Anonymous payment with a verification possibility by a defined party

US 7,490,069 B2
Filed: 05/29/2003
Issued: 02/10/2009
Est. Priority Date: 05/30/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A computerized method for verifying an anonymous payment by a defined party in a communication system providing a public key infrastructure, the method comprising:

receiving a validation message from a merchant party via an input port of a computer, the validation message comprising a proof signature produced by a customer party and an encrypted payment message, the proof signature being derived from a zero-knowledge proof

     1) of knowledge of a customer secret key, a customer certificate, and at least one customer attribute,

     2) that the encrypted payment message encrypts said customer attribute, and

     3) that said customer certificate is valid and is related to said customer secret key, thereby allowing said customer secret key, said customer certificate, and said at least one customer attribute to remain anonymous to said merchant party;

verifying, by said computer, a validity of the proof signature based on an issuing public key, a verification public key, and the encrypted payment message;

decrypting, by said computer, at least part of the encrypted payment message based on a verification secret key corresponding to the verification public key, thereby obtaining a customer information related to the at least one customer attribute; and

in an event of the validity of the proof signature, the computer using the obtained customer information for initializing an authentication of the payment, and, in an event the proof siginature is not valid, the computer provides an indication that the proof siginature was not valid.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method for verifying an anonymous payment by a defined party in a communication system providing a public key infrastructure. The method comprising the steps of (a) receiving a validation message from a merchant party, the validation message comprising a proof signature produced by a customer party and an encrypted payment message, the proof signature being derived from a customer secret key, a customer certificate, at least one customer attribute, and the encrypted payment message; (b) verifying the validity of the proof signature based on an issuing public key, a verification public key, and the encrypted payment message; (c) decrypting at least part of the encrypted payment message based on a verification secret key corresponding to the verification public key, thereby obtaining a customer information related to the at least one customer attribute. In the event of the validity of the proof signature (d) the obtained customer information is used for initializing the authorization of the payment.

30 Citations

View as Search Results

14 Claims

1. A computerized method for verifying an anonymous payment by a defined party in a communication system providing a public key infrastructure, the method comprising:
- receiving a validation message from a merchant party via an input port of a computer, the validation message comprising a proof signature produced by a customer party and an encrypted payment message, the proof signature being derived from a zero-knowledge proof
  
       1) of knowledge of a customer secret key, a customer certificate, and at least one customer attribute,
  
       2) that the encrypted payment message encrypts said customer attribute, and
  
       3) that said customer certificate is valid and is related to said customer secret key, thereby allowing said customer secret key, said customer certificate, and said at least one customer attribute to remain anonymous to said merchant party;
  
  verifying, by said computer, a validity of the proof signature based on an issuing public key, a verification public key, and the encrypted payment message;
  
  decrypting, by said computer, at least part of the encrypted payment message based on a verification secret key corresponding to the verification public key, thereby obtaining a customer information related to the at least one customer attribute; and
  
  in an event of the validity of the proof signature, the computer using the obtained customer information for initializing an authentication of the payment, and, in an event the proof siginature is not valid, the computer provides an indication that the proof siginature was not valid.
- View Dependent Claims (2, 3, 4, 5, 6, 13, 14)
- - 2. The method according to claim 1, wherein the encrypted payment message is derived from the at least one customer attribute and the verification public key.
  - 3. The method according to claim 1, wherein the encrypted payment message comprises multiple encrypted payment messages.
  - 4. The method according to claim 1, wherein the customer certificate comprises a certificate signature on a certificate message, the certificate signature being generated by an issuing party using an issuing secret key corresponding to the issuing public key, the certificate message being derived from a customer public key and the at least one customer attribute.
  - 5. The method according to claim 1, wherein the at least one customer attribute comprises a card number.
  - 6. The method according to claim 1, wherein the at least one customer attribute comprises an expiration date.
  - 13. The method of claim 1, wherein said defined person executing said verifying comprises a validation party and said authentication of the payment is executed by an issuing party and said validation party and said issuing party are isolated from said customer party and said merchant party, each of said validation party, said issuing party, said customer party, and said merchant party having respective secret keys and respective public keys.
  - 14. The method of claim 13, wherein said validation party and said issuing party comprise a combined entity.

7. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform a method for verifying an anonymous payment by a defined party in a communication system providing a public key infrastructure, the method comprising:
- receiving a validation message from a merchant party, the validation message comprising a proof signature produced by a customer party and an encrypted payment message, the proof signature being derived from a zero-knowledge proof
  
       1) of knowledge of a customer secret key, a customer certificate, and at least one customer attribute,
  
       2) that the encrypted payment message encrypts said customer attribute, and
  
       3) that said customer certificate is valid and is related to said customer secret key, thereby allowing said customer secret key, said customer certificate, and said at least one customer attribute to remain anonymous to said merchant party;
  
  verifying a validity of the proof signature based on an issuing public key, a verification public key, and the encrypted payment message;
  
  decrypting at least part of the encrypted payment message based on a verification secret key corresponding to the verification public key, thereby obtaining a customer information related to the at least one customer attribute; and
  
  in an event of the validity of the proof signature, using the obtained customer information for initializing the authentication of the payment, and, in an event the proof signature is not valid, providing an indication that the proof signature was not valid.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The program storage device according to claim 7, wherein the encrypted payment message is derived from the at least one customer attribute and the verification public key.
  - 9. The program storage device according to claim 7, wherein the encrypted payment message comprises multiple encrypted payment messages.
  - 10. The program storage device according to claim 7, wherein the customer certificate comprises a certificate signature on a certificate message, the certificate signature being generated by an issuing party using an issuing secret key corresponding to the issuing public key, the certificate message being derived from a customer public key and the at least one customer attribute.
  - 11. The program storage device according to claim 7, wherein the at least one customer attribute comprises a card number.
  - 12. The program storage device according to claim 7, wherein the at least one customer attribute comprises an expiration date.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Camenisch, Jan
Primary Examiner(s)
Fischer; Andrew J.
Assistant Examiner(s)
KUCAB, JAMIE R

Application Number

US10/448,098
Publication Number

US 20050010535A1
Time in Patent Office

2,084 Days
Field of Search

705/74, 705 50- 79, 713/180
US Class Current

705/74
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/027   involving a payment switch ...

G06Q 20/06   Private payment circuits, e...

G06Q 20/12   specially adapted for elect...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3829   involving key management

G06Q 20/383   Anonymous user system

G06Q 20/401   Transaction verification

G06Q 20/42   Confirmation, e.g. check or...

G07F 7/1016   Devices or methods for secu...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3263   involving certificates, e.g...

Anonymous payment with a verification possibility by a defined party

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

30 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Anonymous payment with a verification possibility by a defined party

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links