Method and apparatus for implementing traceable electronic cash
First Claim
1. A method for implementing traceable electronic cash, comprising the steps:
- (1) wherein a user sends a first institution public information N corresponding to his real name IDU and first secret information;
(2) wherein said first institution recognizes the identity of said user, then generates a pseudonym I of said user and keeps secret the correspondence between at least either one of said pseudonym I and said public information N and said real name IDU ;
(3) wherein said first institution attaches a signature to said public information N and said pseudonym I and sends said signature and said pseudonym I to said user;
(4) wherein said user obtain a license B from said signature sent from said first institution and stores it together with said pseudonym I;
(5) wherein said user uses said first secret information to calculate second secret information S corresponding to said pseudonym I and said public information N and holds said second secret information S;
(6) wherein said user sends information containing at least a random number R and said license B and an amount of money A to a second institution to request it to issue electronic cash;
(7) wherein said second institution adds a signature to said received information containing said license B and sends it to said user as information containing electronic cash C;
(8) wherein said user checks said signed information from said second institution to see if said license B bears a signature to said public information N and said pseudonym I and if said electronic cash C is usable under said license B, thereafter making a payment to a third party through the use of said random number and said second secret information S;
(9) wherein said third party sends said second institution all information of communication with said user so as to seek a settlement concerning said electronic cash C; and
(10) wherein, when there is a likelihood of an attack, the correspondence between at least either one of said pseudonym I and said public information N and said real name IDU kept secret by said first institution is retrieved and said pseudonym I and said public information N are revealed to preclude the possibility of said attack.
1 Assignment
0 Petitions
Accused Products
Abstract
In a method for implementing traceable electronic cash, a user US sends a bank BK a product N of prime numbers P and Q, a prime number L and his real name IDU, and the bank BK generates a pseudonym I corresponding to the real name IDU and keeps the correspondence between the real name IDU and the pseudonym I secret. The bank BK uses a signature function Ω=DeB (N,L,I) to attach a signature to information composed of the above-mentioned N, L and I and sends the user US the signed information Ω as information containing a license B. The user US generates authentication information X from the N and a random number R and sends the bank BK information Z obtained by performing blind signature preprocessing on information (X,B) with a function FeC and has the information Z signed by the bank BK with a signature function DeC (Z) to obtain electronic cash C. When the user US abuses the electronic cash C, the bank BK follows a court order to reveal the correspondence between the real name IDU and pseudo name of the user US and trace the electronic cash spent.
97 Citations
18 Claims
-
1. A method for implementing traceable electronic cash, comprising the steps:
-
(1) wherein a user sends a first institution public information N corresponding to his real name IDU and first secret information; (2) wherein said first institution recognizes the identity of said user, then generates a pseudonym I of said user and keeps secret the correspondence between at least either one of said pseudonym I and said public information N and said real name IDU ; (3) wherein said first institution attaches a signature to said public information N and said pseudonym I and sends said signature and said pseudonym I to said user; (4) wherein said user obtain a license B from said signature sent from said first institution and stores it together with said pseudonym I; (5) wherein said user uses said first secret information to calculate second secret information S corresponding to said pseudonym I and said public information N and holds said second secret information S; (6) wherein said user sends information containing at least a random number R and said license B and an amount of money A to a second institution to request it to issue electronic cash; (7) wherein said second institution adds a signature to said received information containing said license B and sends it to said user as information containing electronic cash C; (8) wherein said user checks said signed information from said second institution to see if said license B bears a signature to said public information N and said pseudonym I and if said electronic cash C is usable under said license B, thereafter making a payment to a third party through the use of said random number and said second secret information S; (9) wherein said third party sends said second institution all information of communication with said user so as to seek a settlement concerning said electronic cash C; and (10) wherein, when there is a likelihood of an attack, the correspondence between at least either one of said pseudonym I and said public information N and said real name IDU kept secret by said first institution is retrieved and said pseudonym I and said public information N are revealed to preclude the possibility of said attack. - View Dependent Claims (2, 3, 9, 10, 11, 12)
-
-
4. A method for implementing traceable electronic cash, comprising the steps:
-
(1) wherein a user sends a first institution public information N corresponding to his real name IDU and secret information; (2) wherein said first institution recognizes the identity of said user, then generates a pseudonym I of said user and keeps secret the correspondence between at least either one of said pseudonym I and said public information N and said real name IDU ; (3) wherein said first institution attaches a signature to said public information N and said pseudonym I and sends said signature and said pseudonym I to said user; (4) wherein said user obtains a license B from said signature sent from said first institution and stores it together with said pseudonym I; (5) wherein said user sends a second institution information containing at least a random number b and said license B and an amount of money A to request said second institution to issue electronic cash; (6) wherein said second institution attaches a signature to said information containing said license B from said user and sends said user said signed information as information containing electronic cash C; (7) wherein said user checks said signed information from said second institution to see if said license B bears a signature to said public information N and said pseudonym I and if said electronic cash C is usable under said license B, thereafter making a payment to a third party through the use of said random number b and said secret information; (8) wherein said third party sends said second institution all information of communication with said user so as to seek a settlement concerning said electronic cash C; and (9) wherein, when there is a likelihood of an attack, the correspondence between at least either one of said pseudonym I and said public information N and said real name IDU kept secret by said first institution is retrieved and said pseudonym I and said public information N are revealed to preclude the possibility of said attack. - View Dependent Claims (5, 6, 7, 8)
- 8. The method of claim 5 or 6, wherein letting (eC,nC) represent a public key of an RSA scheme used by said first institution, setting
- space="preserve" listing-type="equation">n.sub.C =P×
Q,
space="preserve" listing-type="equation">e.sub.C ×
d.sub.C .tbd.1(mod L) and
space="preserve" listing-type="equation">L=LCM{(P-1),(Q-1)},setting the function of said blind signature preprocessing FeC by said user in said step (5) as follows;
space="preserve" listing-type="equation">Z=F.sub.eC (m)=r.sup.eC ×
m mod n.sub.C,setting the function of said signature DeC by said second institution in said step (6) as follows;
space="preserve" listing-type="equation">Θ
=D.sub.eC (Z)=Z.sup.dC mod n.sub.Cand setting the function of said blind signature postprocessing GeC by said user in said step (7) as follows;
space="preserve" listing-type="equation">C=G.sub.eC (Θ
)=Θ
/r mod n.sub.C,said verification of the validity of said electronic cash C for said information (B,b) by said third party in said step (7-3) succeeds when the following equation is satisfied;
space="preserve" listing-type="equation">(B,b).tbd.C.sup.eC (mod n.sub.C). - space="preserve" listing-type="equation">n.sub.C =P×
-
-
13. An institution apparatus which issues a license and electronic cash in accordance with a method for implementing traceable electronic cash, said apparatus comprising:
-
pseudonym generating means which receives from a user public information N and information containing the user'"'"'s real name IDU and generates a pseudonym I corresponding to said real name IDU ; correspondence storage means which holds a table representing a correspondence between said real name IDU and at least one of said pseudonym I and said public information N; license signing means which uses a secret key for a license to sign, with a first signing function DeB, information containing said public information and said pseudonym I and sends said user the signed information as information containing a license B; and electronic cash signing means which signs, with a second signing function DeC, said information received from said user and containing said license B and sends said user said signed information as electronic cash information. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification