	US 11,941,626 B2
	System and method for associating a cryptocurrency address to a user
Yuval Altman, Herzliya Pituach (IL); Yitshak Yishay, Revava (IL); Yaron Gvili, Kefar Saba (IL); and Hodaya Shabtay, Bnei Brak (IL)
Assigned to COGNYTE TECHNOLOGIES ISRAEL LTD., (IL)
Filed by VERINT SYSTEMS LTD., Herzliya Pituach (IL)
Filed on Feb. 19, 2021, as Appl. No. 17/179,770.
Claims priority of application No. 272861 (IL), filed on Feb. 23, 2020.
Prior Publication US 2021/0264421 A1, Aug. 26, 2021
Int. Cl. G06Q 20/40 (2012.01); G06Q 20/36 (2012.01); H04L 9/40 (2022.01)

CPC G06Q 20/401 (2013.01) [G06Q 20/3674 (2013.01); G06Q 2220/00 (2013.01); H04L 63/0428 (2013.01); H04L 63/1408 (2013.01)]

9 Claims

2. A system, comprising:

a communication interface; and

a processor, configured to:

perform one or more probing transactions, in which respective amounts of a cryptocurrency are transferred to one or more cryptocurrency addresses of interest,

monitor, via the communication interface, communication traffic exchanged by the one or more cryptocurrency addresses of interest with one or more Internet Protocol (IP) addresses,

ascertain, based on monitored communication traffic, that at least one of the one or more probing transactions was downloaded to a particular one IP address of the one or more IP addresses by at least one of the following:

computing an expected download size of the at least one of the one or more probing transactions, ascertaining that a difference between (i) a download size of a sequence of one or more encrypted packets downloaded to the particular one of the IP addresses and (ii) the expected download size, is within a predefined range, and in response to ascertaining that the difference is within the predefined range, ascertaining that the at least one of the one or more probing transactions was downloaded to the particular one of the IP addresses by virtue of the sequence specifying the at least one of the one or more probing transactions;

using an encrypted-packet classifier, ascertaining that the sequence of the one or more encrypted packets downloaded to the particular one of the IP addresses specifies a downloaded transaction in the cryptocurrency, and in response to ascertaining that the sequence specifies the downloaded transaction, ascertaining that the at least one of the one or more probing transactions was downloaded to the particular one of the IP addresses by virtue of the downloaded transaction being the at least one of the one or more probing transactions; or

subsequently to performing the at least one of the probing transactions, ascertaining that a first downloaded transaction in the cryptocurrency was downloaded to the particular one of the IP addresses and a second downloaded transaction in the cryptocurrency was downloaded to another IP address, ascertaining that another one of the probing transactions, in which some of the cryptocurrency is transferred to one of the cryptocurrency addresses that is different from the one or more cryptocurrency addresses of interest, was downloaded to the another IP addresses, and in response to ascertaining that the other one of the probing transactions was downloaded to the another IP addresses, ascertaining that the at least one of the probing transactions was downloaded to the particular one of the IP addresses, by virtue of the first downloaded transactions being the at least one of the probing transactions, and

generate, in response to the ascertaining, an output indicating an association between a cryptocurrency address of interest of the one or more cryptocurrency addresses and the particular one IP address of the one or more IP addresses.