Method for ensuring privacy in electronic transactions with session key blocks

US 20040128259A1
Filed: 12/31/2002
Published: 07/01/2004
Est. Priority Date: 12/31/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for ensuring that electronic transactions are processed anonymously, comprising:

initially registering a requestor with a distributor;

delivering a unique set of device keys to said requestor;

sending an anonymous transaction request from said requester to said distributor;

transmitting an encrypted response from said distributor; and

processing said response by said requester.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, business method, and computer program product for conducting electronic transactions with a potentially untrusted server while maintaining user anonymity and transaction privacy, yet allowing the server to verify the user is a valid subscriber entitled to participate in the transaction. Anonymous service requests are sent to the server. The server transmits responses that have been encrypted such that only valid subscribers can decrypt them. Broadcast encryption schemes that enable selective revocation of misbehaving subscribers will tip off requestors that the server is trying to identify them. Transaction and content quantity can be monitored for usage-based billing while maintaining anonymity. Each content item may be uniquely encrypted with a content key that is then encrypted by a session key and included in encrypted form with a response, to reduce the computational workload.

Citations

21 Claims

1. A method for ensuring that electronic transactions are processed anonymously, comprising:
- initially registering a requestor with a distributor;
  
  delivering a unique set of device keys to said requestor;
  
  sending an anonymous transaction request from said requester to said distributor;
  
  transmitting an encrypted response from said distributor; and
  
  processing said response by said requester.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein said distributor is a content server.
  - 3. The method of claim 1 wherein said distributor is an intermediary between said requestor and a content server.
  - 4. The method of claim 1 wherein said request relates to at least one of:
    - an auction, a financial transaction, a research transaction, a real estate transaction, and access to a database.
  - 5. The method of claim 1 wherein anonymizing networks perform said sending.
  - 6. The method of claim 1 wherein anonymizing networks perform said transmitting.
  - 7. The method of claim 1 wherein said request triggers a plurality of said responses.
  - 8. The method of claim 1 wherein said response is broadcast and only registered requesters can decrypt said response with a session key computed using said device keys.
  - 9. The method of claim 1 wherein said processing includes selecting particular responses from a plurality of transmissions.
  - 10. The method of claim 1 wherein said processing includes decrypting said responses.
  - 11. The method of claim 1 wherein said requestor determines that requestor anonymity is threatened by detecting revocations resulting from tracing attempts said distributor makes.
  - 12. The method of claim 1 wherein payments to said distributor by said requestor are not dependent on the transactions processed.
  - 13. The method of claim 1 wherein payments to said distributor by said requestor are dependent on the transactions processed.
  - 14. The method of claim 13 wherein tamper-resistant software certified by a mutually trusted third party tracks transaction data.
  - 15. The method of claim 13 wherein a trusted third party administrator performs at least one of:
    - providing said device keys to said requestors, tracking requestor registration information, and periodically providing a session key block to said distributor reflecting a current set of registered requesters.
  - 16. The method of claim 1 wherein said requestor and said distributor communicate via a point-to-point connection that does not identify said requester.
  - 17. The method of claim 1 wherein said response includes content protected with a unique content key that is encrypted by a current session key and included in encrypted form in said response.

18. A system for ensuring that electronic transactions are processed anonymously, comprising:
- a processor that initially registers a requester with a distributor;
  
  a second processor that delivers a unique set of device keys to said requestor;
  
  a request sender that sends an anonymous transaction request from said requestor to said distributor;
  
  a response transmitter that transmits an encrypted response from said distributor; and
  
  a receiver that processes said response for said requester.

19. A system for ensuring that electronic transactions are processed anonymously, comprising:
- means for initially registering a requestor with a distributor;
  
  means for delivering a unique set of device keys to said requester;
  
  means for sending an anonymous transaction request from said requestor to said distributor;
  
  means for said distributor to transmit an encrypted response; and
  
  means for said requester to process said response.

20. A computer program product method comprising a machine-readable medium having machine-executable instructions thereon including code means for ensuring that electronic transactions are processed anonymously, comprising:
- a first code for initially registering a requestor with a distributor;
  
  a second code for delivering a unique set of device keys to said requestor;
  
  a third code for sending an anonymous transaction request from said requestor to said distributor;
  
  a fourth code for transmitting an encrypted response from said distributor; and
  
  a fifth code for processing said response for said requestor.

21. A business method for conducting electronic commerce while ensuring that electronic transactions are processed anonymously, comprising:
- initially registering a requester with a distributor;
  
  delivering a unique set of device keys to said requester;
  
  sending an anonymous transaction request from said requester to said distributor;
  
  transmitting an encrypted response from said distributor; and
  
  processing said response by said requestor, wherein said requestor pays extra for anonymity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Reddy, Ram, Blakeley, Douglas Burnette, Lotspiech, Jeffrey Bruce, Naor, Dalit, Nin, Sigfredo Ismael, Srinivasan, Savitha

Application Number

US10/335,433
Publication Number

US 20040128259A1
Time in Patent Office

Days
Field of Search
US Class Current

705/74
CPC Class Codes

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/383   Anonymous user system

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2463/102   applying security measure f...

H04L 63/0407   wherein the identity of one...

H04L 63/0428   wherein the data content is...

Method for ensuring privacy in electronic transactions with session key blocks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method for ensuring privacy in electronic transactions with session key blocks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links