Basic Search / Detailed Display

Author: 彭聖貿
Sheng-Mao Peng
Thesis Title: 雙盲KYC資料共享區塊鏈框架
Double-Blind KYC Data Sharing Blockchain Framework
Advisor: 羅乃維
Nai-Wei Lo
Committee: 羅乃維
Nai-Wei Lo
吳宗成
Tzong-Chen Wu
黃政嘉
Jheng-Jia Huang
Degree: 碩士
Master
Department: 管理學院 - 資訊管理系
Department of Information Management
Thesis Publication Year: 2021
Graduation Academic Year: 109
Language: 英文
Pages: 62
Keywords (in Chinese): 區塊鏈IPFSKnow Your Customer(KYC)雙盲
Keywords (in other languages): Blockchain, IPFS, Know Your Customer(KYC), Double-Blind
Reference times: Clicks: 434Downloads: 1
Share:
School Collection Retrieve National Library Collection Retrieve Error Report
  • 金融機構在對顧客做Know-Your-Customer(KYC)流程的第一步就是蒐集及驗證顧客資料來確認顧客的身份。傳統的做法不僅耗時而且成本昂貴,雖然目前有多個基於區塊鏈提出的解決方案可以重複利用顧客資料,但大部分都會在過程中透露金融機構和顧客的關係。這個原因會影響到參加共享KYC資料平台的意願,因為在現實世界中金融機構之間具有業務競爭關係,他們都不希望在過程中洩露資訊使得自己的競爭力降低。

    本論文提出雙盲KYC資料共享區塊鏈框架。框架中結合區塊鏈與IPFS技術。利用公會在聯盟區塊鏈中運行代理節點,並代理多家銀行執行區塊鏈交易,以便混肴銀行在區塊鏈上的身份。讓銀行間可以互相分享資料,而且在過程中不揭露身份,達成雙盲資料分享。授權分享過程和授權請求過程中利用授權書,保證經過顧客授權同意,銀行和公會才能執行資料分享,另外在過程中會有審計員進行自動化稽核。最後,我們針對不同銀行個數做授權請求流程的效能實驗,以及針對框架進行安全性分析。結果顯示,本框架能以安全且高效率的方式幫助銀行取得顧客在其他銀行留下的KYC資料。以總銀行數為32家的實驗來說,銀行以平均每個5MB檔案花費1.63秒的速度來取回32個KYC資料。


    The first step in a financial institution's Know-Your-Customer (KYC) process is to collect and verify customer data and identify the customer. The traditional approach is not only time consuming but also costly. While several blockchain-based solutions can reuse customer data, most of them reveal the relationship between the financial institution and the customer during the process. This affects the willingness of participating in KYC data sharing platforms because, in the real world, financial institutions have a competitive business relationship with each other and do not want to be less competitive by revealing information.

    This thesis proposes a double-blind KYC data sharing blockchain framework. The framework combines blockchain and IPFS technologies. It uses associations to run proxy nodes in consortium blockchains and execute blockchain transactions on behalf of multiple banks to mix the identity of banks on the blockchain. This allows the banks to share data without revealing their identities in the process and enables double-blind data sharing. The authorized sharing and requesting protocol utilize warrants to ensure that banks and associations can only perform data sharing with the customer's authorized consent. In addition, an auditor will conduct automated audits during the processes. Finally, we ran performance experiments of the authorized requesting protocol with different numbers of banks and performed security analysis on the framework. The results show that our framework helps banks to securely and efficiently get customer KYC data from other banks. In an experiment with 32 banks, the bank obtained 32 KYC files at an average speed of 1.63 seconds per 5MB file.

    摘要 I Abstract II Acknowledgement III Table of Contents IV List of Figures VI List of Tables VII Chapter 1 Introduction 1 1.1 Background 1 1.2 Objective and Contribution 3 Chapter 2 Related Work 5 2.1 Preliminaries 5 2.1.1 Blockchain Technology 5 2.1.2 Smart Contract 7 2.1.3 InterPlanetary File System 8 2.2 Literature Review 9 Chapter 3 Proposed Framework 16 3.1 Framework Architecture 16 3.2 Smart Contact Design 21 3.3 Proposed Protocols 22 3.3.1 System Setup Protocol 23 3.3.2 Authorized Sharing Protocol 24 3.3.3 Authorized Requesting Protocol 27 3.3.4 Automated Auditing Protocol 36 Chapter 4 Experiment and Analysis 41 4.1 Experimental Environment and Prototype Implementation 41 4.2 Performance Analysis 43 4.3 Security Analysis 45 Chapter 5 Conclusion and Future Work 47 References 49

    [1] "History of Anti-Money Laundering Laws," [Online]. Available: https://www.fincen.gov/history-anti-money-laundering-laws. [Accessed 1 June 2021].
    [2] "Prevention of Criminal Use of the Banking System for the Purpose of Money-laundering," December 1998. [Online]. Available: https://www.bis.org/publ/bcbsc137.pdf. [Accessed 1 June 2021].
    [3] "Customer Due Diligence for Banks," October 2001. [Online]. Available: https://www.bis.org/publ/bcbs85.pdf. [Accessed 1 June 2021].
    [4] "Methodology for Assessing Compliance with the FATF 40 Recommendations and FATF 9 Special Recommendations," [Online]. Available: https://www.fatf-gafi.org/publications/fatfrecommendations/documents/methodologyforassessingcompliancewiththefatf40recommendationsandfatf9specialrecommendations.html. [Accessed 1 June 2021].
    [5] "Thomson Reuters 2016 Know Your Customer Surveys Reveal Escalating Costs and Complexity," 9 May 2016. [Online]. Available: https://www.thomsonreuters.com/en/press-releases/2016/may/thomson-reuters-2016-know-your-customer-surveys.html. [Accessed 1 June 2021].
    [6] "Thomson Reuters 2017 Global KYC Surveys Attest to Even Greater Compliance Pain Points," 26 October 2017. [Online]. Available: https://www.thomsonreuters.com/en/press-releases/2017/october/thomson-reuters-2017-global-kyc-surveys-attest-to-even-greater-compliance-pain-points.html. [Accessed 1 June 2021].
    [7] G. Denson, A. Wani and A. Bhatia, "A Blockchain Based Solution To Know Your Customer (KYC) Dilemma," in 2019 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), Goa, India, 2019.
    [8] E. Maguire and T. Y. Chia, "Could Blockchain Be the Foundation of a Viable KYC Utility?," [Online]. Available: https://assets.kpmg/content/dam/kpmg/xx/pdf/2018/03/kpmg-blockchain-kyc-utility.pdf. [Accessed 1 June 2021].
    [9] S. Nakamoto, "Bitcoin: A Peer-to-Peer Electronic Cash System," [Online]. Available: https://bitcoin.org/bitcoin.pdf. [Accessed 1 June 2021].
    [10] V. Buterin, "A Next-Generation Smart Contract and Decentralized Application Platform," 2013. [Online]. Available: https://ethereum.org/en/whitepaper/. [Accessed 1 June 2021].
    [11] L. Madaan, A. Kumar and B. Bhushan, "Working Principle, Application Areas and Challenges for Blockchain Technology," in 2020 IEEE 9th International Conference on Communication Systems and Network Technologies (CSNT), Gwalior, India, 2020.
    [12] M. Belotti, N. Božić, G. Pujolle and S. Secci, "A Vademecum on Blockchain Technologies: When, Which, and How," IEEE Communications Surveys & Tutorials, vol. 21, no. 4, pp. 3796 - 3838, 2019.
    [13] A. A. Monrat, O. Schelén and K. Andersson, "A Survey of Blockchain From the Perspectives of Applications, Challenges, and Opportunities," IEEE Access, vol. 7, pp. 117134 - 117151, 2019.
    [14] Z. Zheng, S. Xie, H. Dai, X. Chen and H. Wang, "An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends," in 2017 IEEE International Congress on Big Data (BigData Congress), Honolulu, HI, USA, 2017.
    [15] K. Wüst and A. Gervais, "Do you Need a Blockchain?," in 2018 Crypto Valley Conference on Blockchain Technology (CVCBT), Zug, Switzerland, 2018.
    [16] V. Buterin, "On Public and Private Blockchains," 7 August 2015. [Online]. Available: https://blog.ethereum.org/2015/08/07/on-public-and-private-blockchains/. [Accessed 1 Jine 2021].
    [17] W. Zou, D. Lo, P. S. Kochhar, X.-B. D. Le, X. Xia, Y. Feng, Z. Chen and B. Xu, "Smart Contract Development: Challenges and Opportunities," IEEE Transactions on Software Engineering, 2019.
    [18] N. Szabo, "Smart Contracts: Building Blocks for Digital Markets," 1996. [Online]. Available: https://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinterschool2006/szabo.best.vwh.net/smart_contracts_2.html. [Accessed 1 June 2021].
    [19] "Ethereum Github Repository," [Online]. Available: https://github.com/ethereum. [Accessed 1 June 2021].
    [20] "Bitcoin Github Repository," [Online]. Available: https://github.com/bitcoin/bitcoin. [Accessed 1 June 2021].
    [21] "Hyperledger Fabric Github Repository," [Online]. Available: https://github.com/hyperledger/fabric. [Accessed 1 June 2021].
    [22] "Quorum Github Repository," [Online]. Available: https://github.com/ConsenSys/quorum. [Accessed 1 June 2021].
    [23] "Corda Github Repository," [Online]. Available: https://github.com/corda/corda. [Accessed 1 June 2021].
    [24] J. Benet, "IPFS-Content Addressed, Versioned, P2P File System (DRAFT 3)," 2014. [Online]. Available: https://raw.githubusercontent.com/ipfs/papers/master/ipfs-cap2pfs/ipfs-p2p-file-system.pdf. [Accessed 1 June 2021].
    [25] "IPFS Powers the Distributed Web," [Online]. Available: https://ipfs.io. [Accessed 1 June 2021].
    [26] Moyano, J. Parra and O. Ross, "KYC Optimization Using Distributed Ledger Technology," Business & Information Systems Engineering, vol. 59, pp. 411-423, 2017.
    [27] N. Lalitha and D. Soujanya, "Financial Sector Innovations: Empowering Microfinance Through the Application of KYC Blockchain Technology," in 2019 International Conference on Digitization (ICD), Sharjah, United Arab Emirates, 2019.
    [28] P. Yadav and R. Chandak, "Transforming the Know Your Customer (KYC) Process Using Blockchain," in 2019 International Conference on Advances in Computing, Communication and Control (ICAC3), Mumbai, India, 2019.
    [29] M. Kumar, Nikhil and P. Anand, "A Blockchain Based Approach for an Efficient Secure KYC Process With Data Sovereignty," International Journal of Scientific & Technology Research, vol. 9, no. 1, pp. 3403-3407, 2020.
    [30] A. A. Mamun, S. R. Hasan, M. S. Bhuiyan, M. S. Kaiser and M. A. Yousuf, "Secure and Transparent KYC for Banking System Using IPFS and Blockchain Technology," in 2020 IEEE Region 10 Symposium (TENSYMP), Dhaka, Bangladesh, 2020.
    [31] R. Shashank, C. Chhabra and N. G. Cholli, "Compliance, Application of Blockchain in KYC," European Journal of Engineering and Technology Research, vol. 5, no. 7, pp. 781-784, 2020.
    [32] R. Norvill, C. Cassanges, W. Shbair, J. Hilger, A. Cullen and R. State, "A Security and Privacy Focused KYC Data Sharing Platform," in Proceedings of the 2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure, New York, NY, USA, 2020.
    [33] H. Gunasinghe, A. Kundu, E. Bertino, H. Krawczyk, S. Chari, K. Singh and D. Su, "PrivIdEx: Privacy Preserving and Secure Exchange of Digital Identity Assets," in The World Wide Web Conference, San Francisco, CA, USA, 2019.
    [34] K. Bhaskaran, P. Ilfrich, D. Liffman, C. Vecchiola, P. Jayachandran, A. Kumar, F. Lim, K. Nandakumar, Z. Qin, V. Ramakrishna, E. G. Teo and C. H. Suen, "Double-Blind Consent-Driven Data Sharing on Blockchain," in 2018 IEEE International Conference on Cloud Engineering (IC2E), Orlando, FL, USA, 2018.
    [35] "Confirm Your Identity," [Online]. Available: https://www.paypal.com/sg/webapps/mpp/confirm-your-identity. [Accessed 1 June 2021].

    QR CODE