CN1187258A - Trusted agents for open distribution of electronic money - Google Patents

Trusted agents for open distribution of electronic money Download PDF

Info

Publication number
CN1187258A
CN1187258A CN96194584A CN96194584A CN1187258A CN 1187258 A CN1187258 A CN 1187258A CN 96194584 A CN96194584 A CN 96194584A CN 96194584 A CN96194584 A CN 96194584A CN 1187258 A CN1187258 A CN 1187258A
Authority
CN
China
Prior art keywords
trusted agents
businessman
client
currency
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN96194584A
Other languages
Chinese (zh)
Inventor
肖龙·S·罗森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Citibank NA
Original Assignee
Citibank NA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Citibank NA filed Critical Citibank NA
Priority to CN96194584A priority Critical patent/CN1187258A/en
Publication of CN1187258A publication Critical patent/CN1187258A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A system for the open distribution of electronic money is provided having a customer trusted agent associated with a first money module, a merchant trusted agent that establishes a first cryptographically secure session with the customer trusted agent and associated with a second money module. Where the money modules establish a second cryptographically secure session. The customer trusted agent provides electronic money purchase or sale information and an account credential to the merchant trusted agent, and the merchant trusted agent provides a receipt ticket to the customer trusted agent. The merchant trusted agent accesses an authorization network and initiates an authorization process using information from the electronic money purchase or sale information and the account credential. Upon receiving authorization, the merchant trusted agent initiates a transfer of electronic money from the second money module to the first money module in the case of a purchase, or initiates a transfer of electronic money from the first money module to the second money module in the case of a sale.

Description

The trusted agents of the open distribution of electronic money
Technical field
The present invention relates to a kind of system of being convenient to the electronic money distribution.Especially, the tamperproof electronic unit that this system will be called " credit proxy machine " utilizes with the currency module, creates a kind of safe trading environment, and in this environment, the client can utilize credit card or debit card voucher to buy and sell electronic money from the businessman.
Background technology
Numerous electronic fare payment systems is just under development, to adapt to increasing of electronic trade.I common pending U.S. Patent Application 07/794,112 (proposition on November 15th, 1991) and 08/427,287 (proposition on March 21 nineteen ninety-five) in a kind of method of E-Payment has been described, the content of its announcement is incorporated herein, with for referencial use.These applications disclosed a kind of electronic money payment as an alternative medium realize electronic-monetary system that cash, check, credit card, debit card and EFT (Electronic Funds Transfer) are exchanged.The system of especially described description uses the currency module that is encapsulated in the tamperproof box, with storage and metastatic electron bill.Currency module payment can be between the currency module (for example being included between the currency module in currency module and the point-of-sale terminals that is included in the businessman in client's " the electronics leather wallet ") in real time, the off line payment, also can be the online payment of network service (for example information retrieval and phone) or purchase plane ticket, opera ticket etc.
In my common pending U.S. Patent Application 08/234,461 (proposition on April 28th, 1994), described trusted agents discussed here comprehensively, the content of its announcement has been incorporated herein, with for referencial use.This application has been described the system that a kind of safety that can carry out real-time anonymous payment or authority to pay is paid electronic goods.This system can make client and businessman feel safe, and they are interesting to this service.
Cash can obtain from bank and businessman usually.Electronic money as cash, needs and can obtain all sidedly, generally to be accepted.How the present invention makes the distribution of electronic money easily by being connected to the businessman of payment authorization network if describing trusted agents.This distribution transaction can be local or be realized away from the businessman, has improved the point of departure outside the bank network widely.And the dissemination system that is disclosed can exchange different monetary units.For example can obtain dollar from sterling.
My electronic-monetary system application 09/794,112 has disclosed how cash is changed into electronic money, and vice versa.Because cash can be distributed, so this transaction can part realize teller or ATM place.If ATM or point of sale terminal are modified into the enforcement electronic money, and terminal can guarantee the security of concluding the business, then can also the local implementation electronic money.If the invention describes long-range and handle electronic money safely by the businessman, and need not be such as special-purpose terminal such as ATM or POS terminal.For the client, utilize trusted agents to guarantee the security of transaction.The special-purpose terminal that does not need client's the unknown, these terminals may have Trojan Horse to be handled in order to electronic money that obtains the client or the bank that the maintains secrecy inlet information of obtaining him.
Summary of the invention
The object of the present invention is to provide a kind of security system of utilizing trusted agents, to carry out the distribution of electronic money by businessman or the bank that is connected to the payment authorization network.
It is a kind of long-range and buy and sell the system of electronic money safely from the businessman that another object of the present invention is to provide, and do not need special-purpose terminal.
Another purpose of the present invention is to provide a kind of system, and this system can make the businessman satisfy the demand of client to electronic money, even the businessman does not have electronic money at first.
Another purpose of the present invention is to increase the distribution of electronic money and does not need a large amount of banks to join in this electronic-monetary system.
In the present invention, a kind of open system of electronic money is provided, it have client's trusted agents, related with client's trusted agents, with its businessman's trusted agents of first encryption safe dialogue of the first currency module, foundation and client's trusted agents of communication safely, and related with businessman's trusted agents, with it can the second-cash module of communication safely.The first and second currency modules are set up the dialogue of second encryption safe.Client's trusted agents provides electronic money to buy information and the account proves to businessman's trusted agents, and businessman's trusted agents provides the receipts ticket to described client's trusted agents.Businessman's trusted agents enters authorisation network, and the information of utilizing electronic money to buy information and account's proof is carried out authorisation process.In case authorized, businessman's trusted agents just begins to transmit electronic money from second-cash module to the first currency module.
In the currency module that is associated with it, businessman's trusted agents does not have under the situation of enough funds, and its is attempted from related transaction system or has account's bank and be the mode electron gain currency of electron gain currency electronic money supplier's the bank from this businessman.The structure of described system and agreement support that also the client sells electronic money to the businessman, it to deposit in the transaction similar.
Summary of drawings
With reference to following accompanying drawing the present invention is described in more detail, wherein:
Fig. 1 is credit proxy machine/interactional synoptic diagram of currency module.
Fig. 2 shows section and the field that various tickets are signed.
Fig. 3 shows the building block of transaction system.
Fig. 4 A-4D shows the function building block of credit proxy machine.
Fig. 5 is the network structure of the open distribution of electronic money.
Fig. 6 A shows entrustment agreement.
Fig. 6 B shows terminate agreement.
Fig. 7 A-7G shows the mandate of electronic money agreement and buys/sell.
Fig. 8 A-8E shows and sets up session protocol.
Fig. 9 shows the transmission messaging protocol.
Figure 10 shows the Inspection Certificate agreement.
Figure 11 shows the abort transactoin agreement.
Figure 12 A-12E shows currency module payment arrangement.
Figure 13 shows the various message encryption layers that are based upon between credit proxy machine agreement and the currency module.
Agreement during Figure 14 A-14E shows the currency module and sets up.
Figure 15 shows and sends the route messages agreement.
Figure 16 shows and sends the MM/TA messaging protocol.
Figure 17 shows and sends the TA/MM messaging protocol.
Figure 18 A-18B shows the abort transactoin agreement of currency module.
Figure 19 shows and sends E route messages agreement.
Figure 20 A-20B shows the trading instruments agreement.
Figure 21 shows the entrustment agreement of currency module.
Embodiments of the present invention
Described in my common pending U.S. Patent Application 08/234,461, trusted agents is made up of hardware and software.It is a tamperproof, includes security protocol, and this security protocol makes secure payment and pays synchronously with the currency module.The currency module is to store and to transmit the anti-tamper device of electronic money.Electronic money is preferable with the form of electronic bill, and it is the sign of currency or credit.The currency module can also be set up the encryption safe communication session with other device.The transaction currency module of describing in my the common pending U.S. Patent Application 07/794,112 and 08/427,287 has been used in preferred embodiment of the present invention.
When on network, buying, trusted agents exchange electronic goods and payment.In the present invention, as shown in Figure 1, businessman's trusted agents 4 (MTA) sends receipt to client's trusted agents 2 (CTA).When the client sold electronic money, client's currency module 6 sent electronic money as answer by CTA2 and MTA4 to businessman's currency module 6.If the client buys electronic money, then electronic money is gone into business the stream of people to the client.
Ticket
Referring to Fig. 1 and Fig. 2, ticket 8 is electron terms that MTA4 creates, and passes to CTA2 at trading time period.Ticket can be regarded as the property of trusted agents.Its CTA2 has received that just the client of ticket 8 only uses this ticket when Transaction Success is finished.
Described in 08/234,461 application, the trusted agents support is used for the various fare ticket type types of multiple purpose.Yet the present invention the most important thing is that certificate ticket and electronic money buy the reception ticket.Certificate ticket identification " holder " allows special privilege.The example of certificate ticket comprises credit card and debit card.Credit card or debit card can show when authority to pay.The detailed content (dealing electronic money) of client's receipts ticket identification distribution transaction, the client can use when dispute takes place.
Fig. 2 shows a preferred embodiment of ticket 8, and wherein this ticket 8 is made up of six main sections: identifier 10, constituent element 12, issuer signature 14, issuer proof 16, transmission historical 18 and sender sign 20.Each section also comprises the various information that contain field.
Identifier section 10 has field 22, and its contained information can be discerned businessman or the authorities of creating this ticket.Reproducible the businessman who holds from the invoice person or the authorities' proof to this category information, the full name of businessman or authorities for example.Field 22 also comprises the cut-off date of businessman or authorities' proof.Field 24 comprises the identification number that receives trusted agents.Field 24 also comprises the cut-off date of receiving mark side's trusted agents proof.The type (for example, credit or debit card, receipts ticket etc.) of field 26 expression tickets.
Constituent element section 12 comprises the substance of ticket, and it is according to the type of ticket and specific purposes thereof and difference.Fig. 2 shows the constituent element that exists in the dissimilar tickets.
Bank's id field 36 that can have expression certificate holder bank such as the certificate ticket of credit card or debit card; Account number field 38; Begin effective date field 40; Cut-off date field 42 and customer name field 44.
Electronic money is bought the receipts ticket and can be had: the expression client proves bank's id field 46 of the bank of identification; The account number field 38 of the account number that identifies in the expression client proof; The expression transaction is the type of transaction field 50 that electronic money is bought or sold; Warrant quantity field 52; Send or quantities received field 54; The businessman is taken field 56 and trade date field 58.The amount that warrant quantity equals to receive adds that businessman's expense or the traffic volume of buying transaction deduct businessman's expense of selling.
The issuer signature section 14 of ticket 8 has been preserved the digital signature that is formed by the ticket founder, and it is on identifier and constituent element section 10,12.The private key that this signature utilization belongs to the issuer trusted agents carries out.Issuer proof section 16 has comprised by the third-party proof of trust, and trust third party (below be called " trusted agents mechanism ") is used for proving ticket 8 authenticities of granting with the issuer signature.This proving with certificate form belongs to the issuer trusted agents.The proof and the general use of digital signature are known, at safety (the John Wiley﹠amp of the computer network of for example D.W.Daies and W.L.Price; Sons, 1984) in description is arranged.
Transmit historical section 18 and include when after businessman or authorities initially provide ticket 8 information that produces when ticket transmits between trusted agents.Recipient's id field 28 comprises the identifier that receives trusted agents.Sender's id field comprises the identifier that sends trusted agents.The sender proves that field 32 comprises sender's trusted agents and proves.Date field 34 comprises the date and time that transmits ticket 8.When transmitting later on, other recipient and sender ID, sender's proof and date and time add on each field, thereby create out the transmission historical information.Trusted agents ID in the recipient's field that can notice at identification section should be identical with first ID in sender's id field.
In addition, no matter when ticket 8 transmits between trusted agents, and the sender carries out digital signature to ticket with the private key that belongs to sender's trusted agents on the first five ticket section.Upgrade sender's section 20 of signing then, add the digital signature of new establishment, thereby form sender's signature form.
Transaction system
With reference to Fig. 3, trusted agents 120 is installed in the transaction system 122.For businessman and client, transaction system 122 all is made up of three critical pieces.Primary processor 124, trusted agents 120 and currency module 6 are arranged.For example, with bus 126 these parts are connected.When trusted agents 120 was MTA2, device 122 was called as businessman's transaction system (MTD).When trusted agents 120 was CTA4, device 122 was called as client trading device (CTD).
Fig. 3 shows the functional part of primary processor 124.Primary processor provides following function: communication 128, transaction application 130, people/machine interface 132, date 136 and information manager 134.
The communication that communication function 128 is supported between the transaction system 122 and the external world.As long as the communication of CTD2 and MTD4 is compatible, this communication can be wired or wireless, broadband or arrowband.Communication function 128 connects between two transaction systems 122, perhaps a transaction system is linked to each other with a network, to be connected to another transaction system or trust server indirectly.
Transaction application 130 can be finished various tasks.For example, transaction application can be chosen businessman's network with minimum businessman's transaction fee and/or best exchange rate in the electronic money bargain transaction.Usually, transaction system 122 comprises the program of all selections, purchase (and may use the electronics object), electronic money, proof and other ticket 8, perhaps comprises the process of selling same article.
People/machine interface function 132 provides the vision of transaction system 122 and sensation.It can comprise keyboard, mouse, pen, sound, touch-screen, icon and menu etc.People/machine interface function is by other function communication in information manager 134 and trusted agents 120 and the currency module 6.In some applications, for example in fully automatic businessman's transaction system, people/machine interface 132 is optional.
Date time function 136 is set by the holder of transaction system 12, and comprises date, time and time zone.No matter when enable trusted agents, all date information is delivered to by the trusted agents 120 of interior dress.
Information manager 134 is the Information Selection route between inner master processor information (being the information between the transaction system) and primary processor 124, trusted agents 120 and the currency module 6.
Trusted agents
Fig. 4 A shows the functional part of trusted agents 120.Be that open ec system considers to use three types trusted agents 120, certain special trade device function 146 that the difference of this trusted agents of three types is that they provide is different.Fig. 4 B shows the trade device function among the CTA2.Fig. 4 C shows the trade device function among the MTA4.In showing, Fig. 4 D is contained in the trade device function among the voting trust agency (ATA) in the authorized transactions device (ATD).ATD is with relevant such as authorities that issue licence such as banks.
External interface function 138 provide with primary processor 124 and transaction system 122 in the direct communication of currency module 6, trusted agents 120 promptly is installed in the transaction system 122.Information interface function 140 is handled between proxy machine and the information in the proxy machine also is that it selects route.The dialogue to trust server of dialogue between proxy machine and proxy machine is set up and cut off to dialog manager function 124.Security manager function 144 preservation security information (for example trusted agents proof and non-trusted agents inventory) also (by primary processor 124) are set up safe communication contact with the local currency module in the same transaction system 122.Trade device function 146 provides agreement to conclude the business.Client trading device, businessman's trade device and authorized transactions device are respectively applied for CTA, MTA and ATA.
Fig. 4 B shows client trading device function.Buy the payment of 158 pairs of tickets 8 of function and electronics object exchange.Provide interface with the middle primary processor 124 of transaction system to host function 160.Pass ticket function 164 and submit ticket 8 with acquired information or service.Obtain proof function 166 and carry out reciprocation to receive the proof ticket.The record that transaction record function 162 is preserved the trusted agents transaction.CTA2 and MTA4 have preserved the transaction record book, have stored following message in the minute book: type of transaction (for example, fare ticket type type); The image of ticket before the transaction; The image of transaction back ticket; The dispute information that comprises dispute date (preserving), state and businessman decision (for example, replacement is returned and refused) as each trusted agents in the both parties in dispute; And prove information (for example, date of certification) more again.If the client is dissatisfied, starting dispute function 168 can be submitted electronic goods.
Fig. 4 C shows businessman's trading function.Buy the payment of 170 pairs of tickets 8 of function and electronics object exchange.To host function 172 provide with transaction system in the interface of primary processor 124.Receive ticket function 176 and handle the ticket of receiving 8, so that service or information to be provided.Obtaining proof function 177 acquisition businessman proves.Transaction record function 174 is preserved the record of trusted agents transaction.The function of resolving a dispute 178 receives ticket 8 or electronics object, to solve client's complaint.
Fig. 4 D shows authorized transactions device function.Create proof function 180 constructive proof tickets, and it is submitted to the requestor.To host function 182 provide with transaction system in the interface of primary processor 124.Receive ticket function 184 and handle the ticket 8 that receives, so that service or information to be provided.The function 186 that proof is come into force is again regained used proof, and new granting of laying equal stress on has the proof of new cut-off date.Transaction record book function 183 is preserved transaction record.Obtain proof function 185 proof of obtaining the authorization.
Refer again to Fig. 4 A, communicate by letter with currency module 6 in the same transaction system 122 to currency function 150, to pay.Encryption function 152 provides the encryption function of public keys and symmetric key.For example any known public keys such as RSA and DES and the encryption technology of symmetric key can be used.Storage ticket device function 148 is created ticket 8 in MTA4, perhaps storage and retrieval ticket 8 in CTA2.Randomizer function 156 produces random number, in order to produce encryption key.The date and time that 154 management of date function are sent from primary processor 124, thus be that ticket 8 is determined the dates and make proof and submit ticket to come into force.The clock information of all inciting somebody to action at that time when at every turn opening trusted agents (promptly signatory use) is delivered to trusted agents 120, preserves this information up to closing trusted agents.
Trusted agents/currency module hardware can be made up of following: the microcontroller (for example Intel196 series) of carrying out trade agreement; The term of execution storage operating system, application program part, key etc. high-speed volatile memory (for example SRAM); The nonvolatile memory (for example flash memory) of storage operating system, application program, ticket, electronic money minute book etc.; The integrated circuit clock of time reference is provided; The battery of time; And the noise diode or other stochastic source that are used for randomizer.
System survey
Fig. 5 shows the general networking structure of the required system of the open distribution of open electronic money.Client trading device 188 can be communicated by letter with the businessman by arbitrary gateway network 190.The client can search for businessman's Cyberspace with dealing electronic money, the businessman that option dealing takes and/or exchange rate is minimum.This system provides safe buying and selling based on the electronic money of authorizing by credit card or debit card.This can realize by following manner, and promptly the client's credit card or debit card information that will be stored in the trusted agents 120 are submitted as proof.
In preferred embodiment, gateway 190 provides the inlet that enters the local businessman's network 134 that is connected to MTD198.Businessman's network 134 is connected to merchant bank's network 200, as my application 07/794 of awaiting the reply jointly, described in 112, it has by currency generator module 202, cashier's currency module 204 and provides the banking system 206 of the banking on-line system of accounts to enter the inlet of electronic money.
Credit card or debit card proof are handled, authorized with the information or the clearing that obtain the customer bank account by authorisation network 208.It is well-known in the present technique field that card is authorized, and generally comprises that card is sent out issuer or its proxy machine of mandate specific payment when enough funds or the amount of money are in card holder limited credit.Authorisation network is also charged to clients' accounts when for example refunding.Authorisation network 208 is connected to customer bank network 200, and customer bank network 200 is connected to the banking system 206 of the bank account that contains the client.
This structure can make the client's who is not electronic-monetary system member bank purchaser obtain to enter into the inlet of electronic money by the businessman with member bank's inlet.This system architecture can make the user from many point of departures dealing electronic money, from purchaser's viewpoint, extracts electronic money or deposits electronic money in to their bank account as the bank account from them.
Shall also be noted that electronic-monetary system bank also provides above-mentioned distribution services by MTD198.Certainly, will no longer need businessman's network 134 in this case.Bank network 200 will be connected to currency generator module 202, cashier's currency module 204, banking system 206, MTD198, authorisation network 208 and gateway network 190 simply.Others, transaction are identical.
Process flow diagram
Below the process flow diagram shown in each figure use label " A " and " B " to represent two mutual trusted agents 120.Identical label A and B also can be applicable to the primary processor 124 or the currency module 6 (that is, in same transaction system 122) of relevant a certain specific trusted agents 120.Process flow diagram shows the functional part of tentatively being responsible for finishing the task of giving.For example security manager A is meant with the function 144 (seeing Fig. 4 A) of security manager among the trusted agents A and finishes described task.
Process flow diagram also calls the subroutine of some operation parameter label X and Y.For example, setting up dialogue A → B is to setting up calling of dialogue subroutine.Then, set up conversation process figure and next should in whole flow process, think X=A and Y=B.
End and trust
In the process of exchange of required type, wish between both sides, to transmit such as electronic item and electronic bills such as tickets 8, keep zero-sum game simultaneously.In other words, do not wish to duplicate electronic item, cause when finishing electronic transaction, have the preceding many projects of transaction that double.Equally, do not wish to lose electronic item, cause the transaction back project more preceding to be lacked than transaction.For example, if in when beginning transaction, A has electronic ticket 8 and wishes and sends it to B, wishes so when closing the transaction, and B has electronic ticket 8 and A does not have electronic ticket 8.But in reality, may have two other results, promptly A and B have same electronic ticket 8 (duplicate), and perhaps A and B do not have electronic ticket 8 (losing).
For can ignore duplicate or lose may, trade agreement must consider that nature or subjective incident can interrupt the possibility of vanilla transaction flow process.Naturally the example of Zhong Duaning has, and has blocked communication link between A and the B at trading time period.To reduce the caused possibility of duplicating or losing of this class random occurrence as far as possible, must reduce producing the chance of duplicating or losing.To interrupt (promptly significantly destroying) in order reducing deliberately as far as possible, to wish the Economic Stimulus of avoiding this class to destroy.For example, if the saboteur by attempt to interrupt transaction can only lose ticket and or/currency, the saboteur will not have first motivation that begins to destroy so.
Effective trade agreement of described system has embodied these notions.Especially, wish between two trusted agents of concluding the business 120 (perhaps the currency module 6), to guarantee that termination is consistent with commission status.For example, if A entrusts a transaction, B also should entrust this transaction so; Perhaps, if the A abort transactoin, B also should end this transaction so.In order to obtain consistent and to reduce the possibility (in inconsistent incident) of duplicating or losing as far as possible, trade agreement should consider that A and B entrust the order and the time of a given transaction.
Fig. 6 shows two subroutines, ends and entrust subroutine.When transaction is in the failure, end subroutine given trusted agents 120 inner execution.Withdraw from and end subroutine or make trusted agents 120 turn back to it to relate to the preceding residing state of failed transactions.In addition, if businessman's trusted agents is ended after authorizing, then authorizing will be oppositely.On the contrary, when transaction is in when completing successfully, carry out consignment trades in that a given trusted agents 120 is inner.Thus, trusted agents 120 in its transaction record book, and prepares to carry out new transaction with the transaction record finished.For example, the trading time period transmitting ticket is sent to trusted agents B with electronic ticket 8 from trusted agents A.Because this moment, A and B did not also entrust or abort transactoin, so A temporarily preserves ticket 8, and B also temporarily has ticket 8.If A and B entrust, A will delete its ticket 8 so, and B will no longer be temporary transient to the keeping of ticket 8.But if A and B end, A will preserve its ticket 8 so, and the ticket 8 of the temporary transient keeping of B is deleted because of withdrawing from transaction.Notice that deletion action can be finished with variety of way well known in the prior art.As previously mentioned, wish the possibility that another trusted agents 120 was ended when reduce a trusted agents 120 as far as possible entrusted, because under some condition of limited, this can cause duplicating or lose electronic item.
For currency module 6 exchange electronic bills, there is similar situation.During purchase transaction, electronic bill is sent to currency module B from the currency modules A, thereby A temporarily reduces its electronic bill (having reduced the amount that is transmitted), and B temporarily has electronic bill (having the amount that is transmitted).If A and B entrust, A will preserve the bill after quantity reduces so, and B will no longer be temporary transient to the keeping of bill.
Fig. 6 A shows the trust subroutine.Transaction record X upgrades transaction record.Finish to main frame X notice host transaction.Dialog manager X notes end-of-dialogue.(step 230-234).
Fig. 6 B shows the termination subroutine.Dialog manager X recovers former variation, and writes down suspended agency.Dialog manager keeps following the tracks of the thing of having been done since beginning of conversation, and recovers these steps when returning.The message of trading suspension is sent to main frame (step 236-238) to main frame X.
For example, when trusted agents 120 judges that proof is invalid, can from process flow diagram, directly call the termination subroutine.Also can when anticipatory behavior not taking place, call the termination subroutine.Especially, when two trusted agents 120 during just in communication, they will monitor expiring of agreement all the time.For example, after first trusted agents 120 sends to second trusted agents 120 with a message, answer if desired, the dialog manager of first trusted agents (A) will be set a timer for answering.Dialog manager also can be to sending out message numbering.This numbering will appear in the answer message from second trusted agents (B) dialog manager.
If before receiving message, timer then, whether dialog manager A is inquiry session manager B so, still carry out in B to determine transaction.If B does not answer, dialog manager A is with abort transactoin so.If receive the ongoing answer of transaction, so timer be reset to the new time.If A has inquired pre-determined number to B and has not received answer to origination message that A is with abort transactoin so.There is similar out-of-date function in the currency module.
The buying/sell of electronic money
Fig. 7 shows the process flow diagram of buying/sell electronic money based on mandate.When the owner of trusted agents A wants that its bank account is bought or he can use the transaction application programs in its CTD188 when selling electronic money by charging to, do shopping on businessman's network 134 with minimum businessman's transaction fee and/or exchange rate, in this example, it has selected the businessman owner (step 700-702) of trusted agents B.Can notice that on the other hand, authorisation network can be provided with the exchange rate.
Host transaction application A (HTA) is connected to host transaction application program B (HTB), and electronic money (step 704) is promptly bought or sold to the customer selecting type of transaction thereon.HTA sends the message of buying (selling) electronic money to its trusted agents A, and HTB sends message to its trusted agents B, to send (reception) electronic money (step 706-708).
Client and businessman's trusted agents (A and B) is as U. S. application 08/234, the 461 described foundation dialogue of awaiting the reply jointly.Especially, call establishment dialogue subroutine is to set up the secure communication channel of encrypting between trusted agents A and trusted agents B.With reference to Fig. 8, the dialog manager request of trusted agents A receives the proof (i.e. proof (TA)) (step 296-298) of A then from security manager.Dialog manager A sends proof (TA) to the dialog manager of trusted agents B, and then the dialog manager of trusted agents B is delivered to proof its security manager (step 300-304) always.
The public keys functional utilization of trusted agents B proves (TA) (step 306-308) such as the affirmation protocol verifications of discussing in await the reply jointly U. S. application 08/234,461 and 08/427,287 such as agreement.
If proof (TA) is invalid, then dialog manager B writes down end-of-dialogue, and notification dialog manager A transaction is rejected.Dialog manager A also writes down this end-of-dialogue.(step 310-312).If proof (TA) is effective, then dialog manager B checks that trusted agents A is whether in the faithlessness tabulation (step 314-316).If trusted agents A is bad repute, end-of-dialogue (step 310-312) then.
If A is not on the faithlessness table, then randomizer B produces random number R (B), and a B efficient message (step 318).Random number R (B) will be used to form session key at last.The B efficient message is the random number that B is used for protecting message-replay.Then, security manager B is combined into R (B), B efficient message and proof (TA) message (step 320) of trusted agents A.Public keys B utilizes the public keys (TA (PK)) of the trusted agents A that trusted agents B receives with the proof (TA) of A that this message is encrypted (step 322).Dialog manager B sends encrypted message to the dialog manager (step 324-326) of A.
Public keys A utilizes its private key (corresponding to its public keys) that this message is decrypted, and examines the validity (step 328-330) of proof (TA).If proof (TA) is invalid, then dialog manager A writes down end-of-dialogue, and the transaction refuse information is sent to B, and the dialog manager of B is also write down end-of-dialogue (step 332-334).If proof (TA) is effective, then dialog manager A checks that trusted agents B is whether in the faithlessness tabulation (step 336-338).If trusted agents B on this table, end-of-dialogue (step 332-334) then.
If in the faithlessness tabulation, then tandom number generator A does not produce random number R (A) and A efficient message (for example another random number) (step 340) to B.The date function sends current date and time to security manager (step 342).Exchange date and time and being lastly recorded on their transaction record book when A and B entrust.Security manager A then forms and storage session key (TA/TA) (step 344) by XOR random number R (A) and R (B).Session key (TA/TA) is used to encrypt the communication between two trusted agents 120.Dialog manager A handle contains A and B efficient message, date information and R (A) are combined into a message (step 344).Public keys A encrypts this message with the public keys (A receives) of trust server B in proof (TA), encrypted message is sent to the dialog manager (step 346-350) of trust server B.
Public keys B utilizes its privacy key (corresponding to its public keys) that the message that receives is decrypted (step 352).Security manager B checks that whether the B efficient message that receives from A sends the B efficient message identical (step 354-356) of A to the front.If difference, then end-of-dialogue (step 310-312).If identical, then dialog manager B writes down beginning of conversation (step 358).
Security manager B forms session key (TA/TA) (step 360) with R (A) XOR R (B).At this moment, A and B produce, and have stored identical session key (being session key (TA/TA)) so that use during their present interactions.Then, date B its current date and time information send to security manager B (step 362).Security manager B combination has the date information (step 364) of the message, A efficient message and the B that receive A.Call the transmission supervisory routine then, send this message (step 366) to A from B.
With reference to Fig. 9, the symmetric key functional utilization session key (TA/TA) of trusted agents B is encrypted (step 376) to this message.Message interface B then formats this message, and it is sent to the message manager (step 378) of host-processor.Main frame message manager B then by with the host-processor of trusted agents A in main frame message manager A to carry out communication be that this message is selected route (step 380).The main frame message manager then sends to this message the message interface of trusted agents A, isolates this message (step 382-384).Symmetric key A is decrypted this message with session key (TA/TA), thereby utilizes session key (TA/TA) to finish the safety communication (step 386) of message between trusted agents and the trusted agents.
Refer again to Fig. 8, security manager A receives this date information (step 368) of receiving affirmation, A efficient message and B.Security manager A checks that whether the A efficient message sends the A efficient message identical (step 370-372) of B to the A front.If different, security manager A end dialog (step 332-334) then.If identical, then dialog manager A writes down beginning of conversation (step 374).
Refer again to Fig. 7, described the same as U. S. application 08/234,461, after having set up dialogue, the trusted agents request also checks that the businessman of trusted agents B proves.Especially with reference to Figure 10, call Inspection Certificate subroutine (step 712).All MTD198 contain the proof of discerning owner/businessman (for example NYNEX, Ticketon etc.).This businessman's proof can be that the businessman who is for example controlled by trusted agents identifies that authorities provide.On the other hand, CTD188 client's proof of preserving can comprise driving license that various evaluation authorities provide or credit card etc.With reference to Figure 10, buy A and send message to the B that buys of trusted agents B, the request businessman proves (step 444-448).Ticket holder B takes out its businessman and proves, and this proof is sent to A to confirm (step 450-456).
The ticket 8 of proof or other type can followingly be confirmed:
1) the checking issuer proves, and checks the issuer signature.
2) verification at every turn transfer-coupling receiver and sender's identifier (be S 0=issuer, R 0=the first recipient, then R i=S I+1, i 〉=0).
3) verify each sender's proof, check each sender's signature.
4) whether the identifier of investigating last recipient is consistent with the identifier (TA (id)) of proof (TA) of trusted agents in the current dialogue.
If the businessman proves invalid, then by calling abort transactoin subroutine abort transactoin (step 458).With reference to Figure 11, credit proxy machine A ends (step 388), and its dialog manager sends message to the dialog manager of trusted agents B, notice B, and A ends (step 390-394).Trusted agents B ends then.Return with reference to Figure 10,, then send proof information to the host transaction application program to host A, to confirm (for example, by CTD holder visual confirmation merchant name) (step 460-462) if businessman's proof is effective.
With reference to figure 7, continue the purchase/sale flow process of electronic money again.Wish the electronic money amount of money buying or sell and monetary unit thereof (for example dollar, unit, sterling etc.) (714 step) to the host A request.Client or agent process enter by the information of buying the A reception and send to trusted agents B (716-718 step).
Buy B and receive message and check whether receive electronic money (720-722 step).If so message is sent to trusted agents A, request bank's credit voucher (750-752 step).Paper money possessor A receives message and possible voucher inventory is sent to HTA (754 step).Select a voucher and will select decision to send to trusted agents A (756 step).Then, paper money possessor A retrieves selected credit card voucher, buys A and sends it to trusted agents B (758-762 step).
Then, buy B and examine aforesaid voucher (764-766 step).If voucher is invalid, so abort transactoin.If voucher is effectively, paper money possessor B produces an electronic money and buys the receipts ticket so, and purchase B will receive ticket and send to trusted agents A (768-772 step).
Buying A receives and receives ticket and whether effectively to check (774-776 step).If invalid, abort transactoin (778 step) so.If effectively, buy A so and will receive ticket information and send to HTA, as buying affirmation (780-782 step).If unconfirmed, abort transactoin so.Otherwise purchase A will receive ticket and send to paper money possessor A (784-786 step).
Then, buy A and will receive that the message of ticket sends to trusted agents B (788-790 step).Buy B and check whether receive electronic money (792-794 step).If, the amount of money and voucher message being sent to credit card authorisation network 208 to host B so, the bank account that voucher is assert carries out credit (796 step).Then be credit card approval procedure (798 step), buy B and check that whether credit card is through checking and approving (800-802 step).If not, abort transactoin sends to trusted agents A (804-806 step) with credit through the message of checking and approving otherwise buy B.
Then, be that trusted agents A carries out the payment of currency module to trusted agents B described in 08/234461 the application as Application No..Specifically, request currency module payment subroutine (808 step).With reference to Figure 12, randomizer A produces random number R (1) (520 step).Then, buy A the message of representing to make " payment of currency module " and comprise R (1) is issued trusted agents B (522-524 step).Buying B receives message and R (1) is issued security manager B (526-528 step).Randomizer B produces random number R (2) and issues trusted agents A (530-532 step).The two forms session key (TA/MM) (534-536 step) with R (1) XOR R (2) security manager A and B.
With reference to Figure 13, four encrypted tunnels setting up at trading time period shown in the figure.Encrypted tunnel 436 between two trusted agents 120 transmits the message that session keys (TA/TA) are encrypted.Passage 438 between trusted agents 120 and its currency module 6 and 440 is shared session key (TA/MM).Passage 442 in the different transaction systems 122 between the currency module adopts session key (MM/MM).
Session key (TA/MM) is used for encrypting through the message that encrypted tunnel 438 and 440 sends between trusted agents 120 and its associated monetary module 6.In this point of process flow diagram, only there are two trusted agents 120 that session key (TA/MM) is arranged.These two currency modules 6 form the duplicate of session key (TA/MM) in the back of process flow diagram, thereby can carry out coded communication between trusted agents 120 and their currency module 6.
Attention: different with currency module 6 with the trusted agents 120 that is presented as discrete anti-tamper parts, they can make an anti-tamper module.In this case, need be in identical transaction system 122 not setting up security dialogues between trusted agents 120 and the currency module 6 communicates by letter.Yet discrete currency module 6 and trusted agents 120 preferably adopt the structure with bigger application flexibility.
Again back with reference to Figure 12, the message of " making payment " is issued its relevant currency modules A with R (1) to the currency modules A.In addition, the message that " receives payment " to currency module B handle is issued its relevant currency module B (538-544 step) with R (2).
In this step, currency modules A (in CTA2) and currency module B (in MTA4) set up dialogue between them, thereby make each currency module 6 cleaning keep new session key (MM/MM) (546 step).Setting up this currency module to the dialogue of currency module, the currency module exchanges messages by the dialogue of the trusted agents of prior existence.With reference to Figure 13, the message by encrypt interchange channel 436 forms encrypted tunnel 442 session keys.After setting up currency module dialogue, with session key (MM/MM) and session key (TA/TA) the two, along the part communication path between the trusted agents 120, to the message superencipher that transmits between the currency module.
In preferred embodiment, set up the dialogue of currency module in the similar mode of setting up the trusted agents dialogue.Therefore, currency module 6 is held its oneself certificate, comprises public keys.The exchange of certificate and random number (being used for XOR) can be created session key (MM/MM) safely.In Application No. is 08/427287 application, described the currency module used set up session protocol, as shown in figure 14.Keep security A the module certificate is issued dialog manager, dialog manager A acceptance certificate also checks whether the currency modules A is connected to network (1464-1466 step).If the currency modules A is not connected to network, dialog manager A is issuing terminal point B from the certificate of keeping security A reception so.
On the other hand, if the currency modules A is connected to network, symmetric key A encrypts certificate with K so, and dialog manager A issues the webserver (1468-1472 step) with the certificate of encrypting.The webserver is issued terminal point B with K to the certificate deciphering and with certificate.
No matter whether certificate is by still being sent by dialog manager A of sending of server, dialog manager B acceptance certificate, keep security B (if B is a security server, this function is carried out by dialog manager so) and examine certificate (1480-1482 step).If certificate is invalid, dialog manager B writes down and stops dialogue and notify the purchaser or bank's (1486-1492 step) (if B is a security server, B only writes down and stops transaction so) so.
If certificate is effectively, keeps security B so and check that A is whether on bad id table (1494-1496 step).If A on table, stops dialogue so.If A is not on table, randomizer B produces random number R (B) and B verification message (1498 step) so.Clock/timer B retrieval time and date (1500 step).Clock/timer B is assembled into a message (1502 step) to R (B), B verification message and time and date.Public keys B uses the public keys of A to message encryption, and dialog manager B adds the certificate of B encrypting messages to and message is issued A (1504-1506 step).
Dialog manager A receives message, and public keys A keeps the certificate (1508-1514 step) that security A examines B to the encryption section deciphering of message.If certificate is that effectively dialog manager A writes down termination of a session and notifies the purchaser or bank's (1516-1522 step) so.If certificate is effectively, keeps security A so and check that B is whether on bad id table (1524-1526 step).If B on table, stops dialogue so.If B not on table, keep so security A retrieval date and time and with the date and time of B relatively (1528-1530 step).If date and time goes beyond the scope, stop dialogue so.
If date and time is within scope, randomizer A produces random number R (A) and A verification message (1532 step) so.Then, keep security A and form session key (1534 step) by R (A) XOR R (B) computing.A verification message, B verification message, time, date and R (A) are assembled into a message also use the public-key encryption of B (1536 step).By dialog manager A message is sent to B (1538 step).Dialog manager B receives message, and public keys B keeps security B and checks B verification message (1540-1546 step) decrypt messages.If the B verification message is incorrect, stop dialogue.If the B verification message is correct, keeps security B so and form session key (1548 step) by R (A) XOR R (B).Retrieval time and date and with the time and date of A relatively, check that they are whether in predetermined scope (1550 step).If time and date goes beyond the scope, stop dialogue so.If time and date is within scope, dialog manager B writes down beginning of conversation (1552 step) so.
Then, dialog manager B will receive with the A verification message and issue A (1554-1556 step).Dialog manager A receives message, keeps security A and checks A verification message (1558-1562 step).If verification message is incorrect, stop dialogue.If verification message is correct, dialog manager A writes down beginning of conversation (1564 step) so.
Security about the total system of currency module can combine with the security of trusted agents 120, provides but be preferably separately, with the security of enhanced system and the dirigibility of system.
Back with reference to Figure 12, the currency modules A is issued currency module B with R (1) again.This function can be kept security A application start (548 step) by the MM that resides in the currency modules A.This application and other currency module application are begun by indication MM, in the U.S. Patent application 07/794112 of indication usually and U.S. Patent application 08/234461 disclosed any improvement and/or increase in be described.
Send route messages by subroutine random number R (1) is sent to currency module B (550 step) from the currency modules A.With reference to Figure 15, MM symmetric key A encrypts (640 step) with session key (MM/MM) to message (comprising R (1)).MM dialog manager A sends to main frame message manager A with message, and it sends to message the message interface A (642-646 step) of trusted agents A again.Then, trusted agents A utilizes the transmission message subroutine that message is sent to message interface B (648 step), and message interface B uses session key (TA/TA) to message encryption between trusted agents and deciphering.Then, message interface B sends to MM dialog manager B (650-654 step) among the currency module B through main frame message manager B with message.At last, MM symmetric key B uses session key (MM/MM) to decrypt messages (656 step).
With reference to Figure 12, MM keeps the XOR formation session key (TA/MM) of security B (in currency module B) by R (1) and R (2) again.Then, currency module B sends to the currency modules A with R (2), and the currency modules A also forms session key (TA/MM) (552-556 step) by the XOR of R (1) and R (2).With reference to Figure 13,, there are three session keys: (MM/MM), (MM/TA) and (TA/TA) in this one-level.Therefore, four encrypted tunnels shown here.
With reference to Figure 12, MM is to the payment (for example, dollar, unit, sterling etc.) (558 step) of purchaser A prompting trusted agents A bill type.Currency module described in U.S. Patent application incorporated by reference here 07/794112 is taken to purchaser's application program usually and communicates by letter with the possessor/possessor of currency module.Yet, as employed in this case, communicate by letter with trusted agents 120 to purchaser's application program, obtain various instructions.Here, trusted agents 120 sends payment and bill type information (trusted agents A communicated by letter with possessor/possessor of CTD2 in the past, determined payment).
By sending the MM/TA message subroutine, the prompting of currency module 6 is sent to trusted agents 120 (560 step).With reference to Figure 16, MM symmetric key A uses session key (TA/MM) to message encryption (658 step).MM dialog manager A sends to message by main frame message manager A the message interface (660-664 step) of trusted agents A.Symmetric key A uses session key (TA/MM) to decrypt messages (666 step).Back with reference to Figure 12, the purchase A of trusted agents A sends to the amount of money (prices of selected commodity) of bill type the MM payment/exchange A (562-566 step) of currency modules A.This message sends (564 step) by sending the TA/MM message subroutine.With reference to Figure 17, symmetric key A uses session key (TA/MM) to message encryption (668 step).Message interface A sends to message by main frame message manager A the MM dialog manager (670-674 step) of currency modules A.At last, MM symmetric key A uses session key (TA/MM) to decrypt messages (676 step).
With reference to Figure 12, MM bill directory A checks whether currency module 6 has enough fund obligation payments (568-570 step).If fund is inadequate, currency modules A and B abort transactoin (572-582 step) so.
MM abort transactoin agreement (582 step) can be that describe and a preferable electronic-monetary system shown in Figure 180 in the U.S. Patent application 08/427287.Dialog manager X reduces variation again and writes down transaction by termination (1726 step).Then, dialog manager X checks whether the message of " preparing to entrust " sends (1728-1730 step).If, shifting the amount of money that receives ticket identifier and each bill during the bill agreement by being recorded in to send prepare to entrust to entrust X after the message and to be recorded in so, X upgrades its transaction record.Therefore, when calling the termination subroutine during the trust subroutine that losing efficacy, the terminate agreement recorded information.
If X is transaction currency module 1186 and sends and prepare to entrust message, notify its purchaser to conclude the business to be ended and may have money transfers mistake (1734-1738 step) to purchaser X so.
If X is cashier's currency module 1188, should reverse its transaction for account (by the suitable goods of borrowing) (1740-1742 step) to X notifying bank of bank so.If X is transaction currency module 1186 and does not send and prepare to entrust message, notify the purchaser to conclude the business to purchaser X so and ended (1744 step).
In any situation, dialog manager X sends the message (1746-1748 step) that can not finish transaction to Y.Dialog manager Y reduces its variation again and writes down transaction by termination (1750 step).Y notifies its purchaser to conclude the business and is reversed its transaction for account (1756-1758 step) by termination (1752-1754 step) or notifying bank then.
As described,, may lose bill if during entrustment agreement, interrupt transaction.If take place, the person of being moved will end the conversion of bill and transferrer will be made trust to the transfer of bill.In this case, the person's of being moved currency module records should receive the information of bill and notify the purchaser to have potential problems (promptly not receiving the bill that A sends).Attention: in this case, with regard to transferrer currency module, it shifts bill rightly.
Then, the person's of being moved currency module purchaser can make the claim of currency to certifying authority.Claim information should comprise the record of the transaction of losing efficacy.Whether certifying authority can be checked with the bank of issue so, see and bill is regulated.After after a while, if also bill is not regulated, the purchaser can claim damages its currency again.
Again with reference to Figure 12, by sending E route messages subroutine, send the message between currency modules A and the currency module B, the route messages subroutine is utilized all three session keys (MM/MM), (TA/MM) and (TA/TA).With reference to Figure 19, MM symmetric key A uses session key (MM/MM) to message encryption (678 step).Then, before sending to trusted agents A, message message is carried out double-encryption with session key (MM/TA).In case when receiving, message is decrypted (680 step) with session key (MM/TA) by trusted agents A.Then, message interface A sends to message interface B (682-684 step) with message.Between trusted agents 120, (TA/TA) carries out double-encryption to message with session key.In a similar fashion, message interface B sends to MM symmetric key B with message, does last deciphering (686-690 step).Figure 13 illustrates each encryption layer.
With reference to Figure 12, during currency modules A and B termination program (582 step), they produce message, send to its trusted agents A and B (584-586 step) respectively, notify their abort transactoins again, and therefore payment is unsuccessful.It is unsuccessful that dialog manager A and B write down payment, so trusted agents A and B termination (588-598 step).
On the other hand, if client's currency module 2 has enough funds, payment/exchange A will be included in the currency module (600 step) that the message of the amount of currency that shifts in the payment and bill type is given businessman so.This message sends (602 step) by sending E route subroutine.
Currency module B receives the message that comprises payment according to the currency modules A.Then, MM sends a prompting to trusted agents B to purchaser B, examines this payment (604-606 step).So the purchase B among the trusted agents B examines the amount of money whether correct (608-610 step).If correct, trusted agents B sends to currency module B with " amount of money is correct " message so.If incorrect, send " amount of money is incorrect " message (612-616 step) so.In the situation of " amount of money is incorrect " message, currency module B notice currency modules A, currency modules A ask its trusted agents to resend the new amount of money or termination (618-622,572-582 step) again.In the currency module payment of making during electronic goods is bought, trusted agents will not send the new amount of money, and therefore two currency modules 6 and two trusted agents 120 will be ended.
On the other hand, if currency module B receives " amount of money the is correct " message from its trusted agents, currency module B turns back to acknowledgment message client's currency module (624-626 step) so.When MM payment/exchange A received acknowledgment message, it passed to currency holder A (the electronics sign that application comprises and Manages Currency) (628 step) with the amount of money so.
Attention: the payer of Miao Shuing began agreement and can be used as in the POS payment arrangement payee and begin payment and replace carrying out just now.In this agreement, the payment that the trusted agents of businessman instructs its expectation of its currency module to receive sends to client's currency module with this payment information, and this module points out its trusted agents to examine, if the amount of money is correct, client's trusted agents is notified its currency module so.
With reference to Figure 12, client's currency modules A is transferred to the electronic bill of fixing amount by E route messages path the currency module 4 (630 step) of businessman again.Figure 20 illustrates the transfer bill agreement described in the U.S. Patent application 08/427287.Bill catalogue X selects the bill and the value of transfer, and the renewed bill amount of money and serial number are issued message bill (1566 step) then.For example, in selecting the transfer bill, possible purpose can be: (1) makes the number of digital signature reduce to minimum (this needs the processing time); (2) make the size of packet reduce to minimum; (3) make the validity of leaving the electronic bill that shifts the purchaser for reach maximum (that is, before expiration, transmitting bill) with the shortest time that stays.Can realize these purposes by following bill branching algorithm: (1) determines to comprise all possible alternatives of minimum bill number; (2) determine which alternatives has minimum transfer number; (3), select to have a kind of of minimum monetary unit fate if from step 2, stay more than one selection.Monetary unit fate=be transferred the surplus value * preceding remaining fate of bill expiration of bill, to all bills summations in the packet.
According to the message that receives from bill catalogue X, bill X produces and once is added to each and is transferred transfer (1568 step) on the bill.Public keys X produces the signature (1570 step) of bill.Then, packet manager X collects its new transfer in bill and the packet and signature, and packet is sent to Y (1572-1574 step).Packet manager Y receives packet and dis-assembling (1576 step).
Examining Y makes all certificates (for example, currency generator certificate and all certificate of transfers) in the bill effective.Then, examining Y is complementary to the module identification number of the certificate in the identification number in the transfer group and signature and the certificate group on electronic bill history and examines.In addition, by guaranteeing at the amount of money that in each shifts successively, is shifted on the electronic bill history, make the consistency of the transfer amount of money of each bill effective less than the preceding amount of money that once shifts.In addition, check the total charge that shifts, assurance is the amount of money of estimating (1578-1580 step).If invalid, abort transactoin so.
If effectively, Y is the transaction currency module, examines Y so the expiry date of bill is examined (1584-1588 step).If any bill expires, so abort transactoin.If bill is expiration not, examine each id (1590-1592 step) that Y shifts according to bad id table look-up bill so.If the id of any transfer on bad id table, abort transactoin so.
If the id (perhaps Y is not the transaction currency module) not on bad id table that shifts, public keys Y examines the validity (1594-1596 step) of note signing so.If signature is invalid, so abort transactoin.If signature is effectively, whether that store or that be arranged in transaction record bill entity with ticket applications is complementary (1598-1600 step) to examine device Y inspection bill entity so.For each bill entity of coupling, produce a bill and shift tree, so that determine whether to exist bill duplicate (1602-1604 step).If duplicated bill, so abort transactoin.This step of copy check specifically is to attempt to utilize and abandon sharp transaction currency module and shift the individual that bill produces currency by self dealing at defeating those, also is fit closely.
If there is no duplicate, assert that perhaps the bill entity does not match, bill Y puts into currency possessor there (1606 step) with bill so.At last, the bill catalogue Y renewed bill position and the amount of money and to serial number initialization (1608 step).
Should be appreciated that the process that shifts bill be included as make things convenient for bill regulate to serial number upgrade with initialization, check bill the person of being moved whether on bad id table and the inspection bill process of duplicating.These features that increase and step makes the adversary be difficult to bring into and bill is duplicated in circulation have strengthened the ability that bill is duplicated in investigation in circulation.
Back with reference to Figure 12, call MM and entrust subroutine (632 step) again.The entrustment agreement that uses in the preferable electronic-monetary system has been described, as shown in figure 21 in U.S. Patent application 08/427287.The message that dialog manager X will " prepare to entrust " sends to Y (1702-1704 step).The responsibility of this trust is passed to the module that receives message.In general money transfers sight, at first utilize to transmit and entrust this technology of burden to guarantee that a side of transferring money at first entrusts, thereby eliminate the possibility of duplicating currency.
Then, dialog manager Y sends to acknowledgment message X (1706-1708 step) and entrusts any unpaid transaction (1710 step) by upgrading its transaction record.In addition, if Y is the transaction currency module, notify purchaser's Successful Transaction (1712-1714 step) to purchaser Y so.Dialog manager Y writes down end-of-dialogue (1716 step).
Transaction record X receives from the acknowledgment message of Y and upgrades its transaction record, therefore, entrusts any unpaid transfer.X finishes its trust (1718-1724 step) in the mode identical with Y.
When currency module 6 and trusted agents 120 interact, understand and send message=transmissions E route messages and be actually when after encryption, sending to trusted agents 120 to purchaser's message, proceed this process flow diagram.Consider above situation, the MM dialog manager of currency module B will " prepare to entrust " message to send to the MM dialog manager (1702-1704 step) of currency modules A by sending E route messages subroutine.Then, MM dialog manager A will " receive " message and send to currency module B, and the currency modules A is entrusted (1706-1716 step).When currency module B received " receiving " message, it also entrusted (1718-1724 step).
During the client of currency modules A and B, they produce message, send to its trusted agents A and B, and (1714,1722 step) notifies trusted agents respectively, and they are consignment trade, and therefore payment is successful.
Back with reference to Figure 12, the currency module all sends to its trusted agents (584-586 step) with the message of above-mentioned " paying successfully " again.These message are encrypted with session key (TA/MM).Dialog manager A detects and has made successfully payment, and paper money possessor A upgrades with trade date one class payment information and receives ticket paper money (588,592,634 step).Then, trusted agents A entrusts (636 step), no longer is " temporary " thereby its paper money is kept.Equally, dialog manager B detects successfully payment (590,594 step), and trusted agents B entrusts (638 step).Finish transaction now.
Back with reference to figure 7, the situation of wishing electronic money is sold to businessman at goods to client in customer bank account's the exchange has been introduced in the discussion of front again.Wish to receive the situation of electronic money from businessman the client, buying B inquiry currency module has enough funds (724-726 step).If the currency module in the MTD does not have enough funds, check the whether to some extent amount of money (728-732 step) of request of other merchant transaction device so to the host B request from host directs.If, message is sent to this other transaction system (host C is arranged) to host B so, send currency (734 step).Between C and B, set up dialogue, make currency module payment (736-738 step).Attention: in this sight, do not have the paper money described in the currency module payment of 634 steps.In this case, can Simple System skip this step.
If other MTD does not have enough funds, whether the host B inspection can extract the amount of money (740-742 step) from the bank at the family of making out a bill so.If of course, the currency modules A utilizes currency generator module 202, cashier's module 204 and publishing system 206 to extract electronic money (748 step) from bank so, described in U.S. Patent application 07/794112.If can not extract electronic money, abort transactoin (744-746 step) is ended in the host B request so.
There are enough fund allocations to give client's this point in businessman, as described in process of exchange goes on foot as 750-794.The message of the amount of money and voucher is sent to credit card authorisation network 208 to host B then, the bank account payment for goods (810 step) that voucher is confirmed.Credit card approval procedure continues (811 step), buys B and checks whether payment for goods checks and approves (813-815 step).If do not check and approve, abort transactoin is paid otherwise trusted agents B makes the currency module to trusted agents A so, finishes transaction (817 step).
In open text, provide and described preferred embodiment of the present invention, should understand that the present invention can adopt other various combinations and be used in the varying environment, in the scope of the notion of being explained of the present invention, can carry out changes and improvements here.

Claims (23)

1, a kind of system of open distributing electronic currency comprises:
Client's trusted agents;
Related with described client's trusted agents and the first currency module safety communication of described client's trusted agents;
Set up businessman's trusted agents of first encryption safe dialogue with described client's trusted agents;
Related with described businessman's trusted agents and the second-cash module safety communication of described businessman's trusted agents, it and the described first currency module are set up the dialogue of second encryption safe;
Wherein said client's trusted agents provides electronic money to buy information and the account proves to described businessman's trusted agents; Described businessman's trusted agents provides the receipts ticket to described client's trusted agents;
Described businessman's trusted agents enters authorisation network, and the information of utilizing described electronic money to buy information and described account proof is carried out authorisation process;
In case authorized, described businessman's trusted agents begins electronic money from described second-cash module to the described first currency module transmission.
2, the system as claimed in claim 1 is characterized in that, described account proves credit card or debit card ticket.
3, the system as claimed in claim 1, it is characterized in that, described client's trusted agents also provides electronic money to sell information to described businessman's trusted agents, when authorisation process, utilize described electronic money to sell the information of information and described account proof, in case authorized, then described businessman's trusted agents begins by carrying out the agreement that the described first currency module passes to electronic money described second-cash module.
4, the system as claimed in claim 1, it is characterized in that, described businessman's trusted agents passes to described second-cash module to electronic money from another the public currency module that has, and the described electronic money of described another currency module is distributed to the described first currency module.
5, the system as claimed in claim 1 is characterized in that, described second-cash module enters the bank network of the bank that electronic money is provided, and obtains electronic money from described bank, to be distributed to the described first currency module.
6, the system as claimed in claim 1 is characterized in that, described receipts ticket comprises described client's the ID of bank, account number and warrant quantity.
7, a kind of system of open distributing electronic currency comprises:
Client's trusted agents;
Related with described client's trusted agents and the first currency module safety communication of described client's trusted agents;
Set up businessman's trusted agents of first encryption safe dialogue with described client's trusted agents;
Related with described businessman's trusted agents and the second-cash module safety communication of described businessman's trusted agents, it and the described first currency module are set up the dialogue of second encryption safe;
Wherein said client's trusted agents provides electronic money sale information and account to prove to described businessman's trusted agents; Described businessman's trusted agents provides the receipts ticket to described client's trusted agents;
Described businessman's trusted agents enters authorisation network, and the information of utilizing described electronic money to sell information and described account proof is carried out authorisation process;
In case authorized, described businessman's trusted agents begins electronic money from the described first currency module to the transmission of described second-cash module.
8, system as claimed in claim 7 is characterized in that, described account proves credit card or debit card ticket.
9, the system as claimed in claim 1 is characterized in that, described receipts ticket comprises described client's the ID of bank, account number and warrant quantity.
10, a kind of method of utilizing client's trusted agents, the first currency module, businessman's trusted agents and the open distributing electronic currency of second-cash module comprises the following step:
(a) between described client's trusted agents and described businessman's trusted agents, set up the dialogue of first encryption safe;
(b) described client's trusted agents is bought information and the account proves by the dialogue of described first encryption safe to the transmission of described businessman's trusted agents;
(c) described businessman's trusted agents is created and is received ticket, and it comprises the described account No. of buying information and described client to small part;
(d) described businessman's trusted agents transmits described receipts ticket by described first encryption safe dialogue to described client's trusted agents, the described receipts ticket of the temporary transient preservation of described client's trusted agents;
(e) described businessman's trusted agents enters the mandate net, utilizes describedly to buy information and described account's proof information begins authorisation process;
(f) between described first currency module and described second-cash module, set up the dialogue of second encryption safe;
(g) described second-cash module is transmitted electronic money by described second encryption safe dialogue to the described first currency module, the described electronic money of the temporary transient preservation of the described first currency module;
(h) the described first currency module is entrusted, so the described preservation of described electronic money no longer is temporary transient, and notifies described client's trusted agents successfully to receive electronic money safely;
(i) described second module is entrusted, and notifies described businessman's trusted agents successfully to transmit electronic money safely;
(j) described client's trusted agents is entrusted, so the described preservation of described receipts ticket no longer is temporary transient, and
(k) described businessman's trusted agents is entrusted.
11, method as claimed in claim 10 is characterized in that, described account proves the credit card or the debit card ticket of the account No. with described client.
12, method as claimed in claim 10 is characterized in that, comprises that also described client's trusted agents verifies the step of described receipts ticket.
13, a kind of method of utilizing client's trusted agents, the first currency module, businessman's trusted agents and the open distributing electronic currency of second-cash module comprises the following step:
(a) between described client's trusted agents and described businessman's trusted agents, set up the dialogue of first encryption safe;
(b) described client's trusted agents proves to described businessman's trusted agents transmission sale information and account by described first encryption safe dialogue;
(c) described businessman's trusted agents is created and is received ticket, and it comprises described electronic money sale information and described client's account No. to small part;
(d) described businessman's trusted agents transmits described receipts ticket by described first encryption safe dialogue to described client's trusted agents, the described receipts ticket of the temporary transient preservation of described client's trusted agents;
(e) described businessman's trusted agents enters the mandate net, utilizes described electronic money sale information and described account's proof information to begin authorisation process;
(f) between described first currency module and described second-cash module, set up the dialogue of second encryption safe;
(g) the described first currency module is transmitted electronic money by described second encryption safe dialogue to described second-cash module, the described electronic money of the temporary transient preservation of described second-cash module;
(h) the described first currency module is entrusted and is notified described client's trusted agents successfully to transmit electronic money safely;
(i) described second module is entrusted, so the described preservation of described electronic money no longer is temporary transient, and notifies described businessman's trusted agents successfully to receive electronic money safely;
(j) described client's trusted agents is entrusted, so the described preservation of described receipts ticket no longer is temporary transient, and
(k) described businessman's trusted agents is entrusted.
14, method as claimed in claim 13 is characterized in that, described account proves the credit card or the debit card ticket of the account No. with described client.
15, method as claimed in claim 13 is characterized in that, comprises that also described client's trusted agents verifies the step of described receipts ticket.
16, a kind of system of secure distribution electronic money comprises:
Tamperproof first electronic transaction device that comprises first processor;
Tamperproof second electronic transaction device that comprises second processor, it carries out communication by encrypting with dialogue and described first electronic transaction device;
Wherein said first processor is applicable to the amount of buying information and clients' accounts proof is passed to described second electronic transaction device;
Described second processor merges to the information of the described amount of buying information and described clients' accounts proof and receives in the ticket, and described receipts ticket is passed to described first electronic transaction device by described encryption safe dialogue;
Described second processor begins authorisation process according to the information of the described amount of buying information and described clients' accounts proof;
Under authorized situation, described second electronic transaction device passes to described first electronic transaction device to electronic money, thus the distributing electronic currency, and whether the distributing electronic currency is irrelevant with client's bank.
17, system as claimed in claim 16 is characterized in that, described second electronic transaction device is connected to businessman's network and the authorisation network that is connected with client's bank network; On described authorisation network, carry out described authorisation process.
18, system as claimed in claim 17 is characterized in that, described second electronic transaction device is connected to the bank network of businessman's distributing electronic currency bank.
19, system as claimed in claim 16 is characterized in that, described clients' accounts proves the debit card or the credit card ticket of the account No. with described client.
20, a kind of system of secure distribution electronic money comprises:
Tamperproof first electronic transaction device that comprises first processor;
Tamperproof second electronic transaction device that comprises second processor, it carries out communication by the encryption safe dialogue with described first electronic transaction device;
Wherein said first processor is applicable to sale amount information and clients' accounts proof is passed to described second electronic transaction device;
Described second processor merges to the information of described sale amount information and described clients' accounts proof and receives in the ticket, and described receipts ticket is passed to described first electronic transaction device by described encryption safe dialogue;
Described second processor begins authorisation process according to the information of described sale amount information and described clients' accounts proof;
Under authorized situation, described first electronic transaction device passes to described second electronic transaction device to electronic money.
21, system as claimed in claim 20 is characterized in that, described second electronic transaction device is connected to businessman's network and the authorisation network that is connected with client's bank network; On described authorisation network, carry out described authorisation process.
22, system as claimed in claim 21 is characterized in that, described second electronic transaction device is connected to the bank network of businessman's distributing electronic currency bank.
23, system as claimed in claim 20 is characterized in that, described clients' accounts proves the debit card or the credit card ticket of the account No. with described client.
CN96194584A 1995-06-07 1996-03-11 Trusted agents for open distribution of electronic money Pending CN1187258A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN96194584A CN1187258A (en) 1995-06-07 1996-03-11 Trusted agents for open distribution of electronic money

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/488,248 1995-06-07
CN96194584A CN1187258A (en) 1995-06-07 1996-03-11 Trusted agents for open distribution of electronic money

Publications (1)

Publication Number Publication Date
CN1187258A true CN1187258A (en) 1998-07-08

Family

ID=5128722

Family Applications (1)

Application Number Title Priority Date Filing Date
CN96194584A Pending CN1187258A (en) 1995-06-07 1996-03-11 Trusted agents for open distribution of electronic money

Country Status (1)

Country Link
CN (1) CN1187258A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108885670A (en) * 2016-03-15 2018-11-23 维萨国际服务协会 For interactive verifying password

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108885670A (en) * 2016-03-15 2018-11-23 维萨国际服务协会 For interactive verifying password
CN108885670B (en) * 2016-03-15 2022-04-08 维萨国际服务协会 Authentication password for interaction

Similar Documents

Publication Publication Date Title
US6157920A (en) Executable digital cash for electronic commerce
RU2145439C1 (en) Trusted agents for open distribution of electronic cash
US7318047B1 (en) Method and apparatus for providing electronic refunds in an online payment system
JP5130039B2 (en) Financial transactions with sending and receiving charges
RU2145437C1 (en) Device and method for performing commercial transactions using trusted agents
US7502749B2 (en) Method and system for making a monetary gift
JP4803852B2 (en) Conditional purchase application management system
US20040114766A1 (en) Three-party authentication method and system for e-commerce transactions
TW202407603A (en) A method for embedding metadata in a blockchain transaction
PL179928B1 (en) Method of carrying on open lectronic trade
US20090327133A1 (en) Secure mechanism and system for processing financial transactions
CN1351738A (en) Method and system for procesisng internet payments using the electronic funds transfer network
CN101069204A (en) Method of providing cash and cash equivalent for electronic transactions
JP2004511028A (en) Method and system for securely collecting, storing and transmitting information
KR20130141718A (en) Multiple party benefit from an online authentication service
CN1454364A (en) Method and system for processing Internet payments
AU775065B2 (en) Payment method and system for online commerce
JP2002099848A (en) Issued bond on-line settling method and device based on issued bond transfer contract verified authentically
JP2002342688A (en) Method for electric commerce, settlement proxy method, information issuing method of disposable and post-paying system and settlement requesting method
TW200816068A (en) A transaction payment method by using handheld communication devices
CN1338092A (en) Method enabling a purchaser to ash for the execution of an obligation related to a card and enabling an emitter to recognise said obligation
KR20210152367A (en) Commodity trading system and method thereof
CN1633664A (en) Automated digital rights management and payment system with embedded content
JP2008243199A (en) Internet business security method
CN1187258A (en) Trusted agents for open distribution of electronic money

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication