Cogni is a financial technology company, not a bank. Wallet funds & digital tokens are not held at any bank and like all crypto currencies are not FDIC insured.
1.1. Non-Custodial Wallet
Cogni app is a universal platform that allows building solutions for storing and managing crypto assets. It is based on a secure multi-party computation protocol, which is used as a foundation of the off-chain multisig crypto wallet. This approach combines the benefits of custodial (when the user does not own the private keys) and non-custodial (when the user owns the private keys) crypto wallets. Also, Cogni app provides users with access to crypto liquidity, through the app, enabling customers to trade, store, spend digital assets, and connect to decentralized finance space in a regulatory-friendly and secure way.
1.2. Definitions and Abbreviations
Private key – a secret piece of data used to sign and/or decrypt messages in cryptographic algorithms.
Public key – a non-secret piece of data corresponding to a set private key and used to verify the signature and/or encrypt messages in cryptographic algorithms.
Partial private key – a secret piece of data used in conjunction with other partial private keys in distributed cryptographic algorithms.
Distributed (ephemeral) private key – a collective term used to describe a set of isolated partial private keys used in distributed cryptographic algorithms in order to generate a signature and/or decrypt a message as if said an ephemeral private key exists in one place. In practice, due to usage of SMPC algorithms, such keys are never reconstructed in any way.
Distributed (compound) public key – a collective term used to describe a public key corresponding to a set distributed private key. As public keys are not considered a secret data such keys are reconstructed during a synchronization procedure and used in various ways within the system. For example, a signature generated by a SMPC signing algorithm with a set of partial private keys is verifiable with a distributed public key corresponding to said partial private keys, and would be totally indistinguishable from a signature generated by a classical signing algorithm with a reconstructed ephemeral private key.
Secret – a piece of secret data owned by every participant of the SMPC algorithm and used to derive partial private keys used in those algorithms. Usage of secrets instead of plain partial private keys guarantees easier recoverability of multiple keys while maintaining security of individual keys for specific purposes.
User – the owner of the first isolated secret in a two-party distributed system. Usually the role of the user is taken by the end-user mobile or desktop application, where secret is generated autonomously upon account creation.
Service – the owner of the second isolated secret, in a two-party distributed system. Usually the role of the service is taken by the centralized server, where secret is generated autonomously upon account creation on the per-user basis.
2. General Description
2.1. Advantages
The ability to moderate user transactions provides multiple benefits for both the service, such as an opportunity to implement scoring, as well as to use anti-fraud mechanisms to provide the user with additional security. The moderation allows the implementation of the service in the form where the funds are regulated by the service, but without direct storage. Simultaneously, the end user receives the ability to obtain additional functionality that could only be available in scheme with funds being transferred to the service, as well as the functionality to restore full access to your crypto assets if the service is not Available.
2.2 System Components
2.2.1. Mobile application User-side mobile wallet application. Key functionality:
● Basic:
○ receive crypto assets (address generation)
○ transfer crypto assets (transaction signing)
○ display balance and operation history (interaction with block explorers)
● Additional:
○ Wallet Connect
○ Contacts
○ Portfolio (transactions amount in fiat equivalent)
○ generation of multiple addresses of a specific asset
○ backup of user key with QR code
○ backup of user key with anonymous biometrics
○ outgoing transaction limits
○ whitelist addresses
○ multi-factor authentication
○ joint wallets
● Integrations:
○ crypto-fiat and fiat-crypto swaps
○ cross-chain swap
○ onchain swap (ethereum and tokens)
○ DeFi
2.2.2. Cryptographic service Proprietary distributed transaction signature protocol based on Secure Multi-Party Computations and homomorphic encryption.
Generation and safekeeping of the Service’s secrets for each opened wallet. All operations with the Service’s secrets could be performed within Trusted Execution Environment (TEE)
Multifactor Users authorization and execution of security policies.
2.2.3. Guarantor takes responsibility for storing cross-encrypted secrets (both client-side and server-side) of every account for further recovery in case of system failure. The guarantor has no way to recover any of the secrets itself, however it can disclose an encrypted secret of the opposing party in case some present condition is met, for example the confirmed termination of the service.
2.2.4. Identification service Identification service could be deployed either on the Spatium side, or on any trusted 3-rd party (3-rd party custodian, Trustee, Insurer).
Key functionality:
Safekeeps the encrypted backups of the User’s secrets.
Ensures availability in case other parties fail.
Performs recovery of the User’s account.
The secret encryption could be based on the Server’s secret derivative or User’s face biometrics.
2.3. System functions
Below is the list of key functions of the system and a general description of the procedures underlying a particular function.
2.3.1. Registration Registration implies the creation of the account by the User in a cryptographic service, as well as the generation of a pair of secrets (for User and Service). During registration, the User specifies an email address and phone number (optional), confirms ownership via a one-time password, and creates a security pin or password. At the end of registration, he/she is invited to perform a backup.
2.3.2. Login
Login involves authentication of the User to a cryptographic service with an email address and/or phone number, a password, and restoration of a secret with a backup. If the User loses the password, he/she is offered to perform the recovery procedure. If one of the backup options is not available, the User is invited to choose another option. The User cannot log in without the backup.
2.3.3. Backup
Backup restores the User’s secret and is used to log in to the Wallet. Three backup options can be integrated upon the decision of the Service: paper backup (QR code), anonymous face biometrics (third party provider), guarantor (third party bank, or other independent company). The guarantor option becomes available after the User passes personal identification and requires the participation of three parties: a cryptographic service, the Service server, and a mobile application. Certain identification stages could be performed manually by the Service operator.
2.3.4. Wallet overview
Wallet overview provides detailed information about the current balance of each specific cryptocurrency, fiat balance, transaction history, exchange rates, and recommended commission values for a specific cryptocurrency. Data is provided in real time (with regular update intervals) from external sources.
Indemnity
You agree to defend, indemnify and hold harmless Cogni and its subsidiaries, agents, licensors, managers, and other affiliated companies, and their employees, contractors, agents, officers and directors, from and against any and all claims, damages, obligations, losses, liabilities, costs or debt, and expenses (including but not limited to attorney’s fees) arising from or related to: (i) your use of and access to the Service, including any data or content transmitted or received by you; (ii) your violation of any term of these Terms, including without limitation your breach of any of the representations and warranties above; (iii) your violation of any third-party right, including without limitation any right of privacy or intellectual property rights; (iv) your violation of any applicable law, rule or regulation; (v) User Content or any content that is submitted via your account including without limitation misleading, false, or inaccurate information; (vi) your negligent actions or willful misconduct; or (vii) any other party’s access and use of the Service with your unique username, password or other appropriate security code.
2.3.5. Receiving crypto
Receiving cryptocurrency means displaying the address of the selected currency wallet in text form and the form of a QR code, as well as allowing to copy the address to the clipboard or share it via available options provided by Android or iOS operating systems.
2.3.6. Sending crypto
Sending cryptocurrency involves filling in transaction data, distributing signing, and sending the transaction to the blockchain. The User is required to enter the passphrase and, in case the limits are exceeded, confirm the transaction by e-mail or SMS.
2.3.7. Crypto purchase
Buying cryptocurrency involves exchanging fiat for cryptocurrency through a third-party exchange service.
2.3.8. Selling crypto
Selling cryptocurrencies means that cryptocurrencies are exchanged for fiat through an exchange service. In the process, the transaction is signed in favor of the exchange service.
2.3.9. Fiat balance replenishment
Fiat balance replenishment implies that the data and forms required to transfer funds to a fiat wallet account using any of the supported methods are displayed for the User.
2.3.10. Fiat withdrawal Withdrawing fiat funds means displaying the data and forms required to transfer funds from a fiat account linked to the wallet with any of the supported methods.
2.3.11. Joint wallets Joint wallets represent crypto wallets owned by two users simultaneously. Such wallets function by performing SMPC protocol between two users instead of between a user and a service, based on secrets derived from the secrets of each user. Communication between users, along with storing account data and enforcing any transaction policies is still bound to crypto service, however distributed signing becomes completely decentralized. For the purpose of responsibility distribution one user is impersonated as an investor (owner of assets) and the other as a manager (a person offering expertise at investing).
2.3.12 Content Ownership, Responsibility and Removal
For purposes of these Terms: (i) “Content” means text, graphics, images, music, software, audio, video, works of authorship of any kind, and information or other materials that are posted, generated, provided or otherwise made available through the Services; and (ii) “User Content” means any Content that Account holders (including you) make available through the Services. Content includes without limitation User Content..We do not claim any ownership rights in any User Content and nothing in these Terms will be deemed to restrict any rights that you may have to use and exploit your User Content.
Subject to the foregoing, Cogni and its licensors exclusively own all right, title and interest in and to the Services and Content, including all associated intellectual property rights. You acknowledge that the Services and Content are protected by copyright, trademark, and other laws of the United States and foreign countries. You agree not to remove, alter or obscure any copyright, trademark, service mark or other proprietary rights notices incorporated in or accompanying the Services or Content.
Rights in User Content Granted by You
In order to operate and provide our Services, you grant us a worldwide, non-exclusive, royalty-free, sublicensable, and transferable license to use, copy, distribute, create derivative works of, display, and perform the User Content that you upload, submit, store, send, or receive on the App or through our Services. The rights you grant in this license are for the limited purpose of operating and providing our Services. Additional information about your privacy and how we use User Content is available in the Privacy Policy.
You warrant and represent that you have the right and authority to submit your User Content and that the User Content or any part thereof does not infringe the intellectual property rights or any other rights of any third party.
You acknowledge that, in certain instances, where you have removed your User Content by specifically deleting it, some of your User Content (such as posts or comments you make) may not be completely removed and copies of your User Content may continue to exist on the Services. We are not responsible or liable for the removal or deletion of (or the failure to remove or delete) any of your User Content.
Rights in Content Granted by Cogni
Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, non-sublicensable license to download, view, copy, display and print the Content solely in connection with your permitted use of the Services.
Rights in App, Site and Services Granted by Cogni
The App, Site and Services are proprietary to Cogni and its licensors and must not be used other than strictly in accordance with these Terms. Cogni grants to you a limited, non-exclusive, non-transferable, non-sublicensable right to use the App and Site for the purposes of accessing and using the Services in accordance with these Terms.
Fees
We may charge fees for some or part of the Services we make available to you. We reserve the right to change those fees at our discretion with notice. We will disclose the amount of fees we will charge you for the applicable Service at the time that you access the Service.
You may incur charges from third parties for use of linked services. For example, you may be charged fees via the Dapps and/or DEXs that you may access via the App. You may also be charged fees by Cogni, Inc. if you elect to link the Wallet App to your Cogni account and transact in your Cogni account. Third party fees are not charged by Cogni and are not paid to Cogni.
Acceptable Use and Cogni Wallet Holding’s Enforcement Rights
* You agree not to use the Services in ways that:
* Violate, misappropriate, or infringe the rights of Cogni, our users, or others, including privacy, publicity, intellectual property, or other proprietary rights;
* Are illegal, defamatory, threatening, intimidating, or harassing;
* Involve impersonating someone;
* Breach any duty toward or rights of any person or entity, including rights of publicity, privacy, or trademark;
* Involve sending illegal or impermissible communications such as bulk messaging, auto-messaging, auto-dialing, and the like;
Avoid, bypass, remove, deactivate, impair, descramble or otherwise circumvent any technological measure implemented by us or any of our service providers or any other third party (including another user) to protect the Services or Content;
* Disguise your location through IP proxying or other methods;
* Interfere with, or attempt to interfere with, the access of any user, host or network, including, without limitation, sending a virus, overloading, flooding, spamming, or mail-bombing the Services;
* Violate any applicable law or regulation; or
* Encourage or enable any other individual to do any of the foregoing.
Although we have no obligation to monitor any User Content, we have absolute discretion to remove User Content at any time and for any reason without notice. You understand that by using the Services, you may be exposed to User Content that is offensive, indecent, or objectionable. We take no responsibility and assume no liability for any User Content, including any loss or damage to any of your User Content.
You agree to comply with all applicable U.K. and non-U.K. export control and trade sanctions laws (“Export Laws”). Without limiting the foregoing, you may not download the App or use the Services if 1) you are in, under the control of, or a national or resident of Cuba, Iran, North Korea, Sudan, or Syria or any other country subject to United States embargo, UN Security Council Resolutions (“UNSCR”), HM Treasury's financial sanctions regime, or if you are on the U.S. Treasury Department's Specially Designated Nationals List or the U.S. Commerce Department's Denied Persons List, Unverified List, Entity List HM Treasury's financial sanctions regime; or (2) you intend to supply any Services to Cuba, Iran, North Korea, Sudan or Syria or any other country subject to United States embargo or HM Treasury's financial sanctions regime (or a national or resident of one of these countries), or to a person on the Specially Designated Nationals List, Denied Persons List, Unverified List, Entity List, or HM Treasury's financial sanctions regime.
Third Party Materials
The Services and App may contain links to third-party services and/or Dapps (“Third Party Materials”). The Services enable you to access Dapps via a Dapp browser and Wallet Connect by navigating away from the App to the Dapp or by enabling a native frontend software link within the App. When using a Dapp or other Third Party Materials, you understand that you are at no time transferring your assets to us. We provide access to Third Party Materials only as a convenience, do not have control over their content, do not warrant or endorse, and are not responsible for the availability or legitimacy of, the content, products or services on or accessible from those Third Party Materials (including any related websites, resources or links displayed therein). We make no warranties or representations, express or implied, about such linked Third Party Materials, the third parties they are owned and operated by, the information contained on them or the suitability of their products or services. You acknowledge sole responsibility for and assume all risk arising from your use of any third-party websites, applications, or resources.
You may be able to link a 3rd party Wallet to your Cogni wallet, to enable access to your Cogni wallet funds, from the new Wallet. In doing so, you understand and agree that all transactions made when accessing your Cogni account from Wallet are subject to the terms of use for the Cogni account and the Cogni privacy policy.
Warranty Disclaimers
YOU EXPRESSLY ACKNOWLEDGE AND AGREE THAT USE OF THE SERVICES (INCLUDING ANY PRIVATE KEY STORAGE SERVICE OFFERED AS PART OF THE SERVICES, WHETHER CLOUD OR HARDWARE-BASED) AND CONTENT IS AT YOUR SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH YOU. THE APP, SITE AND SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT ANY REPRESENTATION OR WARRANTY, WHETHER EXPRESS, IMPLIED OR STATUTORY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, Cogni SPECIFICALLY DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND/OR NON-INFRINGEMENT. Cogni DOES NOT MAKE ANY REPRESENTATIONS OR WARRANTIES THAT ACCESS TO THE SERVICES OR ANY OF THE MATERIALS CONTAINED THEREIN WILL BE CONTINUOUS, UNINTERRUPTED, TIMELY, OR ERROR-FREE.
USE OF ANY PRIVATE KEY STORAGE SERVICE INCLUDED AS PART OF THE SERVICES IS OFFERED TO YOU AS A CONVENIENCE, SUBJECT TO THE LIMITATIONS ABOVE. TO BE SAFE, YOU SHOULD ALWAYS BACKUP YOUR PRIVATE ACCESS KEY VIA SECONDARY MEANS.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.