This invention relates to improved methods and apparatus for electronic commerce.
In many electronic commerce systems a representation of coins is kept by a user such as payers and merchants. The users may keep on a computer or other electronic device a plurality of secrets and signatures, one for each unspent coin. The merchant and a bank may keep a plurality of signatures, one for each spent coin. However, this type of electronic commerce system is difficult to implement using inexpensive devices since it requires the user""s (payer or merchant) device to have a substantial amount of memory to store the secrets and signatures.
It is an object of the present invention to provide a system for electronic commerce that reduces the amount of data needed to be stored on a user computer or electronic device. In one embodiment of the present invention a bank processor stores information corresponding to coins or funds and the user device (such as a payer or merchant processor) needs to only store a single secret seed and one or more counters needed to access the data stored in the bank""s memory. The user""s device can be a smart card since only a minimal amount of data needs to be stored on the user""s device. A xe2x80x9csmart cardxe2x80x9d in this application is defined as special purpose computer or electronics hardware that only runs one computer program, in contrast to personal computers (PCs) which run any program that is loaded on to the computer. This implementation avoids the threat of computer virus attacks since a smart card is far less susceptible to such attacks. This implementation also allows pre-paid smart cards to be used by not requiring a link to the identity of the smart card owner.
The bank processor of the present invention may hold disposable anonymous accounts in a bank memory. When a coin is spent, the corresponding account is deleted from the bank""s memory and a new account is created. This completes a payment from a payer processor to a merchant processor. The new account is the merchant""s account.
In one embodiment an apparatus or system is provided comprising a bank processor, a payer processor, and a merchant processor. Each can be connected to each other by communications links. Each processor may be connected to an associated electronics memory device. The payer memory may have stored therein a payer secret seed and a payer counter. The merchant memory may have stored therein a merchant secret seed and a merchant counter. The payer processor may compute a first payer secret key and a corresponding first payer public key by using the payer secret seed and the payer counter. The merchant processor may compute a first merchant secret key and a corresponding first merchant public key by using the merchant secret seed and the merchant counter. The merchant processor may send the first merchant public key to the payer processor and the payer processor may compute a signature on the first merchant public key. The signature, first merchant public key, and first payer public key may be sent to the bank processor which would check the bank memory to determine if the first payer public key is stored there and determine if the signature is a valid signature. The bank processor may cancel the account corresponding to the first payer public key from the bank memory and store a new account in the bank memory corresponding to the first merchant public key, if the signature is valid and if an account corresponding to the first payer public key was previously stored in the bank memory.
A method in accordance with an embodiment of the present invention offers users computational (but not revocable) privacy, and protects against the so-called xe2x80x9cbank robberyxe2x80x9d attack. The method provides so-called xe2x80x9cchain privacyxe2x80x9d in that the bank processor will not be able to correlate the identity of users to payments that are in between the initial deposit into an account and the final withdrawal from an account.