Frequently-Asked Questions

Q. What is Secure Receipt Wallet?

Answer:

Secure Receipt Wallet is world’s first and only end-to-end encrypted tamper-resistant smart receipts and anonymously-individualized loyalty management & marketing platform backed with multiple patents (2019100146 and 2019100775). Secure Receipt Wallet includes a suite of products for different stakeholders involved in the issuance and reception of receipts in an anonymous and secure manner, facilitating full GDPR compliance for you and your business.

  •  For end-users and buyers, we have a range of mobile apps for Android, iOS and Universal Windows Platform (UWP)
  •  For Point-Of-Sale (POS) or accounting/book keeping systems developers or for those businesses with dedicated IT/ICT capabilities, we have a range of Software Development Kits (SDKs) and Application Programming Interfaces (APIs) through our Developer’s Portal that facilitate the issuance and transfer of end-to-end encrypted receipts using the patented Secure Receipt Transfer Protocol
  • For independent or small businesses with legacy POS systems, we provide “Secure Receipt Wallet CloudConnect Agent”. Based on a patented idea, the CloudConnect Agent extracts receipt data from such legacy POS systems and adds capabilities to them to issue end-to-end encrypted smart receipts and directly deliver them to buyers, eliminating one of the biggest blocks against receipt digitization (i.e. legacy systems integration hassles)
  •  For all issuers of receipts, we provide “Receipt Issuer’s Portal” which is a web-based system that allows businesses to extract meaningful insights from their issued receipts and create loyalty management and marketing campaigns.
    One of the most novel aspects of our product suite is that via anonymous digital signatures, the Secure Receipt Transfer Protocol makes possible for a receipt recipient to sign all the receipts they receive from the same receipt issuer with the same one-way transaction marker. This novel outcome has a number of benefits, including that
    • the seller will not be able to know the identity of the buyer,
    • even Secure Receipt Wallet will not be able to know who the buyer of a receipt despite being in the position of the intermediary between receipt issuers and recipients,
    • with all receipts received by the same recipient being marked with the same marker, the receipt issuer will be able to bundle and group receipts without knowing the identity of the recipient of the receipt
    • bundling and grouping allows the issuer to extract insights from their raw sales data (e.g. whether different items have been bought together or whether there are patterns between sales items
    •  all these have become possible without ANY data processing on our back-end servers hence the end-to-end encrypted nature of the data we transfer between issuers and recipients

Q. Why does Secure Receipt Wallet exist?

Answer:

At Secure Receipt Wallet, we exist because we LOVE trees and we hate to see millions of them being killed and turned into paper receipts every year. However, we also LOVE humans and especially, we LOVE to protect OUR privacy and anonymity.

See, everything about turning live trees into paper receipts is absolutely WRONG but you have to realize that there is ONE value out of this very wrong thing that no one seems to be appreciating enough: The fact that trees are giving away their lives by being turned into receipts has resulted in you enjoying the liberty to go to your favourite shop, buy things and receive your receipts without being identified or worrying that someone in between can know all about your purchase history and use the data to benefit or even to know things about you without your knowledge and consent.

We have seen the emergence of some companies trying to solve the receipts problems (some of whom happen to be backed by some banks) but TOTALLY, maybe intentionally or unintentionally, missing the implications behind the idea of digital receipts, especially in a world of the likes of Cambridge Analytica and General Data Protection Regulation (GDPR). The outcome is the same though. With their products, you will LOSE your privacy and anonymity and you have to “trust” them if you think you are not losing it.

If someone asks what the “core” of Secure Receipt Wallet as a business is, or “why” it exists, or, what is the “theory of business” for Secure Receipt Wallet, we would simply answer “to save the tress and people’s privacy and anonymity at the same time”, in other words, “to get the receipts done right”, and for that, we possess the unique competencies that differentiate us from others.

We have set the industry standard in creating end-to-end encrypted systems and we are 100% confident that our rivals and competitors will switch to our products the second they realize what we have done to make all of this possible!

We have totally eliminated the need for you to trust an intermediary who may have access to your purchase history; all you need to trust is proven cryptography science that is the foundation of information security on the plant at this point in time. With our platform, no one except you can ever know the contents of the receipts that you have received, hence preserving your privacy and anonymity as you are enjoying with paper receipts.

Q: Who are Secure Receipt Wallet customers?

Answer:

Any business or entity issuing receipts or trying to run effective loyalty management and marketing can use Secure Receipt Wallet to reach their sales/marketing goals while also contributing to the higher goal of saving trees from being turned into paper receipts.

Through our suite of products, our end users who use our mobile apps to receive their receipts and their individualized offers enjoy unmatched security, privacy and anonymity, just like paper receipts knowing that they will not provide any details when receiving receipts and that their purchase history remains available ONLY to them, not even to Secure Receipt Wallet, nor to the sellers thanks to the end-to-end encrypted transfer and storage of receipts.

Q. You cannot know the contents of the end-to-end encrypted receipts you transfer to buyers, right? How come you can help businesses make sense of their data and reach customers with individualized loyalty management and marketing?

Answer:

This is probably the best question one can ask and can be framed as the “anonymity-individualization paradox”. In a practical example, if one is supposed to give you an individualized offer, say because you have bought 10 items from a seller, then they should know this fact about you that you have bought 10 items so that they can give you an individualized offer, right? If there remains no way for them to know that (e.g. because the data is unreadable by them), then how can they give you this individualized offer? In other words, if the buyer remain anonymous to the world, how can offers for them be individualized by the world?

The truth is that proving theories or statements about encrypted data (e.g. whether you have bought an item or not) has a long history and rich literature. Techniques like Zero-Knowledge Proofs, Ring Signatures and Bullet Proofs are being actively expanded in the field of blockchain and cryptocurrencies in the context of anonymous transaction proofs but they are all mechanisms of proving statements about encrypted data useful in a public setting.

We are the first company to solve this paradox, using a method that does not involve ANY server-side or public domain processing of your encrypted data. What this means is that your receipts get encrypted before leaving the seller’s premises and is delivered directly to your phone where the history of your purchases is securely stored using encryption keys that are stored in the hardware-backed keychain storage of your device, and are encrypted at rest.

This has become possible through our new patented concepts: Anonymous Transaction Markers and Signatures, Abstract Anonymous loyalty Management and Marketing Rules, and, client-side Offer Mining

Briefly, when a receipt is received by our apps, the app marks and signs the issuer’s copy of the receipt in an anonymous way in such a way that a) even we, Secure Receipt Wallet, can never know who the buyer in a transaction is and, b) all receipts received by the same recipient from the same issuer get marked with the same identifier while also being signed thru our anonymous digital signatures, used for proof of purchase at later stages.

Businesses then publicize a set of Abstract Anonymous Loyalty Management and Marketing Rules like “whoever buys 5 items in a month, can receive the 6th with a 10% discount”. These abstract rules get broadcast to all buyers through our mobile apps. The mobile app, WITHOUT sending anything out of your secure receipt wallet, then “pulls” these abstract rules from our servers and then applies them to your purchase history at real-time in client side, using the processing power and resources of your own phone without any server-side processing or handling of information. This means that nothing about your purchase history is ever revealed to anyone. This “rule applicability process” is called “offer mining” which results in a set of uniquely individualized offers that may be applicable to you and you only, without you revealing your purchase history to anyone.

This paradigm is designed and proposed by Secure Receipt Wallet for the first time in the world.

Q. What is end-to-end encryption?

Answer:

End-to-end encryption (E2EE) is a paradigm with which data gets encrypted and decrypted at both ends of a data transfer transaction in such a way that it becomes impossible for the intermediary who transfers the data to know what the contents of the data are. This paradigm has been widely used (and popularized by) instant messaging products (e.g. Signal Secure Messenger, WhatsApp and others). For the first time in the world, Secure Receipt Wallet has designed an end-to-end encryption and transfer protocol for receipts that brings the end-to-end encryption paradigm to the world of smart digital receipts.

Q. What are Abstract Anonymous Loyalty Management and Marketing Rules?

Answer:

Our patented idea around Abstract Anonymous Loyalty Management and Marketing Rules is one of the core foundations of enabling businesses to use their receipt data to reward their customers and reach new customers without needing to know the identity of their customers.

These rules are Abstract and Anonymous and they define conditions under which an offer or deals becomes available to a customer without including their identity in the calculations, like the examples below:

  1.  Rule 1:
    Anyone can receive a 5% discount in their next purchase until 30-6-19”.
  2.  Rule 2:
    For those who have purchased Item X 10 times in the last year, they can receive a 15% discount in their next purchase of Item X, only once, until 30-6-19 ”.
  3.  Rule 3:
    For purchases between 1-7-18 to 1-8-18, OR, in the recent 45 days, those who have purchased (Item X, AND, Item Y) OR (Item A, AND, Item B) can receive a 10% discount with their next purchase until 30-6-19 ”.

There is nothing private about these rules and they can be freely publicized by any business. Once, downloaded and analysed against a local purchase history dataset using a rule engine, if the dataset fulfills these rules, then offers and deals are “generated” against the local dataset without any communication to external servers or bodies hence “mining” individualized offers against public rules using local private data becomes a possibility.

Q. What is “Offer Mining”?

Answer:

Our patented idea around Offer Mining is one of the core foundations of enabling businesses to use their receipt data to reward their customers and reach new customers without needing to know the identity of their customers.

At the core, Offer Mining is proposed upon the fact that a privately-owned dataset, which is securely stored and encrypted at rest, can be analysed at client side against a set of public rules, without “sending” any information out, to mine, generate or deduct the applicability of such rules to the secure and private dataset. This process can lead to the creation or mining of “rule applicability cases” that do not require any server-side communication hence preserving the privacy and security of the private dataset. We have called this process “Offer Mining”.

Businesses using Secure Receipt Wallet publicize their Abstract Anonymous Loyalty Management and Marketing Rules (e.g. “ Anyone who has purchased ItemX 5 times, can receive a 5% discount in their next purchase of ItemX ”). These rules are downloaded by our mobile apps and their applicability to the user’s purchase history is analysed using a local client-side rule engine without any server-side or public domain processing. Rules that are fulfilled by the dataset then are listed by our apps as “mined offers” and users can view or search them freely without their private purchase history revealed to anyone.

Q. What is a user's “Master Key” in Issuer's Portal?

Answer:

Each user in Issuer's Portal owns a master key which is generated upon the first time they log into the portal, which we have called a 'Master Key'. The generation of this key, which is a 2048-bit RSA key, is carried at client side. Secure Receipt Wallet does not hold the private component of the master key! This key is used to perform end-to-end encryption for the data that Issuer's Portal handles. In other words, using this key assures that Secure Receipt Wallet will not be able to know what the contents of Issuer's data in Issuer's Portal are hence assuring its Zero Knowledge over the data even for the web-based portal receipt issuers use.

Q. How is the “Master Key” belonging to a user in Issuer's Portal saved and handled?

Answer:

Each user in Issuer's Portal owns a master key which is generated upon the first time they log into the portal which we have named a 'Master Key'. The generation of this key, which is a 2048-bit RSA key, is carried at client side. Secure Receipt Wallet does not hold the private component of the master key! This key is used to perform end-to-end encryption for the data that Issuer's Portal handles. In other words, using this key assures that Secure Receipt Wallet will not be able to know what the contents of Issuer's data in Issuer's Portal are hence assuring its Zero Knowledge over the data even for the web-based portal receipt issuers use.

Q. My instance of 'Secure Receipt Wallet CloudConnect Agent' shows me a warning about 'processing engine needing training'. What is the message about?

Answer:

Secure Receipt Wallet CloudConnect Agent's receipt text extraction engine uses custom configuration to extract receipt data during the printing process. For this to work, it needs to be trained. The training process is necessary after the initial installation, or every time that the engine fails to extract receipt data correctly. By including a receipt in the training process, the structure of the receipt is analyzed and configuration is updated for a receipt issuer within 24 hours after the training data is updated.

Q. What is Issuer's Digital Signature?

Answer:

Secure Receipt Wallet uses a range of digital signatures in its operation for a range of reasons. When an issuer issues a receipt, it signs the contents of the receipt using its currently-active identity key (whose ID is also included in each receipt under Digital Signature Key ID). The signature assures tamper-resistance of the receipt and can be used to verify the receipt has genuinely been issued by the relevant issuer. If an issuer, re-registers a POS station, the previous public key of the POS station will still remain on the server to help with the verification of previously-issued receipts with older identity keys. The installation process will lead to a new key being generated and the Digital Signature Key ID to increment.

Q. What is Recipient's Digital Signature?

Answer:

Secure Receipt Wallet uses a range of digital signatures in its operation for a range of reasons. Upon receiving a receipt, the recipient also signs a combination of ID and timestamp of a receipt using a private key only shared between issuer and the recipient, as a private transaction singing key. As a result, during the transfer of receipt, the recipient also signs the reception of the receipt in an anonymous way. Since Secure Receipt Wallet and the issuer have zero knowledge over the identity of the recipient, this signature remains the only mechanism for the recipient to prove purchase at later stages by providing the same keys used to generate the signature in an interactive way.

Q. What is Recipient's Transaction Marker?

Answer:

When a recipient receives a receipt, a random private transaction marker is either generated (if the recipient is receiving the first receipt from an issuer), or, re-used (if it is not the first transaction between the recipient and issuer). The transaction marker can only be known to the issuer and recipient (not Secure Receipt Wallet) since its generation depends upon private keys that are not shared with Secure Receipt Wallet. These markers are then used to mark the transaction for the issuer. Having them helps the issuer bundle sale transactions and group them by the same buyer in an anonymous way. This is the key to extract extra intelligence from sales data and be able to slice and dice the data for the purpose of marketing and loyalty management, all in a zero-knowledge fashion against Secure Receipt Wallet.

Q. What is Transfer Request Signature?

Answer:

When a receipt issuer issues a receipt in the issuer-initiated mode, they create a Transfer Request Signature and inform an anonymous recipient of the fact that there is a receipt for them to be delivered. The Transfer Request Signature is then signed by the current identity key of the POS station generating it hence helping the recipient to verify that the Transfer Request Signature is genuinely created by the right POS station of the right issuer.