Towards a Public Key Management Framework for Virtual Assets and Virtual Asset Service Providers
This work tackles compliance and security challenges for VASPs in implementing the FATF Travel Rule, but it appears incremental as it builds on existing standards and concepts.
The paper addresses the need for secure communication of originator and beneficiary information between Virtual Asset Service Providers (VASPs) as required by FATF Recommendations, proposing a trust network framework to exchange key ownership evidence while maintaining privacy.
The recent FATF Recommendations defines virtual assets and virtual assets service providers (VASP), and requires under the Travel Rule that originating VASPs obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers. In this paper we discuss the notion of key ownership evidence as a core part of originator and beneficiary information required by the FATF Recommendation. We discuss approaches to securely communicate the originator and beneficiary information between VASPs, and review existing standards for public key certificates as applied to VASPs and virtual asset transfers. We propose the notion of a trust network of VASPs in which originator and beneficiary information, including key ownership information, can be exchanged securely while observing individual privacy requirements.