Recent advances in the field of cryptography have made possible the secure and privacy-protected transfer of digital information over insecure, open communication channels such as the global computer network known as the "Internet", by using public key encryption technologies.
Public key encryption methods have been developed for use in electronic cash. In one such method known as the RSA algorithm, encryption and decryption are accomplished by two mathematical equations which are related as inverses of each other. These equations are the private key, used by the issuing financial institution to digitally sign, or certify, a note, and the related public key, used by the recipient to determine and verify the existence of a valid signature on the note. Such protocols are known in the art and are described for example in Chaum, U.S. Pat. No. 4,759,063, the disclosure of which is hereby incorporated by reference.
In addition to such digital signature methods for certifying a digital note, a blind signature protocol has been developed so that the certifying financial institution cannot determine the note which it has certified, allowing the user to maintain his privacy. In such systems the user "blinds" the note he submits to the financial institution for its digital signature, the financial institution applies its digital signature to certify the note, and the user then unblinds the note and uses it to make a payment to a payee. A blind signature system is described in Chaum, U.S. Pat. No. 4,759,063 which has been incorporated by reference, and is in commercial use by DigiCash b.v. of the Netherlands.
In order to prevent a user from spending the note more than once, methods have been developed for testing the note to determine if it has already been spent. In one such system, if a note is spent twice, the identity of the user is revealed. Such a system is more suitable for lower value payments and is disclosed for example in Chaum, U.S. Pat. No. 4,914,698. For higher value payments, the payee will verify the status of the received note with the issuing financial institution, which will keep a database of issued and spent notes.
In still other methods, notes may be generated that can have plural currency values (like a wallet containing $10, $5, and $1 bills) or which can have a variable value as portions of the note are spent. Such methods are disclosed in Chaum, U.S. Pat. No. 4,949,380, which is hereby incorporated by reference.
In summary, such public key signature systems allow an issuing financial institution to digitally sign an electronic note with its secret key such that the user, and the ultimate payee, can verify the authenticity of the note and the ability to make payment. The blinding protocol protects the user's privacy by preventing the financial institution from tracing a note subsequently presented to it for payment as cash.
In such systems, the electronic note signed by the issuing financial institution is denominated in a national currency. In my prior copending application Ser. No. 08/465,430, which is hereby incorporated by reference, I have described the problems associated with payment systems based on national currencies and the problems associated with common banking practices.
A particular problem is the payment risk now inherent in existing payment mechanisms, and the problem of "float." Payment risk arises in conventional banking systems where a financial institution accepts deposits, then in turn loans out that money to others. This is known as "fractional banking," in that the financial institution only keeps on hand a fraction of the actual assets it is holding for the account of its depositors. If the financial institution fails due to bad loans or fraud, the financial institution lacks sufficient assets to pay off its depositors. This practice has lead to significant losses in connection with financial institution failures such as at the Herstatt Bank in Germany and the BCCI scandal. A related payment risk arises due to the fluctuating value of national currencies due to inflation and currency exchange rate variations dependent on the economy of the nation issuing the currency. Thus, there is a risk incurred by accepting national currencies.
"Float" is the amount of time a payee must wait for a transaction to be processed. This is considered an expense because of the unavailability of finds, which represents opportunity costs. In order to eliminate these payment risks and float, my invention disclosed in my copending parent application uses an asset (like gold) instead of a liability (national currency) for settling payments in a book-entry accounting system.
However, situations exist in which using a book-entry system for payments may be inexpedient or disadvantageous. In many cases, the payer and/or payee in a transaction may not want to be identified with a specific payment, preferring instead to remain anonymous. Currently, paper cash and metal coins provide such privacy in a transaction. Electronic cash also provides such privacy, although the payee can make himself known to the issuing financial institution as the recipient of anonymous funds when he redeems an electronic note for cash or other payment.
Also, smaller payments (generally considered to be amounts of less than U.S. $10) may be uneconomical to process through a book-entry system, because double-entry bookkeeping generally involves relating particular credits and debits to particular accounts, i.e., correctly identifying the payer and the payee with each transaction and the amounts involved. The cost of knowing the identities of customers is high if it requires human operators to verify this information.
Accordingly, it would be desirable to provide a system that provides anonymity to one or more parties in a payment transaction, and provides the advantages of elimination of payment risk as described and claimed in my prior parent application.