Permission Payment is a controlled payment mechanism in which transactions are authorized only after obtaining approval from a predefined set of participants or under specific conditions.
Permission Payment enhances security and reduces the risk of unauthorized transactions and fraud by ensuring that no single party can initiate or approve a payment without the required permissions or approval.
UPCX is designed with the possibility to implement account permissions, allowing a secure handling of funds and account management. Accounts can be controlled by the assignment of permission levels through the account holder. Permissions have a hierarchical structure, thereby allowing many users to have access to an account and control funds, while setting limits for each authorized user.
Permission Payments is built using the Threshold Signature Scheme (TSS).
TSS is a method for generating one digital signature from multiple signers. The generated signature has the same appearance as a signature generated without a threshold scheme, but it is not generated using a single private key. Instead, it is created with multiple private key shares that are distributed so that no single individual has control over the entire private key.
In this scheme, the responsibility for signing messages is distributed among participants, and a pre-defined number of participants must agree in order to create a valid signature.
This threshold is typically determined in advance and is often denoted by the parameter "t".
In order to sign a transaction, a minimum number of approvers must participate. This threshold structure is commonly expressed as “t of n”, where “n” is the total number of signers and “t ” is the number of approvers who are needed to sign the transaction on behalf of the entire group. For example, say that there are 7 signers (n) and a transaction should be authenticated when 4 signers have provided their approval (t). This would result in t of n = 4 of 7 signers.
UPCX’s Permission Payments allows to set different signature weights to different roles and permission levels. You could for example assign the weights as follows: Person A (CEO): 2; Person B (COO): 1; Person C (CFO): 1. If the threshold is set to be "t = 3", transactions could be authenticated successfully for A+B or A+C. However, in the case of B+C (just COO and CFO sign), then the transaction would fail because “t” is less than 3. For this reason, unlike regular TSS, UPCX’s Permission Payments does not strictly require the concept of 'n'.
UPCX uses permissions consisting of one or more approvers to authenticate tasks such as transferring funds or modifying account.
Each permission consists of one or more approver (or account ID or public key), signature weights and a threshold value. For a transaction to be approved, the sum of the signature weights of the approvers involved in the transaction must exceed the threshold defined in the smart contract.
This method is an effective way to prevent the concentration of authority at a single point as well as fraud, especially in companies where there are various levels of authority.
Permission payments provide enhanced security and resistance to faults and mistakes compared to traditional single-key signature methods.
Permissioned payments can be applied to a variety of scenarios where secure and controlled payment authorization is essential, such as corporate financial management, consortium blockchains, and decentralized finance (DeFi) platforms.