Abstract: A system and method for obtaining traceable anonymous digital cash from a bank using a trustee as a trusted third-party. A user establishes her identity with the trustee using a secret known by the user. The user transmits to the trustee information describing a blinded traceable digital coin. The user receives from the trustee a trustee token including a signature by the trustee on the blinded coin. The user transmits the blinded coin and the trustee token to a bank. The user receives a signature from the bank certifying the blinded coin. The user can then unblind the coin, and spend the coin at a merchant. The system and method support both tracing of the identity of a user from a coin, referred to as coin tracing, and generation of a list of all coins belonging to a given user, referred to as owner tracing. Both of these operations require very little computation and database access. To determine the identity of the user, the trustee can generate the list of coins associated with a user.

Abstract: A method of transmitting a message over a network from a sender to a receiver, comprises the steps of: taking a message (Coin) to be signed by the sender; signing the message into a digital signature (e, y) of the sender (steps 56,58), the digital signature being generated as a function of that message using public and secret signature generators (x, r) of the sender, a private key (s) of the sender, and other publicly known values (a, p, q); and transmitting the signed message over the network to the receiver (step 60); characterised in that: the message to be signed by the sender incorporates a first value (f(x)) which is a first predetermined function (such as a secure one-way hash function) of the sender's public signature generator (x) (step 48).

Abstract: A system and method to allow gold to circulate as digital cash through the global computer network (Internet) and/or private communication networks, in both hardwired and wireless systems, much like cash currently circulates in the physical world. A computer system is structured to allow the system user who is attached to the network to transfer digital data values based on gold units of account to or from a portable electronic device, such as a smartcard, and to or from other system users having compatible electronic devices. The sum total of all circulating digital data values will equal the weight of all the gold held for safekeeping at the storage site(s) for the users of the bank. The ownership of the electronic gold values is not transferred by a computer system executing debits and credits between individual accounts, but instead by individuals directly transferring the digital data values amongst themselves (as is done in cash transactions, i.e., without double-entry bookkeeping).

Abstract: A method for changing a user password is preferably operative as a Web server impersonates a Web client to obtain access to files stored in a distributed file system space of a distributed computing environment. The method begins in response to receipt of a Web transaction request from the Web client to determine whether the user's password has expired. If so, the method suspends processing of the Web transaction request and then enters a password change subprogram to enable the user to define a new password. Typically, the password change subprogram displays a password change dialog that interacts with the user. Upon definition of the new password by the user, the mechanism resumes processing of the original Web transaction request. Alternatively, the user may be prompted to terminate the original transaction request and select a new URL and/or document.

Abstract: A user registers a user public key PKU as a pseudonym at a trustee or issuer and obtains an signature for the pseudonym as a license. The sends the pseudonym, PKU identification information IdU and the amount of withdrawal x to the issuer institution. The issuer increments a balance counter of the pseudonym by x, then generates an issuer signature SKI(PKU, x) with a secret key SKI, and sends the issuer signature as an electronic cash to the user. The user verifies the validity of the issuer signature with a public key SKI, and if valid, increments an electronic cash balance counter Balance by x. At the time of payment, user sends the public key PKU and the license to a shop, and the shop verifies the validity of the license, and if valid, sends a challenge to the user. The user attaches a signature to the challenge with user secret key SKU, then sends it to the shop together with the amount due y, and decrements the electronic cash balance counter by y.

Abstract: A electronic monetary system comprising a mobile communication unit as an electronic wallet for transactions including electronic payments, money transfer, and recharging the electronic account.

Abstract: A collecting agency supplies a collecting agency name and a money bag number to a service providing terminal. In response to dealing requests from user terminals, the service providing terminal sends, to the user terminals, information which contains the collecting agency name (Id) and the money bag number (Gb) supplied from the collecting agency. The user terminals generate digital signatures containing the received request information, affix the generated signatures to electronic tickets to be used, and send the electronic tickets with the signatures to the service providing terminal. The service providing terminal, which has received the used electronic tickets, collects those electronic tickets which include the same money bag number supplied from the collecting agency into a group (a money bag), and sends the group of electronic tickets to the collecting agency.

Abstract: A self-contained payment system uses circulating digital vouchers for the transfer of value. The system creates and transfers digital vouchers. A digital voucher has an identifying element and a dynamic log. The identifying element includes information such as the transferable value, a serial number and a digital signature. The dynamic log records the movement of the voucher through the system and accordingly grows over time. This allows the system operator to not only reconcile the vouchers before redeeming them, but also to recreate the history of movement of a voucher should an irregularity like a duplicate voucher be detected. These vouchers are used within a self-contained system including a large number of remote devices which are linked to a central system. The central system can be linked to an external system. The external system, as well as the remote devices, are connected to the central system by any one or a combination of networks.

Abstract: The invention provides techniques for implementing secure transactions using an instrument referred to as "executable digital cash." In an illustrative embodiment, a first user generates a piece of digital cash representing an offer made by that user. The piece of digital cash includes a digital certificate authorizing the first user to make specified transfers, and an offer program characterizing the offer. The piece of digital cash is broadcast or otherwise transmitted to one or more additional users, utilizing a mobile agent or other suitable mechanism, such that a given one of these users can evaluate the offer using the offer program. For example, a second user could execute the offer program with a specific bid as an input to determine what that user would receive upon acceptance of his bid.

Abstract: A method for an issuer party to issue DSA-like secret-key certificates that can be blinded only restrictively. The method includes the step of generating a secret key (x.sub.0,y) and a public key (descr(G.sub.q), g, h.sub.0, g.sub.1, descr((.cndot.))), wherein q is a prime number, Gq is a group of order q, in which computing discrete logarithms is substantially infeasible, but in which multiplication, determination of equivalence of elements and generation of substantially random numbers is relatively easy, descr(G.sub.q) is a description of G.sub.q including q, descr((.cndot.)) is the description of a hash-function (.cndot.) for which computing inverses is substantially infeasible, x.sub.0, and y are elements of the ring, of integers modulo q, g is an element of order q in the group, G.sub.q, h.sub.o is equal to g.sup.x.sbsp.0 ; and g.sub.1 is equal to g.sup.y. The method further includes the step of issuing to a receiver party a secret-key certificate (r,a) in on a public key h in G.sub.

Abstract: A system and method for performing an electronic transaction, including registration, audit and trusted recovery features. A transaction request message is received from a registered user that includes an unblinded validated certificate, and a blinded unvalidated certificate. If the unblinded validated certificate is determined to be legitimate, then a transaction can be performed, and the blinded unvalidated certificate is validated to obtain a blinded, validated certificate that is sent to the user. An audit protocol can be used to further verify the legitimacy of the transaction request message, and a user can recover from a broken connection by replaying a protocol run.

Abstract: A number of fault-tolerant methods for purchasing digital goods with a digital token over a network in which the token's value resides either with a customer or a merchant are disclosed. One version of the method comprises the steps of establishing a price with a merchant for a digital good. A merchant-signed invoice and the digital good in encrypted form are then sent from the merchant to the customer. The invoice is signed with the customer's signature to produce a countersigned invoice. The countersigned invoice, a token (which can be an anonymous token), and identifying information for the token are sent from the customer to the merchant. The countersigned invoice, the token, and the identifying information are sent from the merchant for verification. The token is verified with the identifying information and the other information in the countersigned purchase order is checked.

Abstract: Disclosed is a system for notifying a user of account activity, such as a withdrawal from a savings or checking account. A computer system maintains information on financial accounts and electronic user contact information for at least one of the financial accounts, such as a telephone number, e-mail address or pager number. Information on a transaction with respect to one of the financial accounts is received and processed. The computer system then processes the information on the transaction and generates an electronic message providing information on the transaction. The user contact information for the financial account involved in the transaction is processed. The message is then electronically transmitted to the location identified by the user contact information for the financial account.

Abstract: A cryptographic method is disclosed that enables the issuer in a secret-key certificate issuing protocol to issue triples consisting of a secret key, a corresponding public key, and a secret-key certificate of the issuer on the public key, in such a way that receiving parties can blind the public key and the certificate, but cannot blind a predetermined non-trivial predicate of the secret key even when executions of the issuing protocol are performed in parallel.