The present invention relates to document transfer systems and in particular relates to such systems involving cryptographic protocols enabling a document to be obtained by a consumer upon payment to the owner of the document.
It would be desirable for the protocol to have strong fairness properties, i.e. a guarantee that, at the end of the protocol, either both the owner and the consumer receive payment and the document respectively, or neither party receives anything useful.
There is a substantial body of work on fair exchange and cryptographic services which use this primitive. For protocols requiring fairness in the absence of third parties, the definition of fairness is necessarily probabilistic, and such protocols are usually based on the gradual release of secrets. The following documents describe recent work on practical proposals for fair exchange which use a third party with varying trust assumptions:
(a) Matthew K. Franklin and Michael K. Reiter, Fair Exchange with a Semi-Trusted Third Party, Proceedings of the 4th ACM Conference on Computer and Communications Security, 1997; this document describes a fair exchange protocol with a semi-trusted third party with trust assumptions similar to those used in the present invention. The third party in this case, however, is online even if the parties follow the protocol faithfully;
(b) U.S. Pat. No. 5,666,420 entitled xe2x80x9cSimultaneous Electronic Transactionsxe2x80x9d in the name of Silvio Micali describes an optimistic protocol for certified electronic mail with sleeping post offices;
(c) N. Asokan, M. Schunter and M. Waidner, Optimistic Protocols for Fair Exchange, Proceedings of the 4th ACM Conference on Computer and Communications Security, 1997; this document describes a practical optimistic protocol for fair exchange. However, this protocol increases the trust requirements on the third party in the event of a dispute resolution being required. In particular, the third party inspects the contents of a message containing the item being exchanged while resolving disputes. In addition, the described protocol family has a synchronous time model which may not be suitable for certain applications.
In accordance with a second aspect of the present invention there is provided a cryptographic method of enabling a consumer to obtain a document from an owner upon a payment.
The first and third portions of a key are preferably different.
The method may be arranged for enabling a said consumer to receive a plurality of such documents, wherein said key is divided into different respective sets of portions for each document.
The document source is preferably a printer.
In the preferred embodiment, the ordering protocol is carried out in the presence of a mediator with minimal trust assumptions. The protocol is optimistic, in that the mediator remains off-line except in the case of dispute resolution. In addition, the mediator does not learn any information about the document, even in the event of a dispute.
In accordance with a third aspect of the present invention there is provided a document source for use in one of the above-described methods.
In accordance with a fourth aspect of the present invention, there is provided a document source.
The document source is preferably a printer which is advantageously arranged to print a number of copies of a said document in each of a plurality of formats.
The printer may be arranged to print only one copy of a said document in a first format and an unlimited number of copies of said document in a second format.
The formats may comprise different resolutions or a choice of monochrome and colour images.
In accordance with a fifth aspect of the present invention, there is provided a fair exchange method of enabling a consumer to obtain a document from an owner upon a payment.
In accordance with a sixth aspect of the present invention there is provided a cryptographic method of enabling a first party to obtain an item of value from a second party upon receipt by said second party of a second item of value.
In accordance with a seventh aspect of the present invention there is provided a fair exchange method of enabling a contract between a buyer and a seller of a commodity.