul, June 2016, http://caslab.csl.yale.edu/workshops/hasp2016/program.html.
-  FINMA, “FINMA Anti-Money Laundering Ordinance (AMLO) ,” Swiss Financial Market Supervisory Authority (FINMA), Verordnung der Eidgen ssischen Finanzmarktaufsicht ber die Bek mpfung von Geldw scherei und Terrorismusfinanzierung im Finanzsektor, June 2015. [Online]. Available: https://www.admin.ch/opc/de/classified-compilation/20143112/index.html
-  R. Lindemann and M. B. Jones, “FIDO 2.0: Key Attestation Format,” FIDO Alliance, FIDO Alliance Proposed Standard, September 2015. [Online]. Available: https://fidoalliance.org/specs/fido-v2.0-ps-20150904/fido-key-attestation-v2.0-ps-20150904.html
-  GlobalPlatform, “GlobalPlatform and the Trusted Computing Group Form Work Group to Drive Mobile Security Standards and Solutions,” June 2012. [Online]. Available: https://globalplatform.org
-  IETF, “Remote ATtestation ProcedureS (RATS) Working Group – Approved Charter, Internet Engineering task Force,” March 2019. [Online]. Available: https://datatracker.ietf.org/wg/rats/about/
-  Trusted Computing Group, “TPM Main – Part 1 Design Principles – Specification Version 1.2,” Trusted Computing Group, TCG Published Specification, October 2003, available at http://www.trustedcomputinggroup.org/ resources/ tpm_main_specification.
-  TCG, “TCG Remote Integrity Verification (RIV): Network Equipment Remote Attestation System Version 1.0, Rev. 0.9b,” Trusted Computing Group, TCG Draft Specifications, June 2019. [Online]. Available: https://trustedcomputinggroup.org/wp-content/uploads/TCG-NetEq-Attestation-Workflow-Outline_v1r9b_pubrev.pdf
-  G. Fedorkow, E. Voit, and J. Fitzgerald-McKay, “TPM-based Network Device Remote Integrity Verification,” IETF, Internet-Draft draft-fedorkow-rats-network-device-attestation-05, April 2020. [Online]. Available: https://datatracker.ietf.org/doc/draft-fedorkow-rats-network-device-attestation/
-  OCP, “Open Compute Project,” 2020. [Online]. Available: https://www.opencompute.org
-  TCG, “ Attestations Working Group, Trusted Computing Group,” March 2020. [Online]. Available: https://members.trustedcomputinggroup.org
-  N. Smith (ed), “TCG Attestation Architecture,” Trusted Computing Group, TCG Draft Specification – Version 1.0, February 2020.
-  H. Birkholz, D. Thaler, M. Richardson, N. Smith, and W. Pan, “Remote Attestation Procedures Architecture,” IETF, Internet-Draft draft-ietf-rats-architecture-02, March 2020. [Online]. Available: https://datatracker.ietf.org/doc/draft-birkholz-rats-architecture/
-  G. Coker, J. Guttman, P. Loscocco, A. Herzog, J. Millen, B. O?Hanlon, J. Ramsdell, J. S. Ariel Segall, and B. Sniffen, “Principles of Remote Attestation,” International Journal of Information Security, vol. 10, pp. 63–81, April 2011. [Online]. Available: https://doi.org/10.1007/s10207-011-0124-7
-  J. Zic and T. Hardjono, “Towards a cloud-based integrity measurement service,” Journal of Cloud Computing: Advances, Systems and Applications, February 2013.
-  T. Hardjono and N. Smith, “An Attestation Architecture for Blockchain Networks,” May 2020, available at https://arxiv.org/abs/2005.04293.
-  D. Yaga, P. Mell, N. Roby, and K. Scarfone, “Blockchain Technology Overview,” National Institute of Standards and Technology Internal Report 8202, October 2018, https://doi.org/10.6028/NIST.IR.8202.
-  R. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-key Cryptosystems,” Commun. ACM, vol. 21, no. 2, pp. 120–126, Feb. 1978.
-  TCG, “ Trusted Computing Group ,” http://www.trustedcomputinggroup.org.
-  W. Rankl and W. Effing, Smart Card Handbook 2nd Edition. New York: John Wiley & Sons, 2000.
-  Trusted Computing Group, “TCG Storage Security Subsystem Class: Opal (v1.0),” Trusted Computing Group, TCG Published Specification, January 2009, http://www.trustedcomputinggroup.org/ resources.
-  Microsoft Corp, “Trusted Platform Module and Bitlocker Drive Encryption,” https://msdn.microsoft.com/en-us/library/windows/hardware/dn653315.
-  T. Hardjono and G. Kazmierczak, “Overview of the TPM Key Management Standard,” May 2008. [Online]. Available: https://trustedcomputinggroup.org/wp-content/uploads/Kazmierczak20Greg20-20TPM_Key_Management_KMS2008_v003.pdf
-  M. Seaman, “IEEE Std. 802.1AR-2018 – Secure Device Identity,” IEEE, IEEE Standard for Local and Metropolitan Area Networks, August 2018.
-  E. Brickell, J. Camenisch, and L. Chen, “Direct Anonymous Attestation,” in Proceedings of the 11th ACM Conference on Computer and Communications Security CCS2004. ACM, 2004, pp. 132–145.
-  J. Camenisch, L. Chen, M. Drijvers, A. Lehmann, D. Novick, and R. Urian, “One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation,” in Proceedings of the 2017 IEEE Symposium on Security and Privacy. IEEE, May 2017, pp. 901–920. [Online]. Available: DOI:10.1109/SP.2017.22
-  Trusted Computing Group, “TCG Interoperability Specifications for Backup and Migration Services (v1.0),” Trusted Computing Group, TCG Published Specification, June 2005, http://www.trustedcomputinggroup.org/ resources.
-  ARM, “ARM Security Technology: Building a Secure System using TrustZone Technology,” ARM Limited, ARM Technical Documentation – PRD29-GENC-009492C, April 2009. [Online]. Available: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/CABGFFIC.html
-  G. Mandyam, L. Lundblade, M. Ballesteros, and J. O’Donoghue, “The Entity Attestation Token (EAT),” IETF, Internet-Draft draft-ietf-rats-eat-03, February 2020. [Online]. Available: https://datatracker.ietf.org/doc/draft-ietf-rats-eat/
-  J. Snyder, “The competition for NAC: Mapping Cisco, Juniper, Microsoft and TCG’s access-control schemes,” Network World, April 2006. [Online]. Available: https://www.networkworld.com/article/2310209/the-competition-for-nac.html
-  M. Goel, “Providing 802.1X Enforcement For Network Access Protection,” May 2006, presentation at WinHEC 2006. [Online]. Available: http://download.microsoft.com/download/5/b/9/5b97017b-e28a-4bae-ba48-174cf47d23cd/NET078_WH06.ppt
-  J. Heary, J. Lin, C. Sullivan, and A. Agrawal, Cisco NAC Appliance: Enforcing Host Security with Clean Access. Hoboken, NJ: Cisco Press, August 2007.
-  T. Hardjono and N. Smith (ed), “TCG Trusted Network Connect (TNC) Architecture for Interoperability,” Trusted Computing Group, TCG Published Specification – Version 1.1, April 2006, available at http://www.trustedcomputinggroup.org.
-  TCG, “TCG Trusted Network Communications (TNC) Architecture for Interoperability,” Trusted Computing Group, TCG Published Specification – Version 2.0 Revision 13, October 2017. [Online]. Available: https://trustedcomputinggroup.org/wp-content/uploads/TCG-TNC-Architecture-for-Interoperability-Version-2.0-Revision-13-.pdf
-  TCG, “TPM Keys for Platform Identity for TPM 1.2 Version 1.0, Rev. 3,” Trusted Computing Group, TCG Published Specifications, August 2015. [Online]. Available: https://trustedcomputinggroup.org/wp-content/uploads/TPM_Keys_for_Platform_Identity_v1_0_r3_Final.pdf
-  P. England, A. Marochko, D. Mattoon, R. Spiger, S. Thom, and D. Wooten, “RIoT - A Foundation for Trust in the Internet of Things,” Microsoft Research, Tech. Rep. MSR-TR-2016-18, April 2016. [Online]. Available: https://www.microsoft.com/en-us/research/publication/riot-a-foundation-for-trust-in-the-internet-of-things/
-  B. Kelly, “Project Cerberus Security Architecture Overview Specification,” Open Compute Project, Published Specifications, September 2017. [Online]. Available: https://github.com/opencomputeproject/Project_Olympus/blob/master/Project_Cerberus/Project%20Cerberus%20Architecture%20Overview.pdf
-  T. Hardjono and N. Smith (ed), “TCG Infrastructure Working Group architecture (Part 2) – Integrity Management – Specification Version 1.0 Rev 1.0,” Trusted Computing Group, TCG Published Specification, November 2006, available at http://www.trustedcomputinggroup.org/resources.
-  TCG, “TCG Reference Integrity Manifests (RIM) Information Model Version 1.00, Rev. 0.13,” Trusted Computing Group, TCG Specifications, December 2019. [Online]. Available: https://trustedcomputinggroup.org/wp-content/uploads/TCG_RIM_Model_v1-r13_2feb20.pdf
-  OASIS, “Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0,” March 2005, available on https://docs.oasis-open.org/security/saml/v2.0/ saml-profiles-2.0-os.pdf.
-  D. Hardt, “The OAuth 2.0 Authorization Framework,” October 2012, RFC6749. [Online]. Available: http://tools.ietf.org/rfc/rfc6749.txt
-  N. Sakimura, J. Bradley, M. Jones, B. de Medeiros, and C. Mortimore, “OpenID Connect Core 1.0,” OpenID Foundation, Technical Specification v1.0 – Errata Set 1, November 2014, http://openid.net/specs/openid-connect-core-1_0.html.
-  National Institute of Science and Technology, “Electronic Authentication Guideline,” NIST Draft Special Publication 800-63-1, December 2008, available on http://csrc.nist.gov/publications/PubsDrafts.html,.
-  US Office of Management and Budget, “E-Authentication Guidelines for Federal Agencies,” Memorandum M-04-04, December 2003, available on http://www.whitehouse.gov/sites/default/files /omb/memoranda/fy04/m04-04.pdf.
-  NIST, “Digital Identity Guidelines: Authentication and Lifecycle Management,” National Institute of Standards and Technology, NIST Special Publication 800-63B, June 2017. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-63b