Digital coin tracing using trustee tokens
First Claim
1. A method for obtaining certification from a trustee, the trustee being an authority independent of an electronic currency issuing entity, the trustee certifying the revocable anonymity of the identity of an entity and its association with at least one unit of electronic currency, the method comprising the steps of:
- transmitting to a trustee information representing at least one unit of electronic currency;
transmitting to the trustee information uniquely identifying an entity associated with the at least one unit of electronic currency; and
receiving from the trustee a trustee token comprising a trustee electronic signature, the trustee electronic signature certifying the revocable anonymity of the entity associated with the at least one unit of electronic currency, the trustee electronic signature being derived from a blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an entity other than the trustee.
11 Assignments
0 Petitions
Accused Products
Abstract
A system and method for obtaining traceable anonymous digital cash from a bank using a trustee as a trusted third-party. A user establishes her identity with the trustee using a secret known by the user. The user transmits to the trustee information describing a blinded traceable digital coin. The user receives from the trustee a trustee token including a signature by the trustee on the blinded coin. The user transmits the blinded coin and the trustee token to a bank. The user receives a signature from the bank certifying the blinded coin. The user can then unblind the coin, and spend the coin at a merchant. The system and method support both tracing of the identity of a user from a coin, referred to as coin tracing, and generation of a list of all coins belonging to a given user, referred to as owner tracing. Both of these operations require very little computation and database access. To determine the identity of the user, the trustee can generate the list of coins associated with a user. Alternatively, if presented with a coin, the trustee can determine the identity of the user who submitted the coin to the trustee for signature. This simple and highly efficient trustee-based tracing system and method can be added on top of anonymous cash schemes based on blind RSA signatures.
-
Citations
31 Claims
-
1. A method for obtaining certification from a trustee, the trustee being an authority independent of an electronic currency issuing entity, the trustee certifying the revocable anonymity of the identity of an entity and its association with at least one unit of electronic currency, the method comprising the steps of:
-
transmitting to a trustee information representing at least one unit of electronic currency;
transmitting to the trustee information uniquely identifying an entity associated with the at least one unit of electronic currency; and
receiving from the trustee a trustee token comprising a trustee electronic signature, the trustee electronic signature certifying the revocable anonymity of the entity associated with the at least one unit of electronic currency, the trustee electronic signature being derived from a blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an entity other than the trustee. - View Dependent Claims (2, 3, 4, 5, 6, 7)
before the transmitting step, establishing with the trustee the unique identity of the entity associated with the at least one unit of electronic currency using a secret.
-
-
6. The method of claim 5 wherein the secret comprises the private key belonging to a public/private key pair.
-
7. The method of claim 1 wherein the method receiving step comprises receiving from the trustee a trustee token comprising a signature by the trustee on a plurality of blinded units of electronic currency.
-
8. A system for obtaining certification from a trustee, the trustee being an authority independent of an electronic currency issuing entity, the trustee certifying the revocable anonymity of the identity of an entity and its association with at least one unit of electronic currency, the system comprising:
-
a transmitter transmitting to a trustee information representing at least one unit of electronic currency and transmitting information uniquely identifying an entity associated with the at least one unit of electronic currency; and
a receiver receiving from the trustee a trustee token comprising a trustee electronic signature, the trustee electronic signature certifying the revocable anonymity of the entity associated with the at least one unit of electronic currency, the trustee electronic signature being derived from a blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an entity other than the trustee.
-
-
9. A method for generating a trustee certification, the trustee being an authority independent of an electronic currency issuing entity, the trustee certification comprising a trustee token certifying the revocable anonymity of the identity of an entity associated with at least one unit of electronic currency, the method comprising the steps of:
-
receiving from an entity information representing at least one unit of electronic currency;
receiving from an entity information uniquely identifying the entity associated with the at least one unit of electronic currency;
determining information uniquely identifying the at least one unit of electronic currency;
storing the information representing and uniquely identifying the at least one unit of electronic currency and information uniquely identifying the entity associated with the at least one unit of electronic currency; and
generating a trustee token comprising a trustee electronic signature derived from a blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an entity other than the trustee. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
signing the blinded representation of the at least one unit of electronic currency.
-
-
17. The method of claim 16 wherein the signing step comprises signing the blinded representation of the at least one unit of electronic currency using a private key of a public/private key pair.
-
18. The method of claim 16 wherein the signing step comprises signing the blinded representation of the at least one unit of electronic currency using a MAC (Message Authentication Code).
-
19. A system for generating a trustee certification, the trustee being an authority independent of an electronic currency issuing entity, the trustee certification comprising a trustee token certifying the revocable anonymity of the identity of an entity associated with at least one unit of electronic currency, the system comprising:
-
a receiver for receiving from an entity information uniquely identifying the entity associated with the at least one unit of electronic currency;
a currency identifier for determining information uniquely identifying the at least one unit of electronic currency;
data store for storing the information representing and uniquely identifying the at least one unit of electronic currency and storing the information uniquely identifying the entity associated with the at least one unit of electronic currency; and
a token generator for generating a trustee token comprising a trustee electronic signature derived from the blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an entity other than the trustee.
-
-
20. A method for issuing at least one unit of electronic currency, the method comprising the steps of:
-
receiving from an entity a blinded representation of at least one unit of electronic currency;
receiving from the entity a trustee token comprising a trustee electronic signature derived from the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an electronic currency issuer;
verifying the authenticity of the trustee electronic signature of the trustee token with respect to the blinded representation of the at least one unit of electronic currency;
deducting an amount from an account associated with the entity; and
issuing the blinded representation of the at least one unit of electronic currency by associating and indicating with the blinded representation a value related to the amount deducted from the user'"'"'s account. - View Dependent Claims (21, 22, 23, 24)
before the receiving step, verifying identity of the entity using a secret.
-
-
22. The method of claim 20 wherein the verifying step comprises calculating a MAC on the blinded representation of the at least one unit of electronic currency.
-
23. The method of claim 20 wherein the verifying step comprises verifying using a trustee'"'"'s public key.
-
24. The method of claim 20 wherein the issuing step comprises signing the blinded representation of the at least one unit of electronic currency.
-
25. A system for issuing at least one unit of electronic currency, the system comprising:
-
a receiver for receiving a blinded representation of at least one unit of electronic currency and for receiving a trustee token comprising a trustee electronic signature derived from the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an electronic currency issuer;
a verifier for verifying the authenticity of the trustee electronic signature of the trustee token with respect to the at least one unit of electronic currency;
a withdrawal mechanism for deducting an amount from the account associated with the entity; and
an issuer for issuing the at least one unit of electronic currency by associating and indicating with the blinded representation a value related to the amount deducted from an account associated with the entity.
-
-
26. A method for receiving at least one unit of electronic currency from an electronic currency issuer using a trustee token, the method comprising the steps of:
-
transmitting to an electronic currency issuer a blinded representation of at least one unit of electronic currency;
transmitting to an electronic currency issuer a trustee token, said trustee token comprising a trustee electronic signature derived from the blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by the electronic currency issuer; and
receiving from the electronic currency issuer an electronic currency issuer signature derived from the blinded representation of the at least one unit of electronic currency.
-
-
27. A system for receiving at least one unit of electronic currency from an electronic currency issuer using a trustee token, the system comprising:
-
a transmitter for transmitting to an electronic currency issuer a blinded representation of at least one unit of electronic currency and for transmitting a trustee token, said trustee token comprising a trustee electronic signature derived from the blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by the electronic currency issuer; and
a receiver for receiving from the electronic currency issuer an electronic currency issuer signature derived from the blinded representation of the at least one unit of electronic currency.
-
-
28. A method for obtaining revocably anonymous electronic currency from a bank by using a trustee, the trustee being independent from the bank, the method comprising the steps of:
-
establishing entity identification with the trustee using a secret;
transmitting to the trustee information representing at least one unit of electronic currency;
receiving from the trustee a trustee token comprising a trustee electronic signature derived from a blinded representation of at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the blinded representation of the at least one unit of electronic currency can be verified by the bank;
transmitting to a bank the blinded representation of the at least one unit of electronic currency;
transmitting to the bank the trustee token; and
receiving from the bank a bank electronic signature derived from the blinded representation of the at least one unit of electronic currency. - View Dependent Claims (29)
transforming the blinded representation to the unblinded representation of the at least one unit of electronic currency; and
transmitting the at least one unit of electronic currency to a merchant.
-
-
30. A method for determining the association of at least one unit of electronic currency with an entity, the method comprising the steps of:
-
encrypting information uniquely identifying an entity associated with at least one unit of electronic currency into the unblinded representation of the at least one unit of electronic currency using a secret;
recording the association of the information uniquely identifying an entity to the entity and to both the blinded and unblinded representations of the at least one unit of electronic currency into permanent records;
decrypting the unblinded representation of the at least one unit of electronic currency using a secret to reveal the information uniquely identifying the entity associated with the at least one unit of electronic currency using the permanent records;
matching the decrypted information uniquely identifying an entity with an entity using the permanent records.
-
-
31. A method for identifying at least one unit of electronic currency associated with an entity, the method comprising the steps of:
-
encrypting information uniquely identifying an entity associated with at least one unit of electronic currency into an unblinded representation of the at least one unit of electronic currency using a secret;
recording the association of the information uniquely identifying an entity to the entity and to both the blinded and unblinded representations of the at least one unit of electronic currency into permanent records;
matching an entity to information uniquely identifying the entity that was encrypted inside the unblinded representation of the at least one unit of electronic-currency transmitted to a trustee using the permanent records;
matching the information uniquely identifying an entity encrypted inside at least one unit of electronic currency to the at least one unit of electronic currency transmitted to a trustee using the permanent records; and
identifying the matching at least one unit of electronic currency processed by the trustee as the at least one unit of electronic currency associated with the entity.
-
Specification