The present invention relates to a method for implementing electronic cash by exchanging digital information through utilization of an electronic cash system or smart cards and, more particularly, relates to an electronic cash implementing method which utilizes a trustee.
In the near future electronic cash will come into wider use and it is expected that people will use smart cards as electronic wallets storing electronic cash and make payments for their purchases by inserting the cards into computers of shops, or forward remittances via Internet or the like from home computers storing electronic cash just like bank accounts.
At any rate, it is desirable that electronic cash does not depend on any physical media or conditions so that information itself serves as electronic cash. With a method which guarantees electronic cash by physical means, the precondition for its security will greatly change with progress in fabrication techniques. Further, if always implemented in combination with a physical medium (a magnetic card or the like), electronic cash cannot be transferred over communication lines. The simplest way to transfer electronic cash as information is an electronic credit settlement (electronic credit or electronic check) system which utilizes an electronic signature scheme (described latter on). This method permits full electronification (computerization) of the entire system by using an electronic signature in place of a handwritten signature and enables information for settlements to be transferred through communication networks. However, this system cannot ensure user privacy; the same is true of prevailing credit card and check systems. That is, institutions which issue credit cards and handle users' settlement of accounts have easy access to their purchase histories, and shops can also easily get users' credit numbers and signatures.
A conventional system which permits transferring of electronic cash as information and protects user privacy is one that utilizes a blind signature scheme (described later on). This system is divided into two: (1) a system in which when receiving payment, the shop immediately transmits electronic cash to a bank for an on-line check, and (2) a system in which the shop makes a provisional check and afterward transmits electronic cash to the bank for normal checking. The check herein mentioned means that the shop inquires of the control center (a bank) if the customer's presented electronic cash has no monetary value because of double-spending and/or illicit use. In the system (1), since every shop needs to access the control center upon each receipt of payment, this system is not practical from the viewpoints of processing time or turnaround time (i.e. user's waiting time), communication costs, on-line processing costs at the control center and database maintenance costs, and so forth. Accordingly, the system (2) which permits off-line processing is preferable as an electronic cash system.
The following are conventional electronic cash systems which attach importance to user privacy and enable off-line processing.
(a) D. Chaum, A. Fiat and M. Naor, "Untraceable Electronic Cash," Advances in Cryptology-Crypto '88, Lecture Notes in Computer Science 403, pp.319-327, Springer-Verlag, Berlin (1988)
(b) T. Okamoto et al., "Disposable Zero-Knowledge Authentications and Their Applications to Untraceable electronic Cash," Advances in Cryptology-Crypto '89, Lecture Notes in Computer science 435, pp. 481-496, Springer-Verlag, Berlin (1989)
(c) T. Okamoto et al., "Universal electronic Cash," Advances in Cryptology-Crypto '91, Lecture Notes in Computer Science 576, pp. 324-337, Springer-Verlag, Berlin (1991)
(d) T. Okamoto, "An Efficient Divisible Electronic Cash Scheme," Advances in Cryptology-Crypto '95, Springer-Verlag, Berlin (1995)
The electronic cash systems, typified by references (a) to (d), above have common problems left unsolved as listed below.
1. Without violation of the rules for using electronic cash (the rules for system operation), it would be utterly impossible to trace back the route or flow of electronic cash. This incurs the possibility of crimes like money-laundering becoming rampant.
2. In the event that secrets of the electronic cash issuing institution leak out, no effective measures can be taken to dispel social unrest. For example, if a kidnapper should wrest the secrets of the electronic cash issuing institution, this could mean major trouble, coupled with the above-mentioned untraceability of electronic cash.
3. The amount of information of electronic cash is too large to store on smart cards or the like.