News Column

Patent Issued for Non-Transferable Anonymous Digital Receipts

August 5, 2014

By a News Reporter-Staff News Editor at Information Technology Newsweekly -- A patent by the inventors van Herrewegen, Elsie (Horgen, CH); Camenisch, Jan (Rueschlikon, CH), filed on September 12, 2012, was published online on July 22, 2014, according to news reporting originating from Alexandria, Virginia, by VerticalNews correspondents.

Patent number 8788828 is assigned to International Business Machines Corporation (Armonk, NY).

The following quote was obtained by the news editors from the background information supplied by the inventors: "Since the mid 1990s one of the most rapidly growing retail sectors is referred to as electronic commerce. Electronic commerce involves the use of the Internet and proprietary networks to facilitate business-to-business, consumer, and auction sales of everything imaginable, from computers and electronics to books, recordings, automobiles, and real estate. In such an environment consumer privacy is becoming a major concern.

"However, the mere fact that electronic commerce is conducted over an existing open network infrastructure such as the Internet runs counter to the privacy of the consumer. Often, there are legitimate reasons for a party to remain anonymous towards peers and outsiders.

"As the collection and exploitation of private information become more of a concern, users are less willing to give out information, and may want to conduct transactions under a pseudonym or anonymously. A user in such a pseudonymous or anonymous transaction may want a receipt of the transaction (e.g., receipt of a payment), which can be used at a later point in time. For example, the user may receive a receipt for a payment giving him access to certain information on the World Wide Web and the Internet, and may want to use that receipt at (a) later point(s) in time to get the information or to prove that a particular transaction took place, e.g., that the user made a payment. In a pseudonymous or anonymous system, where the user is making the transaction anonymously or under a pseudonym P, a `classical` digital receipt (e.g., a digital signature) would prove the pseudonym's P involvement in the transaction. However, such a receipt may be intercepted and used by anyone claiming to be the pseudonym P. Also, the user acting under pseudonym P may give the receipt away to his friends, enabling those friends to access the same information.

"There is a call for a method where a user in a pseudonymous or anonymous system is able to prove to be the legitimate owner of a transaction receipt, without revealing his/her real identity. In the course of this the user should be prevented from giving away his receipts to other parties, e.g., to his/her friends."

In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventors' summary information for this patent: "In accordance with the present invention, there is provided a method for generating an electronic receipt in a communication system providing a public key infrastructure, the method comprising the steps of receiving by a second party a request message from a first party, the request message comprising a transaction request and a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party, electronically signing at least part of the request message with the public key assigned to the second party to issue the electronic receipt, and providing the electronic receipt to the first party. In general, the signing with the second public key can be understood as a signing with the secret associated with the second public key.

"Further, there is provided a method for verifying the ownership of an electronic receipt in a communication system providing a public key infrastructure, the verification arising out of a series of messages being sent and received between a first party and a verifying party, the method comprising the steps of receiving a proof message from the first party, the proof message being derived from at least a first public key based on a secret owned by the first party and wherein the secret is associated with at least the secret of a further public key of the first party and an electronic receipt that has been issued by electronically signing at least part of a request message with a second public key, determining or examining whether or not the proof message was derived from the second public key.

"In general, the signing with the public key can be understood as a signing with the secret associated with said public key. The secret is usually called secret key.

"By applying the above methods a high level of security can be achieved. These assure that the secret key of the first public key is linked to the secret key(s) of the first party, also referred to as user. The linkage is such that the knowledge of one secret key will allow to learn at least some of the other secret keys. If some of these secret keys are valuable to the user, the linking discourages the user to give away his/her electronic receipt, e.g., to a friend. For instance, the secret key of the user could be bound or linked to a secret that gives access to a bank account. Also possible is that all secrets within the system are linked together. Then, for example, one friend has the possibility to completely impersonate the user. This is like to use someone's purse with all content, e.g., identity, credit cards, driving license, house keys etc.

"Further advantages of the above methods are: in a pseudonymous or anonymous transaction-based system, it is possible to remain anonymous/pseudonymous when showing electronic receipts, while securely proving ownership of the respective receipt. In addition, the receipts are non-transferable, i.e., the receipts are constructed in such a way that if the user wants to give away the receipt, he/she has to give away the secret which underlies all his/her pseudonymous transactions, and thus allows to impersonate him/her.

"Another advantage is that the methods for generating a receipt and for verifying the ownership of the receipt can be implemented in existing communication networks providing a public key infrastructure, such as the Internet.

"The methods are particularly useful in the case the receipt actually represents a license (e.g., a software license). By applying the methods it is almost impossible for the legitimate owner of the license, i.e., the user who received the license, to give away the license. From this point of view, the copyright and its application can be supported by the present invention.

"The methods in accordance with the present invention can be used in a communication system providing a public key infrastructure. That is a system of public key encryption and signature schemes using digital certificates from certificate authorities and other registration authorities that verify and authenticate the validity of each party involved in an electronic transaction. The certificate authority, also called 'Trusted Third Party', is an entity, typically a company, that issues digital certificates to other entities like organizations or individuals to allow them to prove their identity to others and to securely communicate. The certificate authority might be an external company that offers digital certificate services or it might be an internal organization such as a corporate MIS (Management Information System) department. The Certificate Authority's chief function is to verify the identity of entities and issue digital certificates attesting to that identity.

"In comparison, in a public key encryption scheme, each person gets a pair of keys, called the public key and the private key. Each person's public key is published while the private key is kept secret. Messages are encrypted using the intended recipient's public key and can only be decrypted using his private key. This mechanism can also be used for or in conjunction with a digital signature.

"The digital signature is formed by extra data appended to a message which identifies and authenticates the sender and message data using public-key encryption. The sender uses a one-way hash function to generate a hash-code of, for example, 160 bits from the message data. He then signs the hash-code with his private key. The receiver computes the hash-code from the data as well and verifies the received hash with the sender's public key.

"The need for sender and receiver to share secret information, e.g., keys, via some secure channel is eliminated, since all communications involve only public keys, and no private key is ever transmitted or shared. Public-key schemes can be used for authentication, confidentiality, integrity and non-repudiation. RSA is an example of a public-key cryptography system.

"The one-way hash function, also called 'message digest function', used for the digital signature is a function which takes a variable-length message and produces a fixed-length hash. Given the hash it is computationally impossible to find a message with that hash. In fact, one cannot determine any usable information about a message with that hash, not even a single bit. For some one-way hash functions it is also computationally impossible to determine two messages which produce the same hash. A one-way hash function can be private or public, just like an encryption function. A public one-way hash function can be used to speed up a public-key digital signature system. Rather than signing a long message which can take a long time, the one-way hash of the message is computed, and the hash is digitally signed.

"The methods in accordance with the present invention can be applied within a pseudonym system such as, for example, described by A. Lysanskaya et al. In H. Heys and C. Adams. Editors, Selected Areas in Cryptography, vol. 1758 of LNCS, Springer Verlag, 1999. For example, a party or server issuing the receipt is an organization, e.g., a certification authority, in the pseudonym system, and the user is one user in the pseudonym system. Issuing the receipt is achieved by issuing a `receipt` credential to the user. The properties of the pseudonym system assure that the following advantages can be realized. Showing the receipt is realized by anonymous proof of ownership of the `receipt` credential. Showing the receipt can even be made unlinkable to the original transaction, if no data are encoded in the receipt which make different showings linkable. The receipts distinguish oneself with non-transferability. If the user wants to transfer the receipt (e.g., to a friend), the user has to give away his/her secret key underlying all of his/her pseudonyms in the pseudonym system, and thus the friend has the power to impersonate him/her.

"In the dependent claims various modifications and improvements of the methods are contained."

URL and more information on this patent, see: van Herrewegen, Elsie; Camenisch, Jan. Non-Transferable Anonymous Digital Receipts. U.S. Patent Number 8788828, filed September 12, 2012, and published online on July 22, 2014. Patent URL:

Keywords for this news article include: Information Technology, International Business Machines Corporation, Information and Data Encoding and Encryption.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: Information Technology Newsweekly

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters