Data processing: financial – business practice – management – or co – Business processing using cryptography – Secure transaction
Reexamination Certificate
1999-07-14
2003-03-04
Sough, Hyung-Sub (Department: 3621)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Secure transaction
C705S065000, C705S067000, C705S069000, C380S030000
Reexamination Certificate
active
06529884
ABSTRACT:
FIELD OF THE INVENTION
This invention relates to improved methods and apparatus for electronic commerce.
BACKGROUND OF THE INVENTION
In many electronic commerce systems a representation of coins is kept by a user such as payers and merchants. The users may keep on a computer or other electronic device a plurality of secrets and signatures, one for each unspent coin. The merchant and a bank may keep a plurality of signatures, one for each spent coin. However, this type of electronic commerce system is difficult to implement using inexpensive devices since it requires the user's (payer or merchant) device to have a substantial amount of memory to store the secrets and signatures.
SUMMARY OF THE INVENTION
It is an object of the present invention to provide a system for electronic commerce that reduces the amount of data needed to be stored on a user computer or electronic device. In one embodiment of the present invention a bank processor stores information corresponding to coins or funds and the user device (such as a payer or merchant processor) needs to only store a single secret seed and one or more counters needed to access the data stored in the bank's memory. The user's device can be a smart card since only a minimal amount of data needs to be stored on the user's device. A “smart card” in this application is defined as special purpose computer or electronics hardware that only runs one computer program, in contrast to personal computers (PCs) which run any program that is loaded on to the computer. This implementation avoids the threat of computer virus attacks since a smart card is far less susceptible to such attacks. This implementation also allows pre-paid smart cards to be used by not requiring a link to the identity of the smart card owner.
The bank processor of the present invention may hold disposable anonymous accounts in a bank memory. When a coin is spent, the corresponding account is deleted from the bank's memory and a new account is created. This completes a payment from a payer processor to a merchant processor. The new account is the merchant's account.
In one embodiment an apparatus or system is provided comprising a bank processor, a payer processor, and a merchant processor. Each can be connected to each other by communications links. Each processor may be connected to an associated electronics memory device. The payer memory may have stored therein a payer secret seed and a payer counter. The merchant memory may have stored therein a merchant secret seed and a merchant counter. The payer processor may compute a first payer secret key and a corresponding first payer public key by using the payer secret seed and the payer counter. The merchant processor may compute a first merchant secret key and a corresponding first merchant public key by using the merchant secret seed and the merchant counter. The merchant processor may send the first merchant public key to the payer processor and the payer processor may compute a signature on the first merchant public key. The signature, first merchant public key, and first payer public key may be sent to the bank processor which would check the bank memory to determine if the first payer public key is stored there and determine if the signature is a valid signature. The bank processor may cancel the account corresponding to the first payer public key from the bank memory and store a new account in the bank memory corresponding to the first merchant public key, if the signature is valid and if an account corresponding to the first payer public key was previously stored in the bank memory.
A method in accordance with an embodiment of the present invention offers users computational (but not revocable) privacy, and protects against the so-called “bank robbery” attack. The method provides so-called “chain privacy” in that the bank processor will not be able to correlate the identity of users to payments that are in between the initial deposit into an account and the final withdrawal from an account.
REFERENCES:
patent: 4399323 (1983-08-01), Henry
patent: 4405829 (1983-09-01), Rivest et al.
patent: 4868877 (1989-09-01), Fischer
patent: 4947430 (1990-08-01), Chaum
patent: 5191193 (1993-03-01), Le Roux
patent: 5220604 (1993-06-01), Gasser et al.
patent: 5511121 (1996-04-01), Yacobi
patent: 5832089 (1998-11-01), Kravitz et al.
patent: 5850450 (1998-12-01), Schweitzer et al.
patent: 6105013 (2000-08-01), Curry et al.
patent: 6212634 (2001-04-01), Geer et al.
patent: 6240187 (2001-05-01), Lewis
patent: 10327146 (1998-12-01), None
Menezes et al, “Handbook of Applied Cryptography”, CRC Press, 1997, Chapters 5 and 11.*
Prior Art—“Addition Chain Heuristics”, Jurjen Bos et al, pp. 400-407, The Netherlands.
Huseman M.
Lucent Technologies - Inc.
Sough Hyung-Sub
Tenecza, Jr. Walter J.
LandOfFree
Minimalistic electronic commerce system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Minimalistic electronic commerce system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Minimalistic electronic commerce system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3001957