This invention relates to electronic transactions or transfers using an electronic representation of a commodity. The term “commodity” is used broadly herein to refer to anything which may be used in a transaction, including, but not limited to, items of value and money. The invention is especially suitable for use in financial transactions, but it is not limited exclusively to such use. The invention is also especially suitable for use over a public communication network, such as the Internet, but again the invention is not limited to such use.
With electronic money systems, there are a number of problem areas, as follows:
SECURITY—To prevent fraudulent interference with transactions involving the money. This is particularly important for transactions over public communication systems, such as over the Internet, or by electronic mail, where the electronic message necessarily passes through a number of different computer systems, and is vulnerable to copying by thieves. Security is also needed to prevent the same electronic money from being spent twice.
AUTHENTICATION—So that users of the electronic money can verify, without needing to contact the bank or other money issuer, that the electronic money they receive is valid (i.e. not forged), has not been “spent” already, and will be honored by the bank or other electronic money issuer.
ANONYMITY—To assure users of the electronic money that the transactions and transfers in which they are involved will, if desired, remain confidential, in the same manner as cash transactions, and will not be tracked by banks or other bodies who might be interested in users' spending habits. Further, neither current users nor new users should have to provide any personal information which might reveal their true identity to the bank or to any other electronic money handling or regulating authority.
AUDITABILITY—To reassure the bank or the money issuer that electronic money which they receive for redemption did, in fact, originate from that bank and has not been issued by some other issuer or possibly forged with the aid of confidential bank information.
DIVISIBILITY—To enable a user of the electronic money to spend a portion of the money, or to obtain change as part of the transaction. It would also be desirable to accommodate fractions of a denomination of money, and to facilitate money transfers from one currency to another without concerns over denomination. Similarly, it would be desirable to accommodate consolidation of electronic “change”.
NON-AFFILIATION—To permit a user to possess, receive and spend the electronic money without the need to be registered with, or have an account with, a particular bank or other electronic money issuer. Further, the user should preferably not have to provide any third party with any personal information from which the person's identity could be ascertained, or which would need to be updated if the person were to move residence, or to get married, for example.
TRANFERABLE—To enable the electronic money to be transferred to anyone independently of the type of transaction or transfer, and regardless of whether the parties are commercial bodies or private individuals.
INDEPENDENCE—To enable electronic money to be spent and received independently of the location of the parties to the transaction. For example, the parties may be in the same physical location, or they may be in completely different locations.
OFF-LINE PAYMENT—To enable the electronic money to be transferred without needing to simultaneously contact the bank at the time of transfer.
NON-LIABILITY—Particularly when communicating over a public communication system, there are occasions when communication is interrupted, or a message is not confirmed as having been received, or a computer system crashes. In such a situation, it may be impossible to establish whether an instructed electronic money transaction or transfer has taken place. In other situations, data representing the electronic money might be lost. It is desirable that an electronic money user be able to repeat the same transaction, or make “back-up” copies of the electronic money, without increasing the liability of the user and the bank.
One example of a known electronic money system is “e-cash”. In that system, electronic coins of fixed denomination are represented by serial numbers. When the serial numbers are transmitted to a third party, they can be redeemed at an issuing bank. However, with such a system, it is difficult for a person receiving money to verify, without contacting the issuing bank, that the money has not previously been doubly spent (either accidentally, or deliberately). The money is only authenticated by the bank when the receiver of the money attempts to redeem it at the bank. Furthermore the system does not provide divisibility of the electronic money, since the denominations of the coins are fixed.
U.S. Pat. No. 5,511,121 describes a system which allows a bank to detect the double spending of an electronic coin when the coin is redeemed twice, by using a El Gamal signature function. However, such a system relies on the identity of the user being derivable from the user's key, which necessitates the user being registered with a central authority. Furthermore, the system does not enable a receiver of the electronic coins the ability to verify that the coins are valid before the receiver accepts the coins as payment; it merely enables the detection of double spending when the same coin is redeemed at the bank by two or more users. Furthermore, if a communication involving the electronic money needs to be repeated or modified, there is risk that the double signatures which result will yield the identity of the spender, and possibly create an embarrassing situation in which the spender may be accused of fraudulently spending the coin twice.
Reference is also made to “NetCash: A design for practical electronic currency on the Internet”, by G. Medvinsky and C. Neuman, Proceedings of the First ACM Conference and Communications Security, November 1993. This article proposes a framework for supporting real-time anonymous electronic payments using electronic coins sealed with the private signature key of an issuing authority. The coins can be transferred on-line or off-line, and exchanged for electronic checks. However, such coins may be difficult to verify as valid currency without contacting the money issuing authority, and there is no facility for division or consolidation.
Reference is also made to EP-A-0139313 which describes a method of transforming or “blinding” a message to be signed into a form which obscures the content of the message for signature, but which retains the signature relationship when transformed back to the original message, even though the result is not readily associated with the transformed message.
The present invention has been devised bearing the above problem areas in mind.