JP3558544B2 - Electronic cash system - Google Patents

Electronic cash system Download PDF

Info

Publication number
JP3558544B2
JP3558544B2 JP1553199A JP1553199A JP3558544B2 JP 3558544 B2 JP3558544 B2 JP 3558544B2 JP 1553199 A JP1553199 A JP 1553199A JP 1553199 A JP1553199 A JP 1553199A JP 3558544 B2 JP3558544 B2 JP 3558544B2
Authority
JP
Japan
Prior art keywords
amount
received
machine
payment
challenge
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
JP1553199A
Other languages
Japanese (ja)
Other versions
JP2000215257A (en
Inventor
真一郎 松尾
秀実 森畠
雪人 中村
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Data Corp
Nippon Telegraph and Telephone Corp
Original Assignee
NTT Data Corp
Nippon Telegraph and Telephone Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NTT Data Corp, Nippon Telegraph and Telephone Corp filed Critical NTT Data Corp
Priority to JP1553199A priority Critical patent/JP3558544B2/en
Publication of JP2000215257A publication Critical patent/JP2000215257A/en
Application granted granted Critical
Publication of JP3558544B2 publication Critical patent/JP3558544B2/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Description

【0001】
【発明の属する技術分野】
本発明は、電子現金で支払を行う電子現金方式に関し、特に、複数の受領者へ支払うための改良に関する。
【0002】
【従来の技術】
従来の電子現金方式として、例えば、森畠、赤鹿、、菅沼、高橋「階層型電子現金方式」電子情報通信学会、情報とセキュリティシンポジウム、1998年、に記載されたものが知られている。図1は、この従来の電子現金方式の支払プロトコルを示す。
【0003】
支払者と受領者間で支払金額xの合意が成立した後、まず、支払者側のマシン1(以下、単に「支払マシン」という)が、支払い金額x分の電子現金Cと、支払者の公開鍵に電子現金発行機関の秘密鍵の電子署名が付加されたライセンスLと、支払金額xとを、受領者側のマシン3(以下、単に「受領マシン」という)に送付する(ステップS1)。受領マシン3は、受領した支払金額xと電子現金Cとをチェックした後、受領者の利用者番号IdUと適当な乱数とからチェレンジChallを生成し(S2)、このチャレンジChallを支払マシン1へ送信する(S3)。このチャレンジChallは、正当な受領者であることを示すための識別データとしての役割をもつものである。支払マシン1は、チャレンジChallを受信すると、そのチャレンジChallと支払金額xと電子現金Cから支払者の公開鍵を用いて電子署名Sを作成し(S4)、電子署名Sを受領マシン3へ送信する(S5)。この電子署名Sは、電子現金CがチャレンジChallの作成者(つまり受領者)宛てのものであることを、支払者が認めたことを示すデータである。受領マシン3は、受信した電子署名Sが正しいことを検証し、検証が完了すると、電子現金Cを記憶媒体に格納する。
【0004】
【発明が解決しようとする課題】
上述した従来の電子現金方式では、チャレンジは、1回の支払について、一人の受領者から一人の支払者へ送信される。つまり、チャレンジは、1回の支払について、一人の受領者と一人の支払者について唯一のものである。従って、一人の支払者が複数の受領者に支払いを行う場合、その受領者の数だけチャレンジが存在しなくてはならないから、支払者は個々の受領者に対し別々に上記の支払プロトコルを実行しなければならない。
【0005】
その結果、例えば、複数の業者が品物を販売している電子モール上で、客が販売業者の異なる複数の品物を購入した場合、客は各業者に対して別個に支払いを実行しなくてはならない。この面倒を無くすため、客がどの業者から何の品物を何個購入しても、それらの代金を纏めて1回で代表業者に支払えば済むよう電子モールを運用することもできるが、そうすると、電子モール側で代金分配のために各業者間で1対1の支払プロトコルを行わなくてはならない。また、売上金だけでなく、例えば、電信モールの出店業者と、電子モールの経営業者との間にテナント料の支払なども、やはり業者間で1対1で行わなくてはならない。
【0006】
そこで、もし、客が1回で支払った電子現金が、各業者にそれぞれの取り分に従って自動的に分配されれば、上記の問題は解決される。
【0007】
また、従来の電子現金方式では、支払者は予め受領者の受領金額を知っていなければ支払いができない。しかし、もし、支払者が何も意識しなくても、支払われた電子現金が複数の受領者間で正しく自動分配されるならば、余計な面倒が無く且つ自由度の高い商売の運用が可能となる。
【0008】
従って、本発明の目的は、1回の支払行為で複数の受領者へ電子現金を支払うことができる電子現金方式を提供することにある。
【0009】
本発明の第2の目的は、支払者が特に意識しなくても、支払われた電子現金が複数の受領者に正しく自動分配される電子現金方式を提供することにある。
【0010】
【課題を解決するための手段】
本発明の電子現金方式は、複数の受領額をそれぞれ割り当てられた複数の受領マシンと、一つの支払マシンと通信して、この支払マシンから上記複数の受領額の合計額に等しい支払額とこの支払額分の電子現金とを受信し、次に、その支払額の正当な受領権限を示すチャレンジを作成して支払いマシンへ送信し、次に、支払マシンから上記チャレンジに対する電子署名を受信する支払マシンインタフェースとを備える。各受領マシンは、支払マシンインタフェースが受けた支払額から自分の受領額を取ることができるかチェックし、取ることができれば、自分の受領額の正当な受領権限を示すチャレンジ要素を作成する手段と、支払マシンインタフェースが受けた電子署名を検証して、この電子署名が正当であれば、支払マシンインタフェースが受けた電子現金の中から自分の受領額分の電子現金を受領する手段とを有する。また、支払マシンインタフェースは、複数の受領マシンが作成したチャレンジ要素を集めて、これらのチャレンジ要素から前記チャレンジを作成する。
【0011】
この電子現金方式によれば、複数の受領マシンが、支払マシンから送られてきた支払額と自分たちの受領額との数的関係が正しいかをチェックし、正しければ、それぞれの受領マシンが、各々の受領額の正当受領権限を示すチャレンジ要素を作成する。そして、支払マシンインタフェースが、全ての受領マシンの作成したチャレンジ要素を集め、それらに基づき支払者向けの一つのチャレンジを作成して、支払マシンへ送る。そのため、支払マシンとしては、複数の受領額の合計額を支払額として1回の支払プロトコルを実行するだけで支払が完了する。しかも、支払者は個々の受領者の受領額を知る必要がないので、受領者側は、支払者に関係なしに、支払額を自分たちの都合に従って分配できる。
【0012】
好適な実施形態では、支払者向けのチャレンジを作成する際、全ての受領マシンからのチャレンジ要素にハッシュ関数のような圧縮型暗号処理を施して、一定のデータ長をもったチャレンジを作成する。従って、支払マシンが署名するチャレンジは、受領者の人数に関わらず一定のデータ長をもつ。よって、支払マシンの処理は、従来の一対一で支払を行うときのものと同じでよい。
【0013】
好適な実施形態では、複数の受領マシンの中の1つの代表マシンが支払マシンインタフェースを有している。そして、その代表マシンを先頭に、複数の受領マシンが数珠繋ぎに通信接続される。支払マシンから支払額や電子現金は、代表マシンから最後の受領マシンまで各マシンにより順次にリレーされ、また、各受領マシンが作成したチャレンジ要素も順次に代表マシンまでリレーされる。このリレーの過程で、各受領マシンは、支払額から他の受領マシンの受領額を差し引いた残額、又は、他の受領マシンの受領額の合計額を、隣の受領マシンから受け取ることになる。この残額又は合計額から、各受領マシンは、支払額から自分の受取額を取れるかどうかを判断することができる。従って、代表マシンに全ての受領マシンのチャレンジ要素が集まった段階で、支払額と受取額との数的関係が正しいことが確認されたことになる。しかも、各受領マシンの受領額は、他の受領マシンに知られない。
【0014】
本発明は典型的にはコンピュータにより実施することができるが、そのためのコンピュータプログラムは、ディスク型ストレージ、半導体メモリおよび通信ネットワークなどの各種の媒体を通じてコンピュータにインストールまたはロードすることができる。
【0015】
【発明の実施の形態】
図2は、本発明の一実施形態にかかる電子現金方式の支払プロトコルを示す。図2に示す支払プロトコルは、二人の受領者がいる場合の例示である。
【0016】
支払者は、電子現金を格納し且つ支払プロトコルの実行に必要な演算が可能な支払マシン11を持つ。支払マシン11としては、例えばICカードのように耐タンパ性をもった装置が適しているが、勿論、他のタイプの計算機であってもよい。個々の受領者は、支払プロトコルの実行に必要な計算機と、受領した電子現金を格納することができる記憶装置とのセット(以下、「受領マシン」という)13、15を持っている。支払マシン11と少なくとも一つの受領マシン13とは通信することができる。受領マシン13、15同士も通信することができる。
【0017】
ここで、一方の受領者の受領額がx1、他方の受領者の受領額がx2、支払者の支払金額がx(=x1+x2)であるとする。但し、支払者は支払額xは知っているが、個々の受領者の受領額x1、x2は知らない。
【0018】
支払者が支払金額xに合意した後、支払マシン11は、ステップS11に示すように、格納されている電子現金のうち支払金額x円に相当する電子現金Cと、支払者が電子現金の正当な利用者であることを示すライセンスLと、支払金額xとを、最初の受領者の受領マシン13に送信する。
【0019】
この最初の受領マシン13は、ステップS12で示すように、2つの乱数R11、R21を用意し、そして、第1の乱数R11と自分の受領額x1とに一方向性関数、例えばハッシュ関数、を施して、受領額x1に関するチャレンジ要素F11を作成し、また、第1の受領者の利用者番号IdU1と、この受領者側で当該取引に割り当てた識別番号Gb1と、上記の第2の乱数R21とに、同様にハッシュ関数を施して、利用者番号IdU1に関するチャレンジ要素F21を作成する。その後、この最初の受領マシン13は、ステップS13で示すように、支払マシン11から受け取った電子現金CとライセンスLと支払金額xと共に、自分の作成した2つのチャレンジ要素F11、F21と、自分の受領額x1に関するチャレンジ要素F11の作成元となった受領額x1と乱数R11とを、次の(最後の)の受領マシン15へ送信する。
【0020】
この最後の受領マシン15は、ステップS14で示すように、2つの乱数R12、R22を用意し、そして、まず、最初の受領マシン13から受け取った受領額x1と乱数R11と、その受領額x1に関するチャレンジ要素F11とから、その受領額x1が正しいことを確認する。次に、この最後の受領マシン15は、正しいと確認された最初の受領者の受領額x1を支払額xから差し引いて残額を求め、その残額(=x−x1)が自分の受領額x2に等しいかをチェックし、正しければ、予め用意していた2つの乱数R12、R22のうちの一方の乱数R12と自分の受取額x2とから、同様にハッシュ関数を用いて自分の受取額x2に関するチャレンジ要素F12を作成し、また、最後の受領者の利用者番号IdU2と、この受領者側で当該取引に割り当てた識別番号Gb2と、もう一方の乱数R22とから、同様にハッシュ関数を用いて、利用者番号IdU2に関するチャンレンジ要素F22を作成する。更に、この受領マシン15は、タイムスタンプTsと、署名用の乱数Rsとを発生する。その後、この最後の受領マシン15は、ステップS15で示すように、タイムスタンプTsと、署名用の乱数Rsと、自分の作成したチャレンジ要素F12、F22と、自分の受領額x2に関するチャレンジ要素F12の作成元となった受領額x2と乱数R21とを、最初の受領マシン13に送る。
【0021】
最初の受領マシン13は、ステップS16に示すように、支払額xと自分の受領額x1と最後の受領マシン15から受け取った受領額x2との間の数的関係が正しいかをチェックし、正しければ、自分の作成したチャレンジ要素F11、F21と、最後の受領マシン13から受け取ったチャレンジ要素F12、F22とに、ハッシュ関数を施して、支払者向けの1つのチャレンジFを作成する。その後、この最初の受領マシン13は、今作成したチャレンジFと、最後の受領マシン15から受け取ったタイムスタンプTsと著名用乱数Rsと、支払額xとを支払マシン13へ送る。
【0022】
支払マシン13は、ステップS18に示すように、受領マシン13から受信した支払額xが正しいかチェックし、正しければ、受信したデータTs、Rs、F、x全体に対して、自分の秘密鍵を用いて電子署名Sを作成し、そして、ステップS19で示すように、その電子署名Sを最初の受領マシン13へ送る。最初の受領マシン13は、ステップS21で示すように、その電子署名3を最後の受領マシン15へも送る。
【0023】
そして、最初の受領マシン13は、ステップS20で示すように、支払マシン11から受信した電子署名Sを、既に受信済みの支払者のライセンスLに含まれている公開鍵を用いて検証する。すなわち、支払者の公開鍵を用いて、受信した電子署名Sから、その電子署名Sの作成の元となったデータを復元し、その復元したデータが真の元データTs、Rs、F、xに一致するかをチェックする。その結果、電子署名Sが正当であれば、受領マシン13は、自分の受領金額x1分の電子現金を、支払者のライセンスL、チャレンジF、及びチャレンジ要素F11、F21、F12、F22と共に記憶装置に格納する。
【0024】
同様に、最後の受領マシン15も、ステップS22で示すように、受信又は作成済みのチャレンジ要素F11、F21、F12、F22からチャレンジFを計算した上で、支払者からの電子署名SをライセンスLに含まれている支払者の公開鍵を用いて検証し、その結果、電子署名Sが正当であれば、自分の受領金額x2分の電子現金を、支払者のライセンスL、チャレンジF、及びチャレンジ要素F11、F21、F12、F22と共に記憶装置に格納する。
【0025】
以上の手順で支払を行うことにより、支払者は受領者が複数か単数かを意識することなく1回の支払プロトコルを行うだけで、複数の受領者に支払を行うことができ、支払者の手間及び通信費用負担が軽減する。受領者側では、支払者に余計な面倒をかけることなく、受領金を自分たちの商売事情に応じて分配することができる。例えば、電子モールの出店業者が売上金の一部を自動的にテナント料として電子モール経営者へ支払ったりすることができる。また、支払者が署名するチャレンジFは、複数の受領者が作成したチャレンジ要素をハッシュ関数のような圧縮型暗号処理で処理して所定のデータ長にしたものであるため、受領者が何人いても、支払者は同じ演算で署名を行うことができる。
【0026】
図3と図4は、両図を繋ぐことで、本発明の別の実施形態にかかる支払プロトコルを示している。図3では、受領者がn人いる場合を例示している(nは2以上の任意の整数)。ここで、i番目(i=1、2、…、n−1、n)の受領者の受領額をxiとし、支払金額をx(=x1+x2+…+xn−1+xn)とする。
【0027】
最初の受領者の受領マシン21は、ステップS31で示すように、支払者(図示せず)からライセンスL、支払額x分の電子現金C及び支払額を受信すると、ステップS32で示すように、受信した支払額xが自分の受領額x1を超えいているかチェックし、超えているならば、支払額xから自分の受領額x1を差し引き、その残額とx−x1予め用意してある乱数R11から、ハッシュ関数を用いて残額x−x1に関するチャレンジ要素Chall11を作成し、また、自分の利用者番号IdU1と予め用意してある乱数R21から同様に利用者番号IdU1に関するチャレンジ要素Chall21を作成する。その後、最初の受領マシン21は、ステップS33で示すように、支払者からのデータL、C、xと共に、自分の作成したチャレンジChall11、Chall21と、残額x−x1と乱数R11とを2番目の受領マシン23へ送る。
【0028】
2番目の受領マシン23は、ステップ34で示すように、最初の受領マシン21から受信した残額x−x1と乱数R11と残額用のチャレンジ要素Chall11から、その受け取った残額x−x1が正しいことを確認した後、その残額x−x1が自分の受領額x2を超えているかチェックし、超えていれば、その残額x−x1から自分の受領額x2を差し引き、その残額x−x1−x2と予め用意してある乱数R12から残額x−x1−x2に関するチャレンジ要素Chall12を作成し、また、自分の利用者番号IdU2と予め用意してある乱数R22から同様に利用者番号IdU2に関するチャレンジ要素Chall22を作成する(S34)。そして、この2番目の受領マシン23は、ステップS35で示すように、支払者からのデータL、C、xと、最初の受領マシン23からのチャレンジ要素Chll11、Chall21と、自分の作成したチャレンジChall12、Chall22と、残額x−x1−x2と乱数R12とを、図示しない3番目の受領マシン23へ送る。
【0029】
このようにして、2番目からn−1番目までの各受領マシン(一般的に、i番目の受領マシン)は、1つ前の受領マシンから受け取った残額x−x1−…−xi−1と乱数R1i−1と残額用のチャレンジChall1i−1とから、その残額x−x1−…−xi−1が正しいことを確認した後、その残額x−x1−…−xi−1が自分の受領額xiを超えているかチェックし、超えていれば、その残額x−x1−…−xi−1から自分の受領額xiを差し引く。そして、その差し引きの結果の残額x−x1−x2−…−xi−1−xiと予め用意してある乱数R1iから、その残額x−x1−x2−…−xi−1−xiに関するチャレンジ要素Chall1iを作成する。また、自分の利用者番号IdUiと予め用意してある乱数R2iから、利用者番号IdUiに関するチャレンジ要素Chall2iを作成する。そして、支払者からのデータL、C、xと、前の全ての受領マシンからのチャレンジ要素Chll11、Chall21、…、Chall1i−1、Chall2i−1と、自分の作成したチャレンジChall1i、Chall2iと、残額x−x1−…−xiと乱数R2iとを、1つ後の受領マシンへ送る。
【0030】
最後のn番目の受領マシン27は、ステップS39で示すように、1つ前の受領マシン25から受け取った残額x−x1−…−xn−1と乱数R1n−1と残額用のチャレンジChall1n−1とから、その残額x−x1−…−xn−1が正しいことを確認した後、その残額x−x1−…−xn−1が自分の受領額xnと一致しているかをチェックし、一致していれば、自分の受領額xnと予め用意してある乱数R1nから、その受領額xnに関するチャレンジ要素Chall12を作成する。また、自分の利用者番号IdUnと予め用意してある乱数R2nから、利用者番号IdUnに関するチャレンジ要素Chall2nを作成する。更に、タイムスタンプTsと、署名用の乱数Rsを発生させる。また更に、後の署名チェックの準備として、前の全ての受領マシンからのチャレンジ要素Chall11、Chall21、…、Chall1n−1、Chall2n−1と、自分の作成したチャレンジChall1n、Chall2nとから、ハッシュ関数を用いて、支払者向けのチャレンジChallを計算する。そして、ステップS40で示すように、タイムスタンプTsと署名用乱数Rsと、自分の作成したチャレンジ要素Chall1n、Chall2nと、自分の受領額xnと乱数R1nとを、1つ前のn−1番目の受領マシン25へ送る。
【0031】
n−1番目の受領マシン25は、ステップS41で示すように、最後の受領マシン27から受け取った受領額xnと自分の受領額xn−1との合計額xn+xn−1が、1つ前の受領マシンから既に受信済みの残額x−x1−…−xn−2と等しいかチェックし、正しければ、ステップS42で示すように、最後の受領マシン27から受け取ったタイムスタンプTsと著名用乱数Rsとチャレンジ要素Chall1n、Chall2nと、自分の作成したチャレンジ要素Chall1n−1、Chall2n−1と、上記受領額の和xn+xn−1と、乱数R1n、R1n−1とを、1つ前の受領マシンへ送信する。更に、後の署名チェックの準備として、既に受信または自分で作成した全てのチャレンジ要素Chll11、Chall21、…、Chall1n、Chall2nから、支払者向けのチャレンジChallを計算する。
【0032】
このようにして、n−1番目から2番目までの各受領マシン(一般的に、i番目の受領マシン)は、1つ後の受領マシンから受け取った受領額の合計額xn+xn−1+…+xi+1と自分の受領額xiとの合計額xn+xn−1+…+xi+1+xiが、1つ前の受領マシンから既に受信済みの残額x−x1−…−xi−1と等しいかチェックし、正しければ、一つ後の受領マシンから受け取ったタイムスタンプTsと著名用乱数Rsとチャレンジ要素Chall1n、Chall2n、…、Chall1i+1、Chall2i+1と、自分の作成したチャレンジ要素Chall1i、Chall2iと、上記受領額の合計額xn+xn−1+…+xiと、乱数R1n、R1n−1、…、Riとを、1つ前の受領マシンへ送信する。更に、後の署名チェックの準備として、既に受信または自分で作成した全てのチャレンジ要素Chll11、Chall21、…、Chall1n、Chall2nから、支払者向けのチャレンジChallを計算する。
【0033】
最初の受領マシン21は、ステップS46で示すように、2番目の受領マシン23から受け取った受領額の合計額xn+xn−1+…+x2と自分の受領額x1との合計額xn+xn−1+…+x2+x1が、支払額xと等しいかチェックし、正しければ、既に受信または自分で作成した全てのチャレンジ要素Chll11、Chall21、…、Chall1n、Chall2nから、支払者向けのチャレンジChallを計算する。そして、ステップS47に示すように、2番目の受領マシン23から受け取ったタイムスタンプTsと著名用乱数Rsと、支払額xと、自分の作成したチャレンジChallとを、支払マシンに送信する。
【0034】
支払マシンは、図示してないが、図2の実施形態と同様に、受領マシン21から受信した支払額xが正しいかチェックし、正しければ、受信したデータTs、Rs、x、Challに対する電子署名を作成して、この電子署名を最初の受領マシン21へ送る。この電子署名は、最初の受領マシン21から最後の受領マシン27まで全ての受領マシンへ送られる。各受領マシン(一般には、i番目の受領マシン)は、図2の実施形態と同様に、受信した電子署名を検証し、その電子署名が正当であれば、自分の受領金額xi分の電子現金を、支払者のライセンスL、チャレンジChall、及びチャレンジ要素Chall11、Chall21、Chall12、Chall22、…、Chall1n、Chall2nと共に記憶装置に格納する。
【0035】
この実施形態によれば、図2の実施形態と同様の利点だけでなく、各受領者の受領額が他の受領者に知られないという利点も得られる。すなわち、各受領マシンは、その前段の受領マシンからは、その前段マシンの受領額ではなくて支払額からの残額を受け、また、後段の受領マシンからは、その後段マシンの受領額ではなくて受領額の合計額を受けるから、他の受領マシンの受領額を知ることはできない。
【0036】
以上、本発明の実施形態を説明したが、上記の実施形態はあくまで本発明の説明のための例示であり、本発明を上記実施形態にのみ限定する趣旨ではない。従って、本発明は、上記実施形態以外の様々な形態でも実施することができるものである。例えば、上記の実施形態では、支払マシンや受領マシンなどの個々のマシンを別個の計算機ハードウェアとして説明したが、必ずしもそうである必要は無く、同一の計算機ハードウェア上で実行される別個のプロセスとして実装することもできる。例えば、1番目の受領者の受領マシンと2番目の受領者の受領マシンが、実際には1台の計算機の中で多重に実行されている2つの受領プロセスである、というようにである。
【図面の簡単な説明】
【図1】従来の電子現金方式の支払プロトコルを示すブロック図。
【図2】本発明の一実施形態にかかる電子現金方式の支払プロトコルを示すブロック図。
【図3】図4と繋ぐことで、本発明の第2の実施形態にかかる電子現金方式の支払プロトコルを示すブロック図。
【図4】図3と繋ぐことで、第2の実施形態にかかる電子現金方式の支払プロトコルを示すブロック図。
【符号の説明】
11、21 支払マシン
3、23〜27 受領マシン[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to an electronic cash system for paying with electronic cash, and more particularly to an improvement for paying to a plurality of recipients.
[0002]
[Prior art]
As a conventional electronic cash method, for example, the one described in Moribatake, Akaka, Suganuma, Takahashi “Hierarchical Electronic Cash Method”, IEICE, Information and Security Symposium, 1998 is known. FIG. 1 shows this conventional electronic cash payment protocol.
[0003]
After agreement between the payer and the receiver is reached on the payment amount x, first, the payer's machine 1 (hereinafter simply referred to as “payment machine”) receives the electronic cash C for the payment amount x and the payer's The license L in which the electronic signature of the secret key of the electronic cash issuing institution is added to the public key and the payment amount x are sent to the recipient machine 3 (hereinafter simply referred to as “reception machine”) (step S1). . After checking the received payment amount x and the electronic cash C, the receiving machine 3 generates a challenge range Call from the user number IdU of the recipient and an appropriate random number (S2), and sends the challenge Call to the payment machine 1 It transmits (S3). This challenge Chall has a role as identification data for indicating that the recipient is a valid recipient. Upon receiving the challenge Call, the payment machine 1 creates an electronic signature S from the challenge Call, the payment amount x, and the electronic cash C using the payer's public key (S4), and transmits the electronic signature S to the receiving machine 3. (S5). The electronic signature S is data indicating that the payer has recognized that the electronic cash C is intended for the creator (that is, the receiver) of the challenge CALL. The receiving machine 3 verifies that the received electronic signature S is correct, and when the verification is completed, stores the electronic cash C in the storage medium.
[0004]
[Problems to be solved by the invention]
In the conventional electronic cash method described above, a challenge is transmitted from one recipient to one payer for one payment. That is, the challenge is unique for one recipient and one payer per payment. Therefore, if one payer pays multiple recipients, the payer must execute the above payment protocol separately for each recipient, since there must be as many challenges as there are recipients. Must.
[0005]
As a result, for example, when a customer purchases a plurality of items from different sellers on an electronic mall where a plurality of sellers sell the item, the customer must pay each dealer separately. No. In order to eliminate this trouble, it is possible to operate the electronic mall so that even if the customer purchases how many items from which merchandise, they can collect them and pay them once to the representative company, One-to-one payment protocol has to be performed between each merchant for the distribution of money on the electronic mall side. In addition to the sales proceeds, for example, payment of a tenant fee between a store operator of a telecommunications mall and a management company of an electronic mall must also be performed on a one-to-one basis.
[0006]
The above problem is solved if the electronic cash paid by the customer at one time is automatically distributed to each trader according to their share.
[0007]
In addition, in the conventional electronic cash method, the payer cannot make a payment unless he / she knows the amount of money received by the receiver in advance. However, even if the payer is unaware, if the paid electronic cash is automatically distributed among multiple recipients, it is possible to operate the business with no extra trouble and high flexibility It becomes.
[0008]
Accordingly, an object of the present invention is to provide an electronic cash system that can pay electronic cash to a plurality of recipients in one payment operation.
[0009]
A second object of the present invention is to provide an electronic cash system in which paid electronic cash is automatically distributed to a plurality of recipients without paying particular attention.
[0010]
[Means for Solving the Problems]
In the electronic cash method of the present invention, a plurality of receiving machines each assigned a plurality of receiving amounts, and communicating with one paying machine, from this paying machine, a payment amount equal to the total amount of the plurality of receiving amounts and Payment to receive the electronic cash for the payment amount, and then create and send a challenge to the payment machine indicating the right to receive the payment amount, and then receive an electronic signature for the challenge from the payment machine A machine interface. Means for each receiving machine to check that it can take its amount from the payment received by the payment machine interface, and if so, to create a challenge element indicating the legitimate receiving authority of its amount; Means for verifying the electronic signature received by the payment machine interface and, if the electronic signature is valid, receiving electronic cash corresponding to the amount received from the electronic cash received by the payment machine interface. The payment machine interface also collects the challenge elements created by the plurality of receiving machines and creates the challenge from the challenge elements.
[0011]
According to this electronic cash method, a plurality of receiving machines check whether the numerical relationship between the payment amount sent from the payment machine and their own received amount is correct, and if they are correct, each receiving machine, Create a challenge element indicating the right to receive the right of each received amount. Then, the payment machine interface collects the challenge elements created by all the receiving machines, creates one challenge for the payer based on them, and sends the challenge to the payment machine. Therefore, the payment machine completes the payment only by executing one payment protocol using the total amount of the plurality of received amounts as the payment amount. In addition, since the payer does not need to know the amount of each individual recipient, the recipients can distribute the payment according to their own convenience without regard to the payer.
[0012]
In a preferred embodiment, when creating a challenge for a payer, a challenge having a fixed data length is created by performing a compression-type encryption process such as a hash function on challenge elements from all receiving machines. Thus, the challenge signed by the payment machine has a fixed data length regardless of the number of recipients. Therefore, the processing of the payment machine may be the same as the conventional one-on-one payment.
[0013]
In a preferred embodiment, one representative machine of the plurality of receiving machines has a payment machine interface. Then, starting from the representative machine, a plurality of receiving machines are connected and connected in a daisy chain. The payment amount and the electronic cash from the paying machine are sequentially relayed by each machine from the representative machine to the last receiving machine, and the challenge elements created by each receiving machine are sequentially relayed to the representative machine. In the course of this relay, each receiving machine receives the remaining amount obtained by subtracting the received amount of the other receiving machine from the payment amount, or the total amount of the received amount of the other receiving machine from the adjacent receiving machine. From this balance or the total amount, each receiving machine can determine whether or not it can take its received amount from the paid amount. Therefore, it is confirmed that the numerical relationship between the payment amount and the reception amount is correct when the challenge elements of all the receiving machines are gathered in the representative machine. Moreover, the amount received by each receiving machine is not known to other receiving machines.
[0014]
The present invention can be typically implemented by a computer, and a computer program for that can be installed or loaded into the computer through various media such as a disk storage, a semiconductor memory, and a communication network.
[0015]
BEST MODE FOR CARRYING OUT THE INVENTION
FIG. 2 shows an electronic cash payment protocol according to an embodiment of the present invention. The payment protocol shown in FIG. 2 is an example where there are two recipients.
[0016]
The payer has a payment machine 11 that can store electronic cash and perform the calculations required to execute the payment protocol. As the payment machine 11, for example, a device having tamper resistance such as an IC card is suitable, but of course, another type of computer may be used. Each recipient has a set (hereinafter, referred to as a "receipt machine") 13, 15 of a computer required for executing the payment protocol and a storage device capable of storing the received electronic cash. The payment machine 11 and at least one receiving machine 13 can communicate. The receiving machines 13, 15 can also communicate with each other.
[0017]
Here, it is assumed that the amount received by one recipient is x1, the amount received by the other recipient is x2, and the amount paid by the payer is x (= x1 + x2). However, the payer knows the payment amount x, but does not know the reception amounts x1 and x2 of the individual receivers.
[0018]
After the payer agrees with the payment amount x, the payment machine 11 determines, as shown in step S11, the electronic cash C corresponding to the payment amount x yen among the stored electronic cash and the electronic cash C The license L indicating that the user is a proper user and the payment amount x are transmitted to the receiving machine 13 of the first recipient.
[0019]
The first receiving machine 13 prepares two random numbers R11 and R21 as shown in step S12, and applies a one-way function, for example, a hash function, to the first random number R11 and the received amount x1. To create a challenge element F11 related to the received amount x1, the user number IdU1 of the first receiver, the identification number Gb1 assigned to the transaction by the receiver, and the second random number R21. Similarly, a hash function is performed to create a challenge element F21 related to the user number IdU1. Thereafter, as shown in step S13, the first receiving machine 13 sends the two challenge elements F11 and F21 created by itself together with the electronic cash C, license L and payment amount x received from the paying machine 11, and The received amount x1 and the random number R11 from which the challenge element F11 related to the received amount x1 is created are transmitted to the next (last) receiving machine 15.
[0020]
The last receiving machine 15 prepares two random numbers R12 and R22 as shown in step S14, and firstly, receives the received amount x1 and the random number R11 received from the first receiving machine 13 and the received amount x1. From the challenge element F11, it is confirmed that the received amount x1 is correct. Next, the last receiving machine 15 obtains the remaining amount by subtracting the received amount x1 of the first receiver confirmed to be correct from the paid amount x, and the remaining amount (= x−x1) becomes the received amount x2. Check whether they are equal, and if they are correct, use one of the two random numbers R12 and R22 prepared in advance and the own received amount x2 to similarly challenge the own received amount x2 using the hash function. An element F12 is created, and the user number IdU2 of the last recipient, the identification number Gb2 assigned to the transaction by the recipient, and the other random number R22 are similarly used, using a hash function, A challenge element F22 relating to the user number IdU2 is created. Further, the receiving machine 15 generates a time stamp Ts and a random number Rs for signature. Thereafter, as shown in step S15, the last receiving machine 15 receives the time stamp Ts, the random number Rs for signature, the challenge elements F12 and F22 created by itself, and the challenge element F12 related to the received amount x2. The received receipt amount x2 and the random number R21, which are the creation source, are sent to the first receiving machine 13.
[0021]
The first receiving machine 13 checks whether the numerical relationship between the payment amount x, its own received amount x1, and the received amount x2 received from the last receiving machine 15 is correct, as shown in step S16, and corrects it. For example, a hash function is applied to the challenge elements F11 and F21 created by the user and the challenge elements F12 and F22 received from the last receiving machine 13 to create one challenge F for the payer. Thereafter, the first receiving machine 13 sends the created challenge F, the time stamp Ts received from the last receiving machine 15, the famous random number Rs, and the payment amount x to the paying machine 13.
[0022]
As shown in step S18, the payment machine 13 checks whether the payment amount x received from the receiving machine 13 is correct. If the payment amount x is correct, the payment machine 13 transmits its own private key to the received data Ts, Rs, F, x as a whole. The electronic signature S is used to generate the electronic signature S, and the electronic signature S is sent to the first receiving machine 13 as shown in step S19. The first receiving machine 13 also sends the electronic signature 3 to the last receiving machine 15 as shown in step S21.
[0023]
Then, as shown in step S20, the first receiving machine 13 verifies the electronic signature S received from the payment machine 11 using the public key included in the license L of the payer that has already been received. That is, using the payer's public key, the data from which the digital signature S was created is restored from the received electronic signature S, and the restored data is converted into true original data Ts, Rs, F, x Check if matches. As a result, if the electronic signature S is valid, the receiving machine 13 stores the electronic cash for the received amount x1 in the storage device together with the license L of the payer, the challenge F, and the challenge elements F11, F21, F12, and F22. To be stored.
[0024]
Similarly, the last receiving machine 15 calculates the challenge F from the received or created challenge elements F11, F21, F12, and F22 as shown in step S22, and then licenses the electronic signature S from the payer to the license L. Is verified using the payer's public key included in the payer, and as a result, if the electronic signature S is valid, the electronic cash for the received amount x2 is transferred to the payer's license L, challenge F, and challenge It is stored in the storage device together with the elements F11, F21, F12, and F22.
[0025]
By performing the payment in the above procedure, the payer can make payments to a plurality of recipients simply by performing a single payment protocol without being aware of whether the recipients are plural or singular. The burden of labor and communication costs is reduced. Recipients can distribute the received money according to their business circumstances without any extra trouble for the payer. For example, a store operator of an electronic mall can automatically pay a part of the sales proceeds as a tenant fee to the owner of the electronic mall. The challenge F signed by the payer is obtained by processing the challenge elements created by a plurality of recipients to a predetermined data length by performing a compression-type encryption process such as a hash function. Also, the payer can sign with the same operation.
[0026]
3 and 4 show a payment protocol according to another embodiment of the present invention by connecting the two figures. FIG. 3 illustrates a case where there are n recipients (n is an arbitrary integer of 2 or more). Here, the received amount of the i-th (i = 1, 2,..., N−1, n) receiver is assumed to be xi, and the payment amount is assumed to be x (= x1 + x2 +... + Xn−1 + xn).
[0027]
When the receiving machine 21 of the first receiver receives the license L, the electronic cash C for the payment amount x, and the payment amount from the payer (not shown) as shown in step S31, as shown in step S32, It checks whether the received payment amount x exceeds its own reception amount x1, and if it exceeds, subtracts its own reception amount x1 from the payment amount x, and calculates the remaining amount and x-x1 from the random number R11 prepared in advance. Then, a challenge element Call11 relating to the balance xx1 is created using a hash function, and a challenge element Call21 relating to the user number IdU1 is similarly created from the user's own user number IdU1 and a random number R21 prepared in advance. Thereafter, as shown in step S33, the first receiving machine 21 transmits the challenge Chall11, Chall21 created by itself, the remaining amount x-x1, and the random number R11 together with the data L, C, x from the payer, as shown in step S33. Send to receiving machine 23.
[0028]
As shown in step 34, the second receiving machine 23 determines from the remaining amount x-x1 received from the first receiving machine 21, the random number R11, and the challenge element Chall11 for the remaining amount that the received remaining amount x-x1 is correct. After confirming, it is checked whether the remaining amount x-x1 exceeds the received amount x2, and if it is exceeded, the received amount x2 is subtracted from the remaining amount x-x1 and the remaining amount x-x1-x2 is determined in advance. A challenge element Chall12 for the remaining amount x-x1-x2 is created from the prepared random number R12, and a challenge element Chall22 for the user number IdU2 is similarly created from the own user number IdU2 and the previously prepared random number R22. (S34). Then, as shown in step S35, the second receiving machine 23 receives the data L, C, x from the payer, the challenge elements Chll11 and Challenge21 from the first receiving machine 23, and the challenge Challenge12 created by itself. , Chall22, the balance x-x1-x2, and the random number R12 are sent to the third receiving machine 23 (not shown).
[0029]
In this way, each of the second to (n-1) th receiving machines (generally, the i-th receiving machine) receives the remaining amount x-x1 -...- xi-1 received from the immediately preceding receiving machine. After confirming that the remaining amount x-x1 -...- xi-1 is correct from the random number R1i-1 and the challenge Challenge1i-1 for the remaining amount, the remaining amount x-x1 -...- xi-1 is the amount received by the user. It checks whether it exceeds xi, and if it does, subtracts the received amount xi from the remaining amount x-x1 -...- xi-1. Then, from the balance x-x1-x2 -...- xi-1-xi obtained as a result of the subtraction and the random number R1i prepared in advance, the challenge element Chall1i relating to the balance x-x1-x2 -...- xi-1-xi is obtained. Create Further, a challenge element Call2i relating to the user number IdUi is created from the user number IdUi and a random number R2i prepared in advance. Then, the data L, C, x from the payer, the challenge elements Chll11, Chall21,..., Chall1i-1, Chall2i-1 from all the previous receiving machines, the challenges Chall1i, Chall2i created by the user, and the remaining amount .. -xi and the random number R2i are sent to the next receiving machine.
[0030]
The last n-th receiving machine 27, as shown in step S39, the balance x-x1 -...- xn-1, the random number R1n-1, and the challenge Challenge1n-1 for the balance received from the previous receiving machine 25. From the above, after confirming that the balance x-x1 -...- xn-1 is correct, it is checked whether the balance x-x1 -...- xn-1 matches the received amount xn, and the balance is checked. If so, a challenge element Chall12 relating to the received amount xn is created from the received amount xn and a random number R1n prepared in advance. Further, a challenge element Call2n relating to the user number IdUn is created from the user number IdUn and the random number R2n prepared in advance. Further, a time stamp Ts and a random number Rs for signature are generated. Further, as preparation for the subsequent signature check, a hash function is created from challenge elements Call11, Challenge21,..., Challenge1n-1, Challenge2n-1 from all the previous receiving machines, and challenges Challenge1n, Challenge2n created by the user. Used to calculate the challenge Challenge for the payer. Then, as shown in step S40, the time stamp Ts, the signature random number Rs, the challenge elements Chall1n and Chall2n created by the user, the own received amount xn and the random number R1n are compared with the (n−1) -th previous one. Send to the receiving machine 25.
[0031]
As shown in step S41, the (n-1) th receiving machine 25 sets the total amount xn + xn-1 of the received amount xn received from the last receiving machine 27 and its own received amount xn-1 as the immediately preceding received value. It is checked whether it is equal to the balance x-x1 -...- xn-2 already received from the machine, and if it is correct, as shown in step S42, the time stamp Ts received from the last receiving machine 27, the famous random number Rs, and the challenge It transmits the elements Chall1n and Chall2n, the challenge elements Chall1n-1 and Chall2n-1 created by the user, the sum xn + xn-1 of the received amount, and the random numbers R1n and R1n-1 to the immediately preceding receiving machine. Further, as preparation for the later signature check, a challenge Challenge for the payer is calculated from all challenge components Chll11, Challenge21,..., Challenge1n, Challenge2n that have already been received or created by the user.
[0032]
In this way, each of the (n-1) th to the second receiving machines (generally, the i-th receiving machine) receives the total amount xn + xn-1 +... + Xi + 1 received from the succeeding receiving machine. Check whether the total amount xn + xn-1 + ... + xi + 1 + xi with the received amount xi is equal to the balance x-x1 -...- xi-1 already received from the previous receiving machine. The time stamp Ts received from the receiving machine, the well-known random number Rs, the challenge elements Chall1n, Chall2n,. , R1n, R1n-1,..., Ri to the previous receiving machine. Further, as preparation for the later signature check, a challenge Challenge for the payer is calculated from all challenge elements Chll11, Challenge21,..., Challenge1n, Challenge2n already received or created by the user.
[0033]
As shown in step S46, the first receiving machine 21 calculates the total amount xn + xn-1 +... + X2 + x1 of the total amount xn + xn-1 +... + X2 received from the second receiving machine 23 and its own received amount x1. It is checked whether it is equal to the payment amount x. If it is correct, a challenge Chall for the payer is calculated from all the challenge elements Chll11, Chall21,..., Chall1n, Chall2n already received or created by the user. Then, as shown in step S47, the time stamp Ts received from the second receiving machine 23, the famous random number Rs, the payment amount x, and the challenge created by the user are transmitted to the payment machine.
[0034]
Although not shown, the payment machine checks whether the payment amount x received from the receiving machine 21 is correct, as in the embodiment of FIG. 2, and if it is correct, an electronic signature for the received data Ts, Rs, x, and Chall. And sends this electronic signature to the first receiving machine 21. This electronic signature is sent to all receiving machines from the first receiving machine 21 to the last receiving machine 27. Each receiving machine (generally, the i-th receiving machine) verifies the received electronic signature as in the embodiment of FIG. 2, and if the electronic signature is valid, the electronic cash corresponding to the received amount xi. Are stored in the storage device together with the payer's license L, the challenge Challenge, and the challenge elements Challenge11, Challenge21, Challenge12, Challenge22,..., Challenge1n, Challenge2n.
[0035]
According to this embodiment, not only the same advantages as in the embodiment of FIG. 2 but also the advantage that the amount received by each recipient is not known to other recipients can be obtained. That is, each receiving machine receives not the received amount of the preceding machine but the remaining amount from the payment amount from the preceding receiving machine, and the receiving machine of the subsequent stage receives not the received amount of the subsequent machine but the received amount of the subsequent machine. Since you receive the sum of the received amount, you cannot know the received amount of the other receiving machine.
[0036]
The embodiments of the present invention have been described above. However, the above embodiments are merely examples for describing the present invention, and are not intended to limit the present invention only to the above embodiments. Therefore, the present invention can be implemented in various modes other than the above-described embodiment. For example, in the above embodiments, individual machines, such as payment machines and receiving machines, were described as separate computer hardware, but this need not be the case and separate processes running on the same computer hardware. It can also be implemented as For example, the receiving machine of the first recipient and the receiving machine of the second recipient are actually two receiving processes that are being executed in multiplex on one computer.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a conventional electronic cash payment protocol.
FIG. 2 is a block diagram showing an electronic cash payment protocol according to an embodiment of the present invention.
FIG. 3 is a block diagram showing an electronic cash payment protocol according to the second embodiment of the present invention by connecting to FIG. 4;
FIG. 4 is an exemplary block diagram showing an electronic cash payment protocol according to the second embodiment by connecting to FIG. 3;
[Explanation of symbols]
11,21 Payment machine 3,23-27 Receiving machine

Claims (2)

電子現金で、支払額を支払う支払マシンと、
支払マシンと通信可能であり、更に互いに通信可能な第1及び第2の受領マシンと、を有する電子現金システムにおいて、
前記第1の受領マシンは、
自分の受領額の電子現金を格納する記憶装置と、
前記支払マシンと通信して、前記支払マシンから前記第1及び第2の受領マシンの受領額の合計額に等しい支払額と、この支払額分の電子現金と、ライセンスとを受信し、第1の受領マシンの受領額と予め用意された乱数からハッシュ関数を用いてチャレンジを作成して前記第1の受領マシンの受領額、前記乱数、前記支払額、前記電子現金、前記ライセンスと共に第2の受領マシンに送信し、前記第2の受領マシンから受信した受領額と自分の受領額との合計額が前記支払額と等しいかチェックし、正しければ作成した前記チャレンジと前記第2の受領マシンから受信したチャレンジとからハッシュ関数を用いて前記支払額の正当な受領権限を示すチャレンジを作成し、前記支払額と共に前記支払マシンへ送信し、次に前記支払額の正当な受領権限を示すチャレンジと前記支払額との全体に対し前記支払マシンの秘密鍵で作成された電子署名を前記支払マシンから受信し、前記ライセンスに含まれている公開鍵を用いて元のデータを復元することで前記電子署名を検証し前記電子署名が正当である場合は前記電子現金の中から自分の受領額を前記記憶装置に格納させると共に、前記電子署名を前記第2の受領マシンへ送信する計算機とを備え、
前記第2の受領マシンは、
前記第2の受領マシンの受領額の電子現金を記憶する記憶装置と、
前記第1の受領マシンから受信した前記支払額から前記第1の受領マシンの受領額を差し引いて自分の受領額と等しいかチェックし、等しければ前記自分の受領額と予め用意された乱数からハッシュ関数を用いてチャレンジを作成し、前記自分の受領額と前記乱数と共に前記第1の受領マシンに送信し、前記第1の受領マシンから受信したチャレンジ及び作成したチャレンジから前記支払額の正当な受領権限を示すチャレンジを作成し、前記第1の受領マシンから受信した電子署名を前記ライセンスに含まれている公開鍵を用いて元のデータを復元することで検証し電子署名が正当である場合は前記電子現金の中から自分の受領額の電子現金を前記記憶装置に格納させる計算機とを備えることを特徴とする電子現金システム。A payment machine that pays the payment amount by electronic cash,
An electronic cash system having a first and a second receiving machine communicable with a payment machine and further communicable with each other;
The first receiving machine comprises:
A storage device for storing electronic cash of the amount received,
In communication with the payment machine, equal payments to the sum of receipts of the first and second receiving machine from the payment machine, an electronic cash this payment amount, receives the license, the first receipts of the first receipt machine from the previously prepared random number and receipts of receipt of the machine to create a challenge by using a hash function, the random number, the payment amount, the electronic cash, the license with both the second To the receiving machine, and checks whether the total amount of the received amount received from the second receiving machine and the received amount is equal to the paid amount, and if correct, the created challenge and the second receiving machine using a hash function from a challenge received created a challenge indicating legitimate receipt authority of the payments from, and transmitted to the payment machine together with the payment, a next legitimate of the payment Receiving a digital signature created with the private key of the payment machine from the payment machine for the entire challenge showing the territorial authority and the payment amount, and reconstructing the original data using the public key included in the license. The electronic signature is verified by restoring, and if the electronic signature is valid, the received amount is stored in the storage device from the electronic cash, and the electronic signature is transmitted to the second receiving machine. Computer with
The second receiving machine,
A storage device for storing electronic cash of a received amount of the second receiving machine;
Subtract the received amount of the first receiving machine from the paid amount received from the first receiving machine and check whether the received amount is equal to the received amount. If they are equal, hash the received amount and the random number prepared in advance. Creating a challenge using a function, transmitting the challenge together with the received amount and the random number to the first receiving machine, and properly receiving the payment amount from the challenge received from the first receiving machine and the created challenge. Creates a challenge indicating authority , verifies the electronic signature received from the first receiving machine by restoring the original data using the public key included in the license, and if the electronic signature is valid, A computer for storing the received amount of electronic cash from the electronic cash in the storage device . 電子現金で、支払額を支払う支払マシンと、
支払マシンと通信可能であり、更に互いに通信可能なn台(nは2以上の整数)の受領マシンと、を有する電子現金システムにおいて、
最初の受領マシンは、
自分の受領額の電子現金を格納する記憶装置と、
前記支払マシンと通信して、前記支払マシンから前記複数の受領マシンの受領額の合計額に等しい支払額とこの支払額分の電子現金とライセンスを受信し、前記支払額が自己の受領額を超えているかチェックし、超えているならば前記支払額から受領額を引いて残額を求め、前記残額と予め用意された乱数からハッシュ関数を用いてチャレンジを作成して前記電子現金と前記ライセンス、前記残額、前記乱数とともに2番目の受領マシンに送信し、
前記2番目の受領マシンから受信した受領額の合計額と自分の受領額との合計額が前記支払額と等しいかチェックし正しければ自己が作成したチャレンジと受信した全てのチャレンジとからハッシュ関数を用いて前記支払額の正当な受領権限を示すチャレンジを作成して前記支払額と共に前記支払マシンへ送信し、
次に前記支払額の正当な受領権限を示すチャレンジと前記支払額に対し前記支払マシンの秘密鍵で作成した電子署名を前記支払マシンから受信し、
前記ライセンスに含まれている公開鍵を用いて前記電子署名から元のデータを復元して検証し、前記電子署名が正当であれば、自己の受領額分の電子現金を前記記憶装置に格納させ、前記電子署名を前記2番目の受領マシンに送信する計算機とを備え、
i番目(iは2≦i≦n−1なる整数)の受領マシンは、
自分の受領額の電子現金を格納する記憶装置と、
i−1番目の受領マシンから受信した残額が自分の受領額を超えているかチェックし、超えていれば前記受信した残額から自分の受領額を差し引き、差し引き後の残額と予め用意された乱数とからハッシュ関数を用いてチャレンジを作成し、前記電子現金と前記ライセンス、受信したチャレンジ、前記差し引き後の残額と前記乱数とともにi+1番目の受領マシンに送信し、
i+1番目の受領マシンから受信した受領額と自分の受領額との合計額がすでに受領済みの残額と等しいかチェックし、正しければ前記i+1番目の受領マシンから受領したチャレンジと自己が作成した前記チャレンジと前記合計額をi−1番目の受領マシンに送信し、
受信したすべてのチャレンジ及び自己が作成した前記チャレンジとからハッシュ関数を用いてチャレンジを作成し、前記i−1番目の受領マシンから受信した前記電子署名を前記ライセンスに含まれている公開鍵を用いて元のデータを復元することで検証し、前記電子署名が正当である場合は、前記電子現金の中から自分の受領額の電子現金を前記記憶装置に格納させ、前記電子署名を前記i+1番目の受領マシンに送信する計算機とを備える、ことを特徴とする電子現金システム。A payment machine that pays the payment amount by electronic cash,
An electronic cash system having n (n is an integer of 2 or more) receiving machines communicable with a payment machine and further communicable with each other;
The first receiving machine is
A storage device for storing electronic cash of the amount received,
Communicating with the payment machine, receiving from the payment machine a payment amount equal to the sum of the received amounts of the plurality of receiving machines, electronic cash and a license for the payment amount, and the payment amount is equal to its own received amount. Check if it is over, if it is over, subtract the received amount from the paid amount to find the remaining amount, create a challenge using a hash function from the remaining amount and a random number prepared in advance, and make the electronic cash and the license, Send the balance and the random number to a second receiving machine,
It checks whether the total amount of the received amount received from the second receiving machine and the total amount of the received amount is equal to the paid amount, and if it is correct, a hash function is created from the challenge created by itself and all the received challenges. Creating a challenge indicating the legitimate receipt authority of the payment amount and transmitting it to the payment machine together with the payment amount ,
Next , a challenge indicating the right to receive the payment amount and an electronic signature created with the payment machine's secret key for the payment amount are received from the payment machine,
The original data is restored and verified from the digital signature using the public key included in the license, and if the digital signature is valid, the electronic cash for the amount received is stored in the storage device. A computer for transmitting the electronic signature to the second receiving machine,
The i-th (i is an integer satisfying 2 ≦ i ≦ n−1) receiving machine is
A storage device for storing electronic cash of the amount received,
Check whether the balance received from the (i-1) th receiving machine exceeds the amount received by the user, and if so, subtract the amount received from the received balance, and calculate the balance between the balance and the random number prepared in advance. Create a challenge using a hash function from, and send to the (i + 1) th receiving machine together with the electronic cash and the license, the received challenge, the balance after the deduction and the random number,
Check whether the sum of the amount received from the (i + 1) th receiving machine and the amount received by the user is equal to the balance already received, and if correct, the challenge received from the (i + 1) th receiving machine and the challenge created by oneself. And the total amount to the (i-1) th receiving machine,
A challenge is created using a hash function from all the received challenges and the challenge created by the user, and the electronic signature received from the (i-1) th receiving machine is used by using a public key included in the license. The electronic signature is verified by restoring the original data, and if the electronic signature is valid, the electronic cash of the amount received is stored in the storage device from the electronic cash, and the electronic signature is stored in the i + 1st An electronic cash system , comprising: a computer that transmits the data to a receiving machine .
JP1553199A 1999-01-25 1999-01-25 Electronic cash system Expired - Lifetime JP3558544B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP1553199A JP3558544B2 (en) 1999-01-25 1999-01-25 Electronic cash system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP1553199A JP3558544B2 (en) 1999-01-25 1999-01-25 Electronic cash system

Publications (2)

Publication Number Publication Date
JP2000215257A JP2000215257A (en) 2000-08-04
JP3558544B2 true JP3558544B2 (en) 2004-08-25

Family

ID=11891405

Family Applications (1)

Application Number Title Priority Date Filing Date
JP1553199A Expired - Lifetime JP3558544B2 (en) 1999-01-25 1999-01-25 Electronic cash system

Country Status (1)

Country Link
JP (1) JP3558544B2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6532290B1 (en) * 1999-02-26 2003-03-11 Ericsson Inc. Authentication methods

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07296249A (en) * 1994-04-21 1995-11-10 Hitachi Ltd Automatic teller machine
JP3329432B2 (en) * 1996-05-29 2002-09-30 日本電信電話株式会社 Hierarchical electronic cash execution method and apparatus used therefor
JP3388566B2 (en) * 1996-08-30 2003-03-24 日本電信電話株式会社 Electronic check method and apparatus with license

Also Published As

Publication number Publication date
JP2000215257A (en) 2000-08-04

Similar Documents

Publication Publication Date Title
CN108885745B (en) Blockchain-based exchange with tokenization
CN109155035B (en) Method and system for efficiently transferring entities on a point-to-point distributed book using blockchains
CN109074580B (en) Method and system for secure transfer of entities over a blockchain
KR100289956B1 (en) Trustee agencies for the open distribution of electronic money
US7155418B2 (en) Electronic cash system
EP0886839B1 (en) System and method for commercial payments using trusted agents
Hwang et al. A new mobile payment scheme for roaming services
US20100217710A1 (en) Electronic money system and electronic money transaction method
US20200320490A1 (en) Method and system for conducting a transaction using private blockchain
CN112581127B (en) Commodity transaction method and device, computer equipment, storage medium and system
WO1999049427A1 (en) System and method for secure presentment and payment over open networks
SK117696A3 (en) Trusted agents for open electronic commerce
WO2002039391A2 (en) Returning of change in an electronic payment system
US8886932B2 (en) Message storage and transfer system
CN107909440B (en) Transaction synchronous clearing method and system for distributed general ledger system
JP2003132229A (en) Electronic information delivery system
Shamir Secureclick: A web payment system with disposable credit card numbers
CN111062717A (en) Data transfer processing method and device and computer readable storage medium
CN110223063B (en) Supply chain data management method and device based on zero knowledge proof
JP3558544B2 (en) Electronic cash system
Das et al. A secure payment protocol using mobile agents in an untrusted host environment
Herzberg Micropayments
US20230351387A1 (en) Information processing system, device, and method
US20220383312A1 (en) Multiple Format Crypto Currency System and Method
CN116569199A (en) Control method, control device, and program

Legal Events

Date Code Title Description
A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20031211

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20040203

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20040226

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20040420

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20040518

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20040518

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20090528

Year of fee payment: 5

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20090528

Year of fee payment: 5

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20100528

Year of fee payment: 6

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20110528

Year of fee payment: 7

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20110528

Year of fee payment: 7

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20120528

Year of fee payment: 8

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20130528

Year of fee payment: 9

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140528

Year of fee payment: 10

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

EXPY Cancellation because of completion of term