Digital coin tracing using trustee tokens

US 6,446,052 B1
Filed: 11/18/1998
Issued: 09/03/2002
Est. Priority Date: 11/19/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for obtaining certification from a trustee, the trustee being an authority independent of an electronic currency issuing entity, the trustee certifying the revocable anonymity of the identity of an entity and its association with at least one unit of electronic currency, the method comprising the steps of:

transmitting to a trustee information representing at least one unit of electronic currency;

transmitting to the trustee information uniquely identifying an entity associated with the at least one unit of electronic currency; and

receiving from the trustee a trustee token comprising a trustee electronic signature, the trustee electronic signature certifying the revocable anonymity of the entity associated with the at least one unit of electronic currency, the trustee electronic signature being derived from a blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an entity other than the trustee.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for obtaining traceable anonymous digital cash from a bank using a trustee as a trusted third-party. A user establishes her identity with the trustee using a secret known by the user. The user transmits to the trustee information describing a blinded traceable digital coin. The user receives from the trustee a trustee token including a signature by the trustee on the blinded coin. The user transmits the blinded coin and the trustee token to a bank. The user receives a signature from the bank certifying the blinded coin. The user can then unblind the coin, and spend the coin at a merchant. The system and method support both tracing of the identity of a user from a coin, referred to as coin tracing, and generation of a list of all coins belonging to a given user, referred to as owner tracing. Both of these operations require very little computation and database access. To determine the identity of the user, the trustee can generate the list of coins associated with a user. Alternatively, if presented with a coin, the trustee can determine the identity of the user who submitted the coin to the trustee for signature. This simple and highly efficient trustee-based tracing system and method can be added on top of anonymous cash schemes based on blind RSA signatures.

Citations

31 Claims

1. A method for obtaining certification from a trustee, the trustee being an authority independent of an electronic currency issuing entity, the trustee certifying the revocable anonymity of the identity of an entity and its association with at least one unit of electronic currency, the method comprising the steps of:
- transmitting to a trustee information representing at least one unit of electronic currency;
  
  transmitting to the trustee information uniquely identifying an entity associated with the at least one unit of electronic currency; and
  
  receiving from the trustee a trustee token comprising a trustee electronic signature, the trustee electronic signature certifying the revocable anonymity of the entity associated with the at least one unit of electronic currency, the trustee electronic signature being derived from a blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an entity other than the trustee.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the information representing the at least one unit of electronic currency is the blinded representation of the at least one unit of electronic currency.
  - 3. The method of claim 1 wherein the information representing at least one unit of electronic currency comprises a random seed for generating at least one blinded unit of electronic currency.
  - 4. The method of claim 3 wherein the information representing the at least one unit of electronic currency further comprises a quantity of desired units of electronic currency for generating at least one blinded unit of electronic currency.
  - 5. The method of claim 1, further comprising:
6. The method of claim 5 wherein the secret comprises the private key belonging to a public/private key pair.
7. The method of claim 1 wherein the method receiving step comprises receiving from the trustee a trustee token comprising a signature by the trustee on a plurality of blinded units of electronic currency.

8. A system for obtaining certification from a trustee, the trustee being an authority independent of an electronic currency issuing entity, the trustee certifying the revocable anonymity of the identity of an entity and its association with at least one unit of electronic currency, the system comprising:
- a transmitter transmitting to a trustee information representing at least one unit of electronic currency and transmitting information uniquely identifying an entity associated with the at least one unit of electronic currency; and
  
  a receiver receiving from the trustee a trustee token comprising a trustee electronic signature, the trustee electronic signature certifying the revocable anonymity of the entity associated with the at least one unit of electronic currency, the trustee electronic signature being derived from a blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an entity other than the trustee.

9. A method for generating a trustee certification, the trustee being an authority independent of an electronic currency issuing entity, the trustee certification comprising a trustee token certifying the revocable anonymity of the identity of an entity associated with at least one unit of electronic currency, the method comprising the steps of:
- receiving from an entity information representing at least one unit of electronic currency;
  
  receiving from an entity information uniquely identifying the entity associated with the at least one unit of electronic currency;
  
  determining information uniquely identifying the at least one unit of electronic currency;
  
  storing the information representing and uniquely identifying the at least one unit of electronic currency and information uniquely identifying the entity associated with the at least one unit of electronic currency; and
  
  generating a trustee token comprising a trustee electronic signature derived from a blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an entity other than the trustee.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 10. The method of claim 9 wherein the information representing the at least one unit of electronic currency is a blinded representation of the at least one unit of electronic currency.
  - 11. The method of claim 9 wherein the information representing the at least one unit of electronic currency comprises a random seed.
  - 12. The method of claim 9 wherein the information representing the at least one unit of electronic currency further comprises a quantity of desired units of electronic currency.
  - 13. The method of claim 9 wherein the generating step comprises generating a trustee token using the information representing the at least one unit of electronic currency, said trustee token comprising a signature by a trustee on at least one unit of electronic currency.
  - 14. The method of claim 9 further comprising:
    - after the generating step, transmitting the trustee token to the entity.
  - 15. The method of claim 9 further comprising:
    - before the receiving step, verifying identity of the entity using a secret.
  - 16. The method of claim 9 wherein the generating step comprises:
    - generating a trustee token by using the information representing the at least one unit of electronic currency to generate the blinded representation of the at least one unit of electronic currency; and
17. The method of claim 16 wherein the signing step comprises signing the blinded representation of the at least one unit of electronic currency using a private key of a public/private key pair.
18. The method of claim 16 wherein the signing step comprises signing the blinded representation of the at least one unit of electronic currency using a MAC (Message Authentication Code).

19. A system for generating a trustee certification, the trustee being an authority independent of an electronic currency issuing entity, the trustee certification comprising a trustee token certifying the revocable anonymity of the identity of an entity associated with at least one unit of electronic currency, the system comprising:
- a receiver for receiving from an entity information uniquely identifying the entity associated with the at least one unit of electronic currency;
  
  a currency identifier for determining information uniquely identifying the at least one unit of electronic currency;
  
  data store for storing the information representing and uniquely identifying the at least one unit of electronic currency and storing the information uniquely identifying the entity associated with the at least one unit of electronic currency; and
  
  a token generator for generating a trustee token comprising a trustee electronic signature derived from the blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an entity other than the trustee.

20. A method for issuing at least one unit of electronic currency, the method comprising the steps of:
- receiving from an entity a blinded representation of at least one unit of electronic currency;
  
  receiving from the entity a trustee token comprising a trustee electronic signature derived from the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an electronic currency issuer;
  
  verifying the authenticity of the trustee electronic signature of the trustee token with respect to the blinded representation of the at least one unit of electronic currency;
  
  deducting an amount from an account associated with the entity; and
  
  issuing the blinded representation of the at least one unit of electronic currency by associating and indicating with the blinded representation a value related to the amount deducted from the user'"'"'s account.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20, further comprising:
22. The method of claim 20 wherein the verifying step comprises calculating a MAC on the blinded representation of the at least one unit of electronic currency.
23. The method of claim 20 wherein the verifying step comprises verifying using a trustee'"'"'s public key.
24. The method of claim 20 wherein the issuing step comprises signing the blinded representation of the at least one unit of electronic currency.

25. A system for issuing at least one unit of electronic currency, the system comprising:
- a receiver for receiving a blinded representation of at least one unit of electronic currency and for receiving a trustee token comprising a trustee electronic signature derived from the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by an electronic currency issuer;
  
  a verifier for verifying the authenticity of the trustee electronic signature of the trustee token with respect to the at least one unit of electronic currency;
  
  a withdrawal mechanism for deducting an amount from the account associated with the entity; and
  
  an issuer for issuing the at least one unit of electronic currency by associating and indicating with the blinded representation a value related to the amount deducted from an account associated with the entity.

26. A method for receiving at least one unit of electronic currency from an electronic currency issuer using a trustee token, the method comprising the steps of:
- transmitting to an electronic currency issuer a blinded representation of at least one unit of electronic currency;
  
  transmitting to an electronic currency issuer a trustee token, said trustee token comprising a trustee electronic signature derived from the blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by the electronic currency issuer; and
  
  receiving from the electronic currency issuer an electronic currency issuer signature derived from the blinded representation of the at least one unit of electronic currency.

27. A system for receiving at least one unit of electronic currency from an electronic currency issuer using a trustee token, the system comprising:
- a transmitter for transmitting to an electronic currency issuer a blinded representation of at least one unit of electronic currency and for transmitting a trustee token, said trustee token comprising a trustee electronic signature derived from the blinded representation of the at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the at least one unit of electronic currency can be verified by the electronic currency issuer; and
  
  a receiver for receiving from the electronic currency issuer an electronic currency issuer signature derived from the blinded representation of the at least one unit of electronic currency.

28. A method for obtaining revocably anonymous electronic currency from a bank by using a trustee, the trustee being independent from the bank, the method comprising the steps of:
- establishing entity identification with the trustee using a secret;
  
  transmitting to the trustee information representing at least one unit of electronic currency;
  
  receiving from the trustee a trustee token comprising a trustee electronic signature derived from a blinded representation of at least one unit of electronic currency such that the authenticity of the trustee electronic signature with respect to the blinded representation of the at least one unit of electronic currency can be verified by the bank;
  
  transmitting to a bank the blinded representation of the at least one unit of electronic currency;
  
  transmitting to the bank the trustee token; and
  
  receiving from the bank a bank electronic signature derived from the blinded representation of the at least one unit of electronic currency.
- View Dependent Claims (29)
- - 29. The method of claim 28 further comprising the step of:

30. A method for determining the association of at least one unit of electronic currency with an entity, the method comprising the steps of:
- encrypting information uniquely identifying an entity associated with at least one unit of electronic currency into the unblinded representation of the at least one unit of electronic currency using a secret;
  
  recording the association of the information uniquely identifying an entity to the entity and to both the blinded and unblinded representations of the at least one unit of electronic currency into permanent records;
  
  decrypting the unblinded representation of the at least one unit of electronic currency using a secret to reveal the information uniquely identifying the entity associated with the at least one unit of electronic currency using the permanent records;
  
  matching the decrypted information uniquely identifying an entity with an entity using the permanent records.

31. A method for identifying at least one unit of electronic currency associated with an entity, the method comprising the steps of:
- encrypting information uniquely identifying an entity associated with at least one unit of electronic currency into an unblinded representation of the at least one unit of electronic currency using a secret;
  
  recording the association of the information uniquely identifying an entity to the entity and to both the blinded and unblinded representations of the at least one unit of electronic currency into permanent records;
  
  matching an entity to information uniquely identifying the entity that was encrypted inside the unblinded representation of the at least one unit of electronic-currency transmitted to a trustee using the permanent records;
  
  matching the information uniquely identifying an entity encrypted inside at least one unit of electronic currency to the at least one unit of electronic currency transmitted to a trustee using the permanent records; and
  
  identifying the matching at least one unit of electronic currency processed by the trustee as the at least one unit of electronic currency associated with the entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
RSA Security Incorporated (Symphony Technology Group LLC)
Inventors
Juels, Ari
Primary Examiner(s)
Kemper, Melanie A.

Application Number

US09/195,527
Time in Patent Office

1,385 Days
Field of Search

705/1, 705/50, 705/64, 705/67, 705/69, 705/74, 380/1, 380/24, 380/28, 380/30
US Class Current

705/69
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/06   Private payment circuits, e...

G06Q 20/10   specially adapted for elect...

G06Q 20/29   characterised by micropayments

G06Q 20/3678   e-cash details, e.g. blinde...

G06Q 20/3825   Use of electronic signatures

G06Q 20/383   Anonymous user system

Digital coin tracing using trustee tokens

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Digital coin tracing using trustee tokens

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links