FIELD

The present disclosure relates to electronic systems for handling a transaction and in particular a method, apparatus and system for enabling a settlement a transaction of a cryptographic asset.

BACKGROUND

The use of computers and electronic systems has expanded massively in many ways and allows today to perform commercial or financial transactions digitally. Such transactions involve traditional currencies in exchange for goods or services but may also involve a cryptographic currency.

However, handling transactions in a cryptographic currency presents new challenges compared to handling transaction with traditional currencies. Many problems arise due to the properties tied to the very nature of the cryptographic currency. A cryptographic currency relies on a cryptographic key that controls the spending of the cryptographic currency by its owner. The cryptographic key is usually in a digital form, which may increase its accessibility by unauthorized parties. The cryptographic currency itself is in a digital form which is prone to an increased risk of theft or loss. Conventional systems for clearing and settling trades from marketplaces require real time settlement (i.e. performed instantly). However, a settlement of a transaction in a cryptographic currency cannot be done instantly and depends on a speed of a network of nodes performing or validating the transaction.

There is a need for a technical solution that overcomes the above problems in an electronic transaction system based on cryptographic currencies.

SUMMARY

An object of the present disclosure is to provide methods, an apparatus, a system, a secure storage medium which seeks to mitigate, alleviate, or eliminate one or more of the above-identified deficiencies in the art and disadvantages singly or in any combination.

There is a need for an improved method for enabling settlement of a transaction of a cryptographic asset, such as a method for enabling an improved settlement of a transaction of a cryptographic asset (e.g. a faster, or instant, or real-time settlement, with an increased security or robustness against attacks).

This object is obtained by a method for enabling a settlement of one or more transactions of one or more cryptographic assets between users selected from a user set. Each user from the user set is assigned a user identifier. The cryptographic asset is controlled by a cryptographic key. The method comprises obtaining a register comprising one or more entries, each entry comprising a cryptographic asset value and a user identifier. The method comprises receiving an instruction to settle at least one of the one or more transactions. The at least one transaction comprises transaction information including a cryptographic asset value to be settled, a receiver user identifier and a sender user identifier. The method comprises applying to the one or more transactions a mapping based on an optimization criterion to obtain one or more mapped transactions comprising mapped transaction information including one or more mapped cryptographic asset values to be settled, one or more mapped receiver user identifiers and one or more mapped sender user identifiers. The method comprises determining in the register the one or more entries that comprise the one or more mapped sender user identifiers and one or more cryptographic asset values exceeding or amounting to the mapped cryptographic asset value to be settled. The method comprises modifying each of the determined one or more entries by replacing the mapped sender user identifier of each determined entry with the mapped receiver user identifier in accordance with the mapped transactions, to thereby settle the one or more transactions.

This disclosure relates to a settlement apparatus of one or more transactions of one or more cryptographic assets between users selected from a user set. Each user from the user set is assigned a user identifier. The cryptographic asset is controlled by a cryptographic key. The apparatus comprises an interface, a processor, and a memory unit. The apparatus is configured to receive an instruction to settle at least one of the one or more transactions. The at least one transaction comprises transaction information including a cryptographic asset value to be settled, a receiver user identifier and a sender user identifier. The apparatus is configured to apply to the one or more transactions a mapping based on an optimization criterion to obtain one or more mapped transactions comprising mapped transaction information including one or more mapped cryptographic asset values to be settled, one or more mapped receiver user identifiers and one or more mapped sender user identifiers. The apparatus is configured to determine in the register the one or more entries that comprise the one or more mapped sender user identifiers and one or more cryptographic asset values exceeding or amounting to the mapped cryptographic asset value to be settled. The apparatus is configured to modify each of the determined one or more entries by replacing the mapped sender user identifier of each determined entry with the mapped receiver user identifier in accordance with the mapped transactions, to thereby settle the one or more transactions. The apparatus is configured to store the register with the one or more modified entries in the memory unit.

The method and apparatus for enabling settlement disclosed herein provide an instant or real-time settlement of a transaction of a cryptographic asset without the need to digitally access the cryptographic key, which thus reduces the risk of illicit access to the cryptographic keys. The method and apparatus for enabling settlement disclosed herein allows thus storage of the cryptographic key(s) to be more secure against illicit access to the cryptographic key as access to the cryptographic key(s) is not needed in enabling the settlement of the transaction. The method and apparatus for enabling settlement disclosed herein provide e.g. an instantaneous settlement that may then allow an exchange system between users to be built based on the method and settlement apparatus disclosed herein.

The method and apparatus for enabling settlement disclosed herein is capable of handling a large number of settlements of transaction (such as thousands, such as millions, or more) at the same time between users of a user set (e.g. a group of participants in a trading or transaction system).

It is an advantage of the present disclosure that to enable settlement of a transaction, the settlement apparatus disclosed herein does not depend on a network of nodes performing or validating the transaction. The settlement apparatus disclosed herein is enabled to perform a transaction settlement independently and with minimal overhead, e.g. computational overhead, communication overhead.

It is an advantage of the present disclosure that it achieves the advantages above without co-mingling of the cryptographic assets. Also disclosed is a secure storage medium configured to store a cryptographic key controlling a cryptographic asset. The secure storage medium comprises an offline storage medium and/or an off-device storage medium, or an online storage medium. There is also disclosed a physical vault, strong room or safe, which is configured to store a plurality of secure storage medium. The vault, strong room or safe may comprise further theft prevention and7or protection devices to ensure physical safety of the added secure storage medium against theft or external damages. Access to the vault may be restricted to individual selected persons.

This disclosure also relates to a method for producing a secure storage medium for a cryptographic key controlling a cryptographic asset. The method comprises generating a key pair including a public key and a private key. The private key is the cryptographic key controlling the cryptographic asset. The method comprises storing the key pair on the secure storage medium. The method comprises verifying that the stored key pair corresponds to the generated key pair, and sealing a part of the secure storage medium comprising the private key.

In an aspect, the method may also comprise storing the public key in an non-detectable way on or in the secure storage medium. In this regard the expression "non-detectable way" refers to a method for retrieving the public key on or in the secure storage medium without tampering, damaging, destroying or modifying the secure storage medium. In other words, the public key can be retrieved from the secure storage medium without affecting the secure storage medium and as such may be

undetectable. In another aspect of the above method, the private key of the key pair is stored on or in the secure storage medium in a detectable way. The term detectable way refers to a permanent modification of the secure storage medium when retrieving the private key of the key pair.

The secure storage medium and the method for producing the secure storage medium disclosed herein provide robustness against the risk of theft or loss of the cryptographic asset or the cryptographic key, and against unauthorized access to the cryptographic key controlling the cryptographic asset. The secure storage medium and the method for producing the secure storage medium disclosed herein provide detection of spending of the cryptographic asset, as revealing the part of the secure storage medium comprising the private key (i.e. the cryptographic key controlling the cryptographic asset) would result into a permanent detectable modification of the secure storage medium. In an example, the storage medium comprises a seal, which is irreversible modified, when the private key is accessed. The secure storage medium may comprise a bar, rod, coin and the like, on which the public key is visibly attached upon. The public key may be imprinted, baked, annealed or otherwise stored on the medium either alone or alongside with other information, e.g. serial number, date of imprint and the like. The public key cannot be changed without modifying the secure storage medium, but it can be read without modifying it. On the other hand, the private key may be arranged inside the respective storage medium, or at a location which is not accessible from the outside without irreversible modifying the storage medium.

For example the private key may be stored within a metal bar or rod. Revealing the part of the secure storage medium comprising the private key (i.e. the cryptographic key controlling the cryptographic asset) would result in physically breaking the sealing of the bar, which leaves a permanent mark on the bar.

This disclosure relates to a settlement system for one or more transactions of one or more cryptographic assets between users selected from a user set. Each user from the user set being assigned a user identifier. The cryptographic asset is controlled by a cryptographic key. The system comprises an apparatus as disclosed herein; a secure storage medium as disclosed herein. The apparatus is configured to store the one or more key pairs in the secure storage medium.

The settlement system disclosed herein allows a cryptographic asset to be stored securely on a secure storage medium and guarded in a secure location e.g. a vault, while being instantly tradable. For example, the trading does not need to involve physically moving the cryptographic asset from a seller's secure location to a buyer's secure location, and/or to be performed over a network of validating nodes (e.g.

blockchain).

Also disclosed is a computer program, comprising computer readable code which, when run on an apparatus, causes the apparatus to perform the method for enabling a settlement as disclosed herein.

The computer programs, the apparatuses, the systems provide advantages

corresponding to the advantages already described in relation to the method for enabling settlement disclosed herein.

This disclosure relates to a method for examining a cryptographic key, such as examining a cryptographic key of a set of existing cryptographic keys, to e.g.

reasonably prove that control is maintained and/or retained for the set of existing cryptographic keys. The cryptographic key controls a cryptographic asset. The method comprises generating a seed number, and generating a selection number based on the seed number. The method comprises selecting an entry in a register based on the selection number, and obtaining the cryptographic key corresponding to the selected entry. The method comprises performing a transaction of the cryptographic asset to an empty entry of the register using the obtained cryptographic key.

The method for examining a cryptographic key disclosed herein provides an advantage in terms of auditing, proof control of the cryptographic asset by the cryptographic key as well as robustness against any attempt to deceive the examining.

Also disclosed is a computer program, comprising computer readable code which, when run on an apparatus, causes the apparatus to perform the method for examining a cryptographic key as disclosed herein.

The computer programs provide advantages corresponding to the advantages already described in relation to the method for examining a cryptographic key as disclosed herein.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other features and advantages will become readily apparent to those skilled in the art by the following detailed description of exemplary embodiments thereof with reference to the attached drawings, in which:

Fig. 1 schematically illustrates an exemplary system and users according to this disclosure,

Fig. 2a schematically illustrates an exemplary settlement apparatus for enabling settlement according to this disclosure, Fig. 2b schematically illustrates an exemplary secure storage medium according to this disclosure,

Fig. 3 a-c schematically illustrates exemplary methods for enabling settlement of a transaction according to this disclosure,

Fig. 4 schematically illustrates exemplary methods for producing a secure storage medium according to this disclosure,

Fig. 5 schematically illustrates exemplary methods for examining a cryptographic key according to this disclosure. DETAILED DESCRIPTION

Various embodiments are described hereinafter with reference to the figures. Like reference numerals refer to like elements throughout. Like elements will, thus, not be described in detail with respect to the description of each figure. It should also be noted that the figures are only intended to facilitate the description of the embodiments. They are not intended as an exhaustive description of the claimed invention or as a limitation on the scope of the claimed invention. In addition, an illustrated embodiment needs not have all the aspects or advantages shown. An aspect or an advantage described in conjunction with a particular embodiment is not necessarily limited to that embodiment and can be practiced in any other embodiments even if not so illustrated, or if not so explicitly described. Aspects of the present disclosure will be described more fully hereinafter with reference to the accompanying drawings. The methods, apparatus, system, storage medium disclosed herein can, however, be realized in many different forms and should not be construed as being limited to the aspects set forth herein.

The terminology used herein is for the purpose of describing particular aspects of the disclosure only, and is not intended to limit the invention.

Throughout, the same reference numerals are used for identical or corresponding parts.

The present teaching relates to enabling or facilitating or implementing settlement of one or more transactions of one or more cryptographic assets. The present technique is applicable to any electronic system for handling transactions.

As mentioned in the background, transaction of a cryptographic asset presents a number of challenges to be performed, due to the very nature of the cryptographic asset.

As used herein the term "cryptographic asset" refers to an asset controlled by a cryptographic key. The asset refers to an economic resource that may be owned and traded and that has a value, such as a positive economic value that is convertible into a currency. A cryptographic key refers to a key or a piece of data that controls a cryptographic algorithm. For a cryptographic asset, the cryptographic key controls the algorithm for releasing or spending the underlying cryptographic asset value associated with the cryptographic asset. An algorithm for releasing or spending the cryptographic asset comprises a digital signature generation algorithm based on the cryptographic key and a previous transaction. The cryptographic key may be a private key of the private-public key pair in e.g. a public key crypto-system. The cryptographic asset comprises any product derivable from a unit of a cryptographic currency, such as a digital currency, such as a virtual currency. The cryptographic asset may be referred to as an electronic asset, a virtual asset, and/or a digital asset as long as it is controlled by a cryptographic key. For example, the cryptographic asset refers to a bitcoin.

Existing settlement systems of cryptographic asset transactions perform transactions from a source to a destination over a network of nodes that verify and/or validate the transaction. To perform a transaction, nodes in the network have to verify a signature of the transaction and additional information comprising previous transactions of the same cryptographic asset. If successfully verified and/or validated, the nodes may create a new block comprising all transactions since the last block and add the new block in a global public ledger or blockchain. Verifying and/or validating the transaction comprise performing a proof-of-work for a new block. The propagation and verification over the network of nodes takes time, e.g. 10 min or more. This is a drawback that makes transactions with cryptographic assets non-instantaneous, cumbersome and/or hard to rely on and therefore limits their deployment. Indeed, many settlements of transactions (e.g. "everyday" payments, delivery versus payment) require instant or real time settlement.

Additionally, systems for enabling settlements may be online which increases the risk of exposure to illegitimate access to the cryptographic key that controls the

cryptographic asset, such as to the illegitimate spending thereof. An approach may be to store the cryptographic key off-line and/or off-device. However, such an approach in an online settlement system prevents any settlement of transactions without having immediate access to the cryptographic key and immediate access to the cryptographic keys is not possible when the cryptographic key is stored off-line and/or off-device.

It is an advantage of the present disclosure that online settlements of transactions are enabled while the cryptographic keys are kept stored securely (e.g. off-line and/or off- device).

Another approach may be to store keys in physical form and to pool all deposited cryptographic assets in a common pool for many users and then set up off-blockchain balances for each user and then change only the balances and let the underlying assets stay co-mingled in the pool. However such an approach presents many issues. Namely, it is not possible for the individual user to have the real cryptographic asset allocated or physically dedicated to him as the real cryptographic asset are comingled with other users' cryptographic assets in the pool. This renders a handling of a bankruptcy scenario, default or other force majeure situation disadvantageous to the user. Such an approach also does not permit auditing of cryptographic assets by e.g. a user to check his own fund or by others.

It is an advantage of the present disclosure that it avoids co-mingling of the

cryptographic asset and still provides instant settlement and auditing, while reducing the risk of theft or loss of the cryptographic key.

Fig. 1 schematically illustrates an exemplary settlement system and users of the settlement system. Fig. 1 shows a settlement system 100, a network 130, users 120, 121 ,122. The settlement system 100 comprises a settlement apparatus 101 for enabling settlement of one or more transactions and a secure storage medium 201 as disclosed herein. Users 120, 121 , 122 utilize the settlement system 100 to execute a transaction of a cryptographic asset. Users 120, 121 , 122 may be members or users of the settlement system 100 to perform a transaction of a cryptographic asset.

Settlement system 100 may assign user identifier to each user 120, 121 , 122 in a user set. In other words, settlement system 100 handles a user set comprising users 120, 121 , 122, wherein each user 120, 121 , 122 is assigned a user identifier. A user 120, 121 , 122 may be assigned one or more identifiers. The user set may comprise all users in the settlement system 100. Users 120, 121 , 122 may communicate with settlement system 100 across a network 130, such as a communication network, e.g. the Internet. Settlement system 100 may comprise e.g. an exchange system for cryptographic assets, a cryptographic asset depository system, a cryptographic asset custodian system, and/or a cryptographic asset clearing-house. The settlement system 100 provides all the advantages of using a secure storage medium without the

inconveniences. Namely, the settlement system provides robustness against the risk of illicit access through the secure storage medium during a transaction of a

cryptographic asset and enables the transaction to be performed using the apparatus 101. It also enabled to physically separate the secure storage medium from the apparatus 101 or from any user using the settlement system. As described in greater detail below with respect to Figure 2b, the secure storage medium 201 is configured to store a cryptographic key controlling a cryptographic asset. As the cryptographic asset is assigned to a user, a plurality of such secure storage mediums can be physically collected and stored at a safe location, i.e. a vault, safe and the like. Protection against theft, or hazardous events can therefore be achieved for a plurality of such secure storage mediums, while the assets assigned to them are easily tradeable. Fig. 2a schematically illustrates an exemplary settlement apparatus 101 for enabling settlement of one or more transactions according to this disclosure. The exemplary settlement apparatus 101 is configured to enable one or more transactions of one or more cryptographic assets between users 120, 121 , 122 selected from a user set. The exemplary settlement apparatus 101 is configured to e.g. facilitate, accelerate execution, and/or assist in performing one or more transactions. Each user 120, 121 , 122 from the user set is assigned a user identifier. The apparatus 101 may assign a user identifier to each user 120, 121 , 122 in the user set. The cryptographic asset is controlled by a cryptographic key. The apparatus 101 comprises an interface 102, a processor 103, and a memory unit 104. The apparatus 101 is configured to obtain a register comprising one or more entries, each entry comprising a cryptographic asset value and a user identifier. The apparatus 101 obtains the register from e.g. the memory unit 104, or via the interface 102 from a remote data storage unit. The register may be a database, a table with entries. The apparatus 101 is configured to receive an instruction to settle at least one of the one or more transactions. The apparatus 101 is configured to receive an instruction to settle at least one of the one or more

transactions via the interface 102, e.g. from a user 120, 121 , 122 or a user

representative, and/or from a settlement system 100.

In one or more embodiments, an instruction is generated if there is sufficient cryptographic asset value in the sender user's entries, such as in the sender user's account, to enable the transaction of the cryptographic asset from the sender user to receiver user. The instruction may be generated by the settlement system 100.

The at least one transaction comprises transaction information. Transaction information includes a cryptographic asset value to be settled, a receiver user identifier and a sender user identifier. The apparatus 101 is configured to apply to the one or more transactions a mapping based on an optimization criterion to obtain one or more mapped transactions. The apparatus 101 applies the mapping using the processor 103. The processor 103 comprises e.g. an apply mapping module. The mapping based on an optimization criterion comprises a function or an algorithm wherein the criterion to be optimized comprises the overall number of ongoing transactions to be minimized. The one or more mapped transactions comprises mapped transaction information including one or more mapped cryptographic asset values to be settled, one or more mapped receiver user identifiers and one or more mapped sender user identifiers. The one or more mapped receiver user identifiers comprise the receiver user identifier, and/or user identifiers of other users in the user set, such as receiver users and/or sender users. The one or more mapped sender user identifiers comprise the sender user identifier, and/or user identifiers of other users in the user set, such as receiver users and/or sender users.

The apparatus 101 is configured to determine in the register the one or more entries that comprise the one or more mapped sender user identifiers and one or more cryptographic asset values exceeding or amounting to the mapped cryptographic asset value to be settled. The apparatus 101 determines, using the processor 103, in the register the one or more entries that comprise the one or more mapped sender user identifiers and one or more cryptographic asset values exceeding or amounting to the mapped cryptographic asset value to be settled. The processor 103 comprises e.g. a determine module. For example, when the settlement system has not checked that there is sufficient cryptographic asset value in the sender user's entries, such as in the sender user's account, to enable the transaction of the cryptographic asset from the sender user to receiver user, before generating the instruction, and when there are no entries that comprise the one or more mapped sender user identifiers and one or more cryptographic asset values exceeding or amounting to the mapped cryptographic asset value to be settled, then the apparatus 101 aborts the transaction.

The apparatus 101 is configured to modify each of the determined one or more entries by replacing the mapped sender user identifier of each determined entry with the mapped receiver user identifier in accordance with the mapped transactions, to thereby settle the one or more transactions. The apparatus 101 modifies the entries using the processor 103. The processor 103 comprises e.g. a modify module. It is an advantage of this disclosure that a computational overhead is significantly reduced at the system 100 and apparatus 101 for settling transactions compared to settling transactions over a network node, such as over the blockchain.

The apparatus 101 is configured to store the register including the one or more modified entries in the memory unit 104. The apparatus 101 may store the register including the one or more modified entries in a remote data storage unit

According to some aspects, to apply to the one or more transactions a mapping based on an optimization criterion comprises combining input transaction to one or more users with output transaction from the one or more users across the one or more transactions in order to minimize a number of transactions to be performed. The apparatus 101 combines, using the processor 103, input transaction to a user with output transaction from the user across the one or more ongoing transactions so as to obtain a reduced number of transactions that the apparatus 101 has to perform. In other words, the apparatus 101 balances input transaction to a user identifier with output transaction from the user identifier across user identifiers or entries having one or more ongoing transactions. The apparatus 101 e.g. nets out inflow and outflow transaction related to user identifiers having one or more ongoing transactions. For example the apparatus performs bilateral netting and/or multilateral netting of the transactions. This may result in a reduced number of overall transactions to be performed by the apparatus 101 by redirecting mapped transaction from mapped sender user identifier to mapped receiver user identifier. It may be an advantage of this disclosure that a reduced computational overhead further achieved at the system 100 and apparatus 101 in settling transactions compared to performing each transaction with no combining. The processor 103 comprises e.g. a combine module.

In an illustrative example where the present technique is applicable, it is assumed that a first transaction comprises sender user 120 (with user identifier "120"), receiver user 122, and a cryptographic asset value to be settled of 1. In other words, the apparatus 101 has to enable settlement of a first transaction where user 120 sends user 122 a cryptographic asset value of 1. A second transaction to be handled by apparatus 101 comprises sender user 121 , receiver user 120, and a cryptographic asset value to be settled of 2. A third transaction comprises sender user 122, receiver user 121 , and a cryptographic asset value to be settled of 1. The apparatus 101 by applying the mapping disclosed above combines the first, second and third transaction into one mapped transaction, namely a transaction that involves sender user 121 sending to receiver user 120 a cryptographic asset of value 1.

In one or more embodiments, the apparatus 101 is configured to determine whether the one or more entries that comprise the sender user identifier comprise one or more cryptographic asset values exceeding or amounting to the cryptographic asset value to be settled. When it is determined that the one or more entries comprise one or more cryptographic asset values amounting to the cryptographic asset value to be settled, then the apparatus 101 is configured to modify the user identifier of the one or more identified entries from the sender user identifier to the receiver user identifier, in order to settle the at least one transaction. For example, the apparatus 101 handles a transaction that involves sender user 122 sending to receiver user 120 a cryptographic asset of value 1. When it is determined by the apparatus 101 that in the register there are entries corresponding to sender user 122 and comprising one or more

cryptographic asset values exceeding or amounting to 1 , the apparatus 101 then modifies in the register the user identifier of those entries from user identifier "#122" of sender user 122 to user identifier "#120"of receiver user 120.

In one or more embodiments, to obtain a register the apparatus 101 is configured to receive the cryptographic asset, the cryptographic asset comprising the cryptographic asset value. The apparatus 101 receives the cryptographic asset via the interface 102 from e.g. the user 120, 121 , 122. The apparatus 101 is configured to obtain the user identifier for the cryptographic asset. The apparatus 101 may obtain the user identifier for the cryptographic asset from the user 120, 121 , 122, or from the processor 103, or from the system 100. The apparatus 101 may authenticate the user 120, 121 , 122, using processor 103 and then obtain the user identifier. The apparatus 101 is configured to itemize the cryptographic asset value according to a distribution function. The processor 103 may itemize the cryptographic asset value according to a distribution function. The processor 103 comprises e.g. an itemizer module. The distribution function may be based on a plurality of arbitrary units, and/or a total number N of user identifiers in the register or in the system. The distribution function may be configured to achieve a target cryptographic asset value distribution that provides in the register at least N cryptographic asset values itemized in each arbitrary unit. The processor 103 may itemize the cryptographic asset value so as to obtain cryptographic asset values divided in a plurality of arbitrary units, such as denominated in a plurality of arbitrary units. Arbitrary units are for example binary arbitrary units, decimal arbitrary units, an arbitrary unit from a (1 , 2, 5) series, and/or any other arbitrary units.

In an illustrative example where the proposed technique is applicable, the arbitrary unit is binary, the size of the user set is n (e.g. n accounts) and the itemized crypto values present in the apparatus or system are as follows: Arbitrary unit in binary base: number of itemized cryptographic asset values per arbitrary unit:

1 n+3

2 n

4 n+1

8 n+2

16 n-2 32 0

When e.g. a cryptographic asset of value 33 is to be added in the apparatus and/or system with the above itemized crypto values available, the distribution function achieving a target of at least N cryptographic asset values itemized in each arbitrary unit adds 2x16 and 1x1 arbitrary units for itemized crypto asset value instead of the 1x32 and 1x1 arbitrary units.

The apparatus 101 is configured to generate one or more entries corresponding to one or more parts of the itemized cryptographic asset value. Each entry comprises a part of the itemized cryptographic value, and the user identifier. The processor 103 may generate one or more entries corresponding to one or more parts of the itemized cryptographic asset value. The apparatus 101 is configured to add the one or more generated entries to the register. The processor 103 may add the one or more generated entries to the register and store the register in the memory unit 104. The processor 103 comprises e.g. an generator module and an add module. In one or more embodiments, the apparatus 101 itemizing the cryptographic asset value is configured to generate one or more key pairs for the part of the itemized cryptographic asset value. Each key pair includes a private key and a public key. The one or more private keys are configured to control the part of the itemized

cryptographic asset value ( e.g. are used as the cryptographic key controlling the part of the itemized cryptographic asset value). The processor 103 may generate one or more key pairs for each part of the itemized cryptographic asset value, such a key pair of a public key cryptosystem. Public key cryptosystems include e.g. cryptosystems based on elliptic curves, RSA cryptosystem, DH cryptosystem, McEliece cryptosystem, EIGamal cryptosystem etc. The apparatus 101 is configured to assign the one or more generated key pairs to the part of the itemized cryptographic asset value. The processor 103 may assign the one or more generated key pairs to the part of the itemized cryptographic asset value. The apparatus 101 is configured to generate an asset identifier based on each public key and assign the generated asset identifier to the part of the itemized cryptographic asset value. The processor 103 may generate an asset identifier based on each public key and assign the generated asset identifier to the part of the itemized cryptographic asset value.

The apparatus 101 is configured to store the one or more key pairs in a secure storage medium corresponding to the part of the itemized cryptographic asset value. The processor 103 may store the one or more key pairs in a secure storage medium corresponding to the part of the itemized cryptographic asset value.

Fig. 2b schematically illustrates an exemplary secure storage medium 201 according to this disclosure. The secure storage medium 201 is configured to store a cryptographic key controlling a cryptographic asset. The secure storage medium 201 is e.g. for use in a settlement system 100. The secure storage medium 201 may comprise an off-line and/or off-device storage medium 202 to store the cryptographic key. Alternatively or additionally, the secure storage medium 201 may comprise an online storage medium 203 to store the cryptographic key. An online storage medium refers to e.g. a storage medium that is connected to a communication network or a communication system, such as the Internet, and that is accessible through authentication. For example, the secure storage medium 201 may comprise an off-line part and an online part. The secure storage medium 201 is a storage medium that is secure against tampering, unauthorized access to the cryptographic key, and that minimizes the risk of theft of the cryptographic asset. An off-line storage medium refers to a storage medium that is not or not permanently connected to a communication network or a communication system, such as the Internet. An off-device storage medium relates to a physical storage medium that is not comprised in an electronic device. In an example, an off-line storage medium is a physical entity, such as a piece of material, such as a piece of paper, or a bar, rod, coin and the like. Different materials like metal, plastics etc can be used for the off-line medium. Although the off-line medium is a just vessel and can contain a cryptographic asset of any value, different materials or forms and shapes can be used to generally indicate different cryptographic assets or assets of different values.

A cryptographic asset or a cryptographic key controlling the asset is stored in or on the secure storage medium 201 , either in digital form and/or in a physical form. A public portion of the cryptographic asset is stored in or on the secure storage medium 201 in an accessible way that is, the public portion is retrievable without irreversible modifying secure storage medium 201. For example, the public portion or the public key is imprinted engraved or otherwise arranged on an outer surface of the secure storage medium 201. Hence, the public key is visible and can easily be read. The

corresponding private portion is, in contrast thereto, not visible or in any way retrievable from the secure storage medium 201 without permanently and irreversible modifying the secure storage medium. For example, the secure storage medium 201 can comprise a seal or tamper band, which needs to be broken before the private key can be accessed. In another example, the secure storage medium is a metal rod. The public key is engraved on the outside of the rod, easily accessible; the private key is imprinted or engraved on an inner surface of the rod. To access and read the private key, the rod needs to be split open, tampering the rod permanently. In an alternative embodiment, light or any other tool required to read the private key may cause a visible chemical or physical irreversible reaction. A plurality of secure storage medium may be produced at one time and then associated with respective cryptographic assets. In addition a plurality of secure storage medium can be collected and stored in a physical vault or safe. Such vault comprises protection means against theft or damage of its content. The Vault is configured to store a plurality of secure storage medium for a pre-specified period, which may depend on the nature of the secure storage medium. For example, if paper or any other degradable material is used as a secure storage medium, the vault needs to maintain certain environmental condition.

The apparatus 101 or the system 100 may store a cryptographic asset or a

cryptographic key controlling the asset in a secure storage medium 201 that is in digital form and/or in a physical form (such as a metal bar). In one or more embodiments, the secure storage medium 201 may comprise a storage medium that is configurable to switch partially or totally between online storage medium and off-line storage medium. For example, the settlement system may comprise a first part of secure storage mediums that are online and a second part of storage mediums that are off-line and/or off-device.

Fig. 3 a-c schematically illustrates exemplary methods 300 for enabling settlement of one or more transactions according to this disclosure. Fig. 3a shows exemplary methods 300 for enabling a settlement of one or more transactions of one or more cryptographic assets between users selected from a user set. Each user from the user set is assigned a user identifier. The cryptographic asset is controlled by a

cryptographic key. The method 300 may be performed in an apparatus 101 for enabling settlement of a transaction. The method 300 comprises obtaining S1 a register comprising one or more entries, each entry comprising a cryptographic asset value and a user identifier. Obtaining S1 a register comprises obtaining a register from a memory unit 104 or from a remote data storage, such as obtaining a register to be filled with entries.

The method 300 comprises receiving S2 an instruction to settle at least one of the one or more transactions. The at least one transaction comprises transaction information including a cryptographic asset value to be settled, a receiver user identifier and a sender user identifier. Receiving S2 an instruction to settle at least one of the one or more transactions comprises receiving one or more instructions from one or more users of the user set.

The method 300 comprises applying S3 to the one or more transactions a mapping based on an optimization criterion to obtain one or more mapped transactions. The one or more mapped transactions comprise mapped transaction information including one or more mapped cryptographic asset values to be settled, one or more mapped receiver user identifiers and one or more mapped sender user identifiers. The mapping based on an optimization criterion may comprises a function or an algorithm taking as input the transaction to be performed according to the received instruction and outputs mapped transactions, such as optimally redirected transactions.

In one or more embodiments, applying S3 comprises combining S31 input transaction to a user with output transaction from the user across the one or more transactions in order to minimize a number of transactions to be performed. The mapping based on an optimization criterion may comprise a function or an algorithm wherein the criterion to be optimized comprises the overall number of ongoing transactions to be minimized. Applying S3 may comprise balancing input transaction to a user identifier with output transaction from the user identifier across user identifier or entries having one or more ongoing transactions. In other words, applying S3 may comprise netting out inflow and outflow transaction related to a user identifier, for user identifiers having one or more ongoing transactions. For example, applying S3 results in bilateral netting and/or multilateral netting of the transactions. This may result in a reduced number of overall transactions to be performed by the apparatus 101 by redirecting mapped transaction from mapped sender user identifier to mapped receiver user identifier. The method 300 comprises determining S4 in the register the one or more entries that comprise the one or more mapped sender user identifiers and one or more

cryptographic asset values exceeding or amounting to the mapped cryptographic asset value to be settled. In other words, the method 300 determines if there is sufficient cryptographic asset value in the sender user's entries, such as in the sender user's account to enable the transaction of the cryptographic asset value to be settled from the sender user to receiver user. When it is not determined that the one or more entries that comprise the one or more mapped sender user identifiers and one or more cryptographic asset values exceeding or amounting to the mapped cryptographic asset value to be settled, then then method 300 is exited.

The method 300 comprises modifying S5 each of the determined one or more entries by replacing the mapped sender user identifier of each determined entry with the mapped receiver user identifier in accordance with the mapped transactions, to thereby settle the one or more transactions. The register comprising the modified entries may then reflect post-settlement balances of each entry, or of each user identifier, or of each user member of the settlement system 100. Step S5 of modifying may be performed at the same time for the determined entries.

In one or more embodiments, the method 300 comprises determining S6 whether the one or more entries that comprise the sender user identifier comprise one or more cryptographic asset values exceeding or amounting to the cryptographic asset value to be settled. When it is determined that the one or more entries comprise one or more cryptographic asset values amounting to the cryptographic asset value to be settled, the method 300 comprises modifying S7 the user identifier of the one or more entries from the sender user identifier to the receiver user identifier, in order to settle the at least one transaction.

In one or more embodiments, the method 300 comprises when it is determined that the one or more entries that comprise the sender user identifier comprise one or more cryptographic asset values exceeding the cryptographic asset value to be settled, the method 300 comprises identifying S8 one or more entries that comprise the user identifier different from the sender user identifier and one or more cryptographic asset values satisfying a conversion criterion. The conversion criterion may refer to a criterion that an exceeding part of the one or more cryptographic asset values remains assigned to the sender user identifier. The method 300 comprises performing S9 a transaction between the identified one or more entries and the corresponding one or more determined entries. Performing S9 comprises modifying the user identifiers

accordingly. For example, this is similar to obtaining change for a bill (e.g. an asset of value 100) into smaller denominations so as to perform a transaction of an asset value smaller (e.g. 80) than the asset value (e.g. 100) in possession of a sender user. The apparatus finds another user entry satisfying the conversion criterion (e.g. having change for an asset of value 50 and 5 assets of value 10 each) and exchanges the user identifier of the identified entries (e.g. the asset of value 50 and 5 assets of value 10 each) with the user identifier of the corresponding determined entries of the sender user (e.g. indicative of the asset of value 100) and vice versa. This way, the transaction of e.g. 80 can be performed directly and the exceeding part 20 remains assigned to the sender user.

In one or more embodiments, obtaining S1 a register comprises receiving S11 the cryptographic asset, the cryptographic asset comprising the cryptographic asset value, such as receiving from a user 120, 121 , 122. Obtaining S1 a register comprises obtaining S12 the user identifier for the cryptographic asset. Obtaining S12 the user identifier for the cryptographic asset comprises generating the user identifier upon reception of the cryptographic asset, or assigning an existing user identifier upon reception of the cryptographic asset if the user is authenticated as an existing user. Obtaining S1 a register comprises itemizing S13 the cryptographic asset value according to a distribution function. The distribution function may be based on a plurality of arbitrary units, and/or a total number N of user identifiers in the register or in the system. The distribution function may be configured to achieve a target

cryptographic asset value distribution that provides in the register at least N

cryptographic asset values itemized in each arbitrary unit. Additionally or alternatively, the distribution function may be configured to achieve a target cryptographic asset value distribution for each arbitrary unit that provides in the register at least N cryptographic asset values itemized for each arbitrary unit. Itemizing S13 the cryptographic asset value may comprise obtaining or generating cryptographic asset values divided in a plurality of arbitrary units, such as denominated in a plurality of arbitrary units. Itemizing S13 may comprise dividing or distributing the cryptographic asset value. Obtaining S1 a register comprises generating S14 one or more entries corresponding to one or more parts of the itemized cryptographic asset value. Each entry comprises a part of the itemized cryptographic value, and the user identifier.

Obtaining S1 a register comprises adding S15 the one or more generated entries to the register. Obtaining S1 a register may comprise storing the register with the generated entries in the memory unit 104 or a remote data storage unit. Fig. 3b shows an exemplary method 300 where itemizing S13 the cryptographic asset value comprises various steps. Itemizing S13 the cryptographic asset value comprises generating S13a one or more key pairs for the part of the itemized cryptographic asset value, each key pair including a private key and a public key. The one or more private keys configured to control the part of the itemized cryptographic asset value are used as the cryptographic key controlling the part of the itemized cryptographic asset value. Itemizing S13 the cryptographic asset value comprises assigning S13b the one or more generated key pairs to the part of the itemized cryptographic asset value.

In one or more embodiments, assigning S13b the one or more generated key pairs to the part of the itemized cryptographic asset value comprises initiating a transaction of the part of the itemized cryptographic asset value to the generated asset identifier over a network of validating nodes. When a plurality of key pairs are assigned to the part of the itemized cryptographic asset value, a multi-signature scheme (such as an n-of-m multi-signature scheme) may be used to initiate a transaction over a blockchain.

Itemizing S13 the cryptographic asset value comprises generating S13c an asset identifier based on the public key. The asset identifier refers to e.g. an address, such as an address for receiving crypto assets. Generating S13c an asset identifier based on the public key may comprise computing a hash value (with e.g. SHA- 256+RIPEMD160) based on the public key. Itemizing S13 the cryptographic asset value comprises assigning S13d the generated asset identifier to the part of the itemized cryptographic asset value. For example, the apparatus 101 initiates a transaction of the part of the itemized cryptographic asset value to the generated asset identifier over a network of validating nodes, such as over a block-chain. This may result in a validation of the generated keys.

Itemizing S13 the cryptographic asset value comprises storing S13e the one or more key pairs in a secure storage medium corresponding to the part of the itemized cryptographic asset value.

In one or more embodiments, the entry comprises the asset identifier, the one or more public key and/or a unique counter. For example, each entry of the register may comprise the asset identifier, the one or more public key and/or a unique counter.

Fig. 3c shows an exemplary method 300. The method 300 comprises computing S9 an ownership proof based on the user identifier. In one or more embodiments, computing S9 the ownership proof based on the user identifier comprises computing S9a a hash value based on the user identifier, the asset identifier, a unique counter and a secret. Additionally or alternatively, computing S9 the ownership proof based on the user identifier comprises encrypting S9b with a public key of the owner the user identifier, the asset identifier, and the unique counter. The secret may be a password, known also to the user.

In one or more embodiments, the unique counter comprises a timestamp, a sequence number and /or a nonce.

In one or more embodiments, the method 300 comprises generating S10 a public register by replacing in the register for each entry the user identifier by the ownership proof; and communicating S11 the public register. Communicating S11 the public register may comprise appending S11 a a hash value of a previous public register, and/or appending S22b a digitally signed previous public register.

In one or more embodiments, the method 300 comprises digitally signing the public register.

Fig. 4 schematically illustrates exemplary methods 400 for producing a secure storage medium according to this disclosure. Method 400 is for producing a secure storage medium for a cryptographic key controlling a cryptographic asset, such as secure storage medium 201. Method 400 may be performed in an enclosed and controlled environment. The method 400 comprises generating S40 a key pair including a public key and a private key, such as a public key and a private of a public-private key pair of a public key cryptosystem. Generating S40 may be performed in a secure off-line environment to prevent eaves-dropping or other approaches to acquire knowledge of the key pair.

The method 400 comprises storing S41 the key pair on or in the secure storage medium 201 , such as imprinting the key on the secure storage medium 201 , such as engraving the key on the secure storage medium 201. Storing S41 on or in the secure storage medium comprises storing the public key in such way that it can be read retrieved or otherwise accessed without modifying the secure storage medium.

The method may comprise storing an asset identifier on the secure storage medium 201. The method 400 comprises verifying S42 that the stored key pair corresponds to the generated key pair, so that the stored key pair matches the generated key pair, with zero failure. The method 400 comprises sealing S43 a part of the secure storage medium comprising the private key. In other words sealing S43 renders the private key or processes the secure storage medium in such way that the private key can no longer be read, retrieved or otherwise accessed without modifying the secure storage medium. If the verifying step is omitted or included in the storing step, then the storing step S41 may already comprise storing the private key in such way that it cannot be read retrieved or otherwise accessed without modifying the secure storage medium after said step has been completed.

Sealing S43 or Storing S41 the private key may be performed with a tamper proof technology or by masking the part of the secure storage medium comprising the private key using techniques that prevent visual detection (e.g. that prevent use of X-ray technology to visual detection). The method 400 may comprise adding the produced secure storage medium into the register, i.e. entering the asset identifier, user identifier, cryptographic asset value corresponding to the secure storage medium. Finally (and not shown here), a plurality of such secure storage medium may be placed in a physical vault, safe or otherwise be protected from access by unauthorised persons.

Fig. 5 schematically illustrates exemplary methods 500 for examining a cryptographic key according to this disclosure. The cryptographic key controls a cryptographic asset. The method 500 comprises generating S50 a seed number. The seed number may comprise a hash value of a previous public register. The method 500 comprises generating S51 a selection number based on the seed number. Generating S51 a selection number based on the seed number may comprise inputting S51 a the seed number into a deterministic function. This provides robustness against any party trying to circumvent the examining by having one or more cryptographic keys that are known by the party as showing a positive proof of control of the crypto asset and (always) selecting one of such cryptographic keys to show the positive proof of control. The deterministic function may comprise a deterministic random number generator. The method 500 comprises selecting S52 an entry in a register based on the selection number. The method 500 comprises obtaining S53 the cryptographic key

corresponding to the selected entry. Obtaining S53 the cryptographic key

corresponding to the selected entry may comprise obtaining S53a a secure storage medium 201 and unsealing S53b the sealed part of the secure storage medium 201 comprising the private key. The method 500 comprises performing S54 a transaction of the cryptographic asset to an empty entry of the register using the obtained cryptographic key. Performing S54 a transaction of the cryptographic asset to an empty entry of the register using the obtained cryptographic key may comprise digitally signing S54a the transaction with the cryptographic key. Additionally, performing S54 a transaction of the cryptographic asset to an empty entry of the register using the obtained cryptographic key may comprise initiating the transaction over a network of validating nodes (e.g. over a blockchain).

The method 500 may be performed in a settlement apparatus, a settlement system, and/or in an examining apparatus. The present disclosure relates to an apparatus configured to perform any of the steps of method 500. The present disclosure relates to an apparatus configured to perform any of the steps of method 500.

It should be appreciated that Fig. 1-5 comprises some modules or operations which are illustrated with a darker border and some operations which are illustrated with a dashed border. The modules or operations which are comprised in a darker border are modules or operations which are comprised in the broadest example embodiment. The modules or operations which are comprised in a dashed border are example embodiments which may be comprised in, or a part of, or are further modules or operations which may be taken in addition to the modules or operations of the darker border example embodiments. It should be appreciated that these operations need not be performed in order. Furthermore, it should be appreciated that not all of the operations need to be performed. The example operations may be performed in any order and in any combination.

It should be appreciated that the example operations of Fig. 3a-c, Fig. 4, Fig. 5 may be performed simultaneously for any number of settlement apparatus or system.

Aspects of the disclosure are described with reference to the drawings, e.g., block diagrams and/or flowcharts. It is understood that several entities in the drawings, e.g., blocks of the block diagrams, and also combinations of entities in the drawings, can be implemented by computer program instructions. Such computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer and/or other programmable data processing apparatus to produce a machine.

In some implementations and according to some aspects of the disclosure, the functions or steps noted in the blocks can occur out of the order noted in the operational illustrations. For example, two blocks shown in succession can in fact be executed substantially concurrently or the blocks can sometimes be executed in the reverse order, depending upon the functionality/acts involved. Also, the functions or steps noted in the blocks can according to some aspects of the disclosure be executed continuously in a loop.

It should be noted that the word "comprising" does not necessarily exclude the presence of other elements or steps than those listed and the words "a" or "an" preceding an element do not exclude the presence of a plurality of such elements. It should further be noted that any reference signs do not limit the scope of the claims, that the example embodiments may be implemented at least in part by means of both hardware and software, and that several "means", "units" or "devices" may be represented by the same item of hardware.

The various example embodiments described herein are described in the general context of method steps or processes, which may be implemented in one aspect by a computer program product, embodied in a computer-readable medium, including computer-executable instructions, such as program code, executed by computers in networked environments. A computer-readable medium may include removable and non-removable storage devices including, but not limited to, Read Only Memory (ROM), Random Access Memory (RAM), compact discs (CDs), digital versatile discs (DVD), etc. Generally, program modules may include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Computer-executable instructions, associated data structures, and program modules represent examples of program code for executing steps of the methods disclosed herein. The particular sequence of such executable instructions or associated data structures represents examples of corresponding acts for

implementing the functions described in such steps or processes.

In the drawings and specification, there have been disclosed exemplary embodiments. However, many variations and modifications can be made to these embodiments. Accordingly, although specific terms are employed, they are used in a generic and descriptive sense only and not for purposes of limitation, the scope of the embodiments being defined by the following claims.

Although particular features have been shown and described, it will be understood that they are not intended to limit the claimed invention, and it will be made obvious to those skilled in the art that various changes and modifications may be made without departing from the principle of the present disclosure. The specification and drawings are, accordingly to be regarded in an illustrative rather than restrictive sense. The present disclosure is intended to cover all alternatives, modifications and equivalents.