The IDESG or Identity Ecosystem Steering Group recently filed paperwork with the Commonwealth of Virginia to incorporate the IDESG as a nonprofit corporation. The IDESG was basically spun out of NIST or the National Institute of Science and Technology to “administer the development of policy, standards, and accreditation processes for the Identity Ecosystem Framework.”
In April 2011, President Obama signed (PDF) the NSTIC or the National Strategy For Trusted Identities In Cyberspace where public and private players are collaborating on the creation of an “Identity Ecosystem” to address “(1) the insecurity and inconvenience of static passwords and (2) the cost of transactional risks that arise from the inability of individuals to prove their true identity online.”
Shortly thereafter, Chicago based Payment Pathways Inc. submitted a recommendation “Governance recommendation for Greenlist and the importance of its relationship to NSTIC” to National Strategy for Trusted Identity in Cyberspace and stated that a wide variety of stakeholders collaborated on Payment Pathways’ Greenlist to play a role in the NSTIC.
Payment Pathways (PPI) describes itself as a company that “makes it safe to transfer ownership of assets electronically. Through its patented Greenlist registry, PPI defines liability responsibilities and ensures that operational, legal, and security obligations are met in alignment with the Fair Information Practice Principles as articulated in the NSTIC to reduce friction and risk.”
The United States Patent and Trademark Office (USPTO) recently published Richard O’Brien and Andrew Gallant’s patent application 20130282580, “Systems And Methods for Extending Identity Attributes and Authentication Factors In An ePayment Address Registry.” Although the patent doesn’t appear to be assigned to Payment Pathways, Mr. O’Brien is the President and CEO of the company and Mr. Gallant has been listed in numerous patents by Payment Pathways and is also a member of the Identity Ecosystem Steering Group. The patent application discusses Payment Pathways’ Greenlist which is also a Registered Trademark issued to Payment Pathways by the USPTO which according a Wordmark Search dates back to September 2005 and was first used in commerce in June 2007 as an “on-line directory of secure consumer financial identity information for authentication and authorization for transaction processing, namely, payment processing.” While the Greenlist predates Bitcoin, this patent filing incorporates Bitcoin into its features.
Following is the Abstract of the patent application:
“The present invention relates to a network of registries that are: synchronized in whole or in part to a root registry; and are compilations of registrant data from accredited Identity Providers that accept liability for registering verified and accurate identity attributes. Registries associate a unique identifier with: a financial account owner’s Personally Identifying Information; one or more linked publicly discoverable ePayment addresses to an account at a Financial Institution; and a financial account owner’s profile of preferences related to the capture, handling, transfer and storage of monetary and informational assets. Preferences extensions include: operating instructions and rule sets; and authentication factors that may make use of time sensitive data at one or more institutions.”
“This invention relates to a computer system and method to a.) establish and validate an individual’s new and existing unique identity attributes related to the individual’s primary identity; b.) validate physical devices when used to effect the transfer, storage and retrieval of informational and/or monetary assets; c.) maintain safeguards to ensure that custodians of informational and monetary assets execute instructions of owners; and d.) facilitate the use of additional authentication factors when effecting the transfer, storage and retrieval of informational and/or monetary assets.”
It further defines the Greenlist:
“Greenlist.RTM. verified ePayments are safe and secure without consumers having to disclose any actual account or bankcard information whatsoever. In order to attain scale and ubiquity, this registry resource is operated by a network of synchronized Authoritative Parties that verify identities and payment addresses before transactions are made. Data in the Greenlist.RTM. network of registries are supplied by only Financial Institutions (FIs) functioning as registrars that accept the liability for accuracy. Registrars perform identity proofing of every registrant’s Personal Identifying Information (PII) prior to registering new linked identity attributes to the Greenlist.RTM. registry. A Relying Party obtains access to trusted registrant data from an Authoritative Party and may provide access for applications or individuals via its public or private portal.”
An example whereby a Bitcoin is used in the Grenlist was provided as follows:
“..a customer’s registration records may include identity attributes related to other information or transaction addresses. In one example, a registrant may wish to include a Bitcoin address, so that this address may be retrieved during a transaction when both parties agree to use Bitcoins as the currency. In this case, the payee (the customer) provides at least the identifier registered in the ePayments address registry. The payor, who may be either trusted or may be acting through a trusted entity, receives the payee’s Bitcoin payment address after the registry is queried, and may then proceed with the transfer. In other examples, other payment addresses, e.g., for bank accounts, PayPal.TM. accounts, etc., may be stored as identity attributes, possibly masked, hashed, or tokenized, and then retrieved for use.”
And finally, Anti-Money Laundering features are discussed:
“In cases where an anonymous Bitcoin ePayment address is registered in the Greenlist, Anti-Money Laundering (AML) concerns are alleviated because lawful interceptors now have a mechanism to subpoena records of the Identity Provider that functioned as the registrar of the Bitcoin ePayment address. In the future, the banks with customer accounts that are the final recipient account addresses of a multi-step money transfer, and where that transfer involves intermediate currency conversions, can be regulated to only receive money transfers from an intermediate Bitcoin currency account that is registered as paired with a sender’s unique identifier, and additionally when that sender’s identity is similarly registered as linked to the receiver. In this example, anonymity can be protected for commercial and privacy purposes but in extreme cases where threats to the state or public safety are concerns, a mechanism can exist for lifting the veil of anonymity after proper judicial review and permission is obtained.”
It is interesting to note that the patent application was filed on March 15th, a mere three days prior to FinCEN’s Guidance on “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies.”
While FinCEN’s “guidance” received mixed reviews by the Bitcoin Foundation, Anti-Money Laundering proposals for the cryptocurrency such as Payment Pathways’ Greenlist are being brought to the table while AML framework is being hammered out by bureaucrats. Clearly defined AML and KYC (Know Your Customer) systems are needed for larger players who have been stifled by the current regulatory and compliance climate. For instance, BitInstant has a lengthy AML statement (PDF) “Statement of BitInstant on Preventing Money Laundering and Illegal Activity through its Services and in the Bitcoin Network” but has apparently suspended operations since earlier this summer. While it is uncertain if Payment Pathways’ technology is an AML silver (green??) bullet and patent applications do not necessarily indicate there are commercial products ready, you can be certain that this patent application will be one of many to follow.