United States Patent Aug. 13,2002 - David Chaum/ W K2814 2875\ | send response 1 process res onse 4...

(12)

US006434238B1

US 6,434,238 B1 Aug. 13,2002

United States Patent Chaum et al.

(10) Patent N0.: (45) Date of Patent:

(54)

(75)

(73)

(*)

(21) (22)

(63)

(51) (52)

(58)

(56)

MULTI-PURPOSE TRANSACTION CARD FOREIGN PATENT DOCUMENTS

SYSTEM EP 0 281 224 9/1988

Inventors: David Chaum, Sherman Oaks, CA 8 1i/ 1988 . /1991

(US); Niels Ferguson; J elte Van Der EP 0439847 A1 8/1991 Hoek, bOih Of Amsterdam EP 0 535 863 4/1993

_ EP 0 573 245 12/1993 Ass1gnee: InfoSpace, Inc., Bellevue, WA (US) GB 2 274 523 7/1994

W0 WO 89/08957 9/1989 Notice: Subject to any disclaimer, the term of this W0 WO 90/04892 5/1990

patent is extended or adjusted under 35 USC 154(k)) by 0 days' OTHER PUBLICATIONS

Chaum et al, “Untraceable Electronic Cash”, Advances in Appl' NO" 08/909’480 Cyptology—Cryto ’88, pp. 319—327.

Filed: Allg- 11, 1997 Even et al, “On—line/Off—line Digital Signatures”, Advances in Cryptology—Crypto ’89, pp. 263—275.

Related US. Application Data (List continued on next page.)

Continuation of application No. PCT/US95/O1765, ?led on Feb. 13, 1995, which is a continuation-in-part of application - - - - No. 08/179,962, ?led on Jan. 11, 1994, now Pat. No. Prlmary Exammer—sa1vat0re Canglalosl

574347919 (57) ABSTRACT Int. Cl.7 ................................................ .. H04L 9/00 D_ 1 d _ 1 _ _ d

US. Cl. ......................... .. 380/45; 705/67; 713/172; 1.5‘? 056 ls a mu “Purpose transacnon Car System .com' 380/30 pr1smg an issuer, one or more cards, one or more terminals,

Field of Search ............................. .. 380/30, 4547, and epmnfally of It?“ aglglre’fommgmcifmg. ustng 235/380 705/67_69_ 713/169_172 avar1etyo cryptograp 1c con ent1a 1ty an~ aut enticatron

’ ’ methods. Cards authenticate messages using public key

References Cited based ‘cryptographic Without themselves performing the extensive computations usually associated With such cryp

U.S. PATENT DOCUMENTS tography. Integrity of complex transaction sequences and _ plural card storage updates are maintained, even under

3,668,653 A 6/1972 Fair et al. - - - - - - intentionally generated interruptions and/or modi?cations of 4,625,276 A 11/1986 Benton et al. . . 4 630 201 A 12/1986 White data transmitted betWeen card and termmal. Cards do not 477427546 A 5/1988 Nishimura reveal any information to the terminal Which is not directly 4,747,050 A * 5/1988 Brachtl et a1_ ______________ __ 380/45 necessary for the transaction or any information to Which the 4,771,376 A 9/1988 Kamiya terminal should not have access, though externally measur 4,771,461 A 9/1988 Matyas able aspects of its behavior. Transaction types supported 4,877,947 A 10/1989 Mori include those suitable for off-line credit cards, in Which the 47881264 A 11/1989 Merkle “open to buy” is maintained on the card. 4,885,777 A 12/1989 Takaragi et al.

(List continued on next page.) 10 Claims, 32 Drawing Sheets

tSSUUt’ TERMWAL

6 sum flm r2501

request dotu tmm and fun:

2501

send data It) 2m~\ telm'tnat

2m request tn issuer

process uuthovt'ml‘ton request 2H05\

make wt t

ma t send aulhattzatt'nn tespurse to tetmtmll 72m

tumtml »

recess res onse

' I ,44/7

2511K, mqtmsl payment pmot ttam curd ,2m 7””

send payment Mk \ pm)! '0 twmtnul

\zw

( [ND ) r2515

US 6,434,238 B1 Page 2

4,906,828 4,914,698 4,935,962 4,947,430 4,987,593 5,005,200 5,016,009 5,016,274 5,034,597 5,117,458 5,131,039 5,140,634 5,212,788 5,214,702 5,220,501 5,221,838 5,241,599 5,247,578 5,267,314 5,280,527 5,299,263 5,311,594 5,361,267

US. PATENT DOCUMENTS

>>>>>>>>>>>>>>>>>>>>>>> 3/1990 4/1990 6/1990 8/1990 1/1991 4/1991 5/1991 5/1991 7/1991 5/1992 7/1992 8/1992 5/1993 5/1993 6/1993 6/1993 8/1993 9/1993 11/1993 1/1994 3/1994 5/1994 11/1994

Halpern Chaum Austin Chaum Chaum Fischer Whiting et al. Micali et al. Atsumi et al. Takaragi et al. Chaum Guillou et al. Lomet el al. Fischer Lawlor et al. Gutman et al. Bellovin et al. Pailles et al. Stambler Gullman et al. Beller et al. PenZias Godiwala et al.

5,373,558 A 12/1994 Chaum 5,402,490 A 3/1995 Mihm, Jr. 5,434,919 A * 7/1995 Chaum ...................... .. 380/30

5,748,737 A * 5/1998 Daggar ..................... .. 235/380

OTHER PUBLICATIONS

BOX et al, SmartCash: A Practical Electronic Payment Sys tem, CWI Technical Report CS—R9035. Diffie et al, NeW Directions in Cyrptography, IEEE Trans actions on Information Theory, vol. IT22, No. 6, No. 79, pp. 644—654. Lamport, “Construction Digital Signatures form a One Way Function”, SRI Technical Report CSL—08. “Matrix Digital Signature for Use With the Date Encryption Algorithm”, IBM Technical Disclosure Bulletin, vol. 28, No. 2, Jul. 1985, pp. 603—604. Merkle, “A Digital Signature Based on a Conventional Encryption Function”, Advances in Cryptology—Crypto ’87, pp. 369—378. Chaum et al, “Undeniable Signatures”, Advances in Crytol ogy—Crypto ’89, pp. 212—216.

* cited by examiner

U.S. Patent Aug. 13, 2002 Sheet 3 0f 32 US 6,434,238 B1

@j

538

C

554

CP

505


50] 603 505 607 509 6 l 7

777 \

7% 3 7 @774

K7752 COM: 0 CLCOMI 0 for all i wiih CLCAN[i]=1

clear frame i CLCAN= 0


7500

( START )

‘I [7507

7503

YES

NO K1505

dele’re frome[sfored_idx]

V [7505

Find Frume[0]

K1520 goio Cancel

YES //508

CLCAN[s’rored_idx]= 1

V K7509 frume[siored_idx]=

sei checksum

m" M


v /1620 v K7630 COM: 0 COM: 1 (160112 O CLCAN: 0 for all i wi1h CLCAN[1]=1 for all i with CLCOM[i]:1

clear frame 1 clear frame 1 CLCAN= O CLCOM: 0

COM: 0

v [7640 N

mu: 1 0 [I770 COM: 1

> CLCAN= 0

v K754’ for all i wifh CLCOM[i]=1 clear frame 1

VN|U= 1 CLCOM= 0 COM: 0

- I650

Hg. é 11 /'77Z] END N|U= 1 ‘y K7722

WW: 1

'1 7750


1800

( START )

V K780] nr_found= 0

idx: index firsi frame

nr_found=nr_found+1 sfore_idx= idx

frume[idx] lust frame?

[I840 NBROK= 0 9010 rese’r

K1850 found none Feiumt

found one

|

v 7850

( END ) _ F1g. l8


7900

START

V K7907

Find Frume[i]

found none?

NBROK= 0 goio rese’r

reiurn: found one

data in irome[idx]

I return:

Hg. 19 7940

found none

V

END

'2020

E 2034 E

o ‘ | | | | i

2032 i

2057 "iii" _

cho|n & decrypi

-2000

2035 20(1)

/

/

r_____________.___..__________l._

/

Fig. 20


2177 2757

21/3 2'70 2114 2/33 2'50 2134

@?choin &_>@D @vchoin & CI'YP" A crypi B

69

ksb ksb 2202 2205 2302 Val 2303

/ V 7 22/2 chnf‘zm 23,2 Chn _r2313

V V

Fig 22 Q9/2204 21;; 22 Q3/2304 K2407

sfar’r s 'n proof

7" K2402 com d&

duiu e onge

" K2403

° 153$?" Fig. 34


TERMINAL [2507 CARD selecl keys make lerminal challenge send(challenge,l0f 2506 send proof f: [2507

decrypl proof sel ‘In Session’

Flg. 25

TERMINAL F2601 CARD selecl command chain command dala

send(command,dala) 2602 f_ /2603 check‘ln Session’ perform command chain command dala chain response dala

2504 send(response dala) 2605\ 4 \\

Ichain response dala |

Hg. 26


TERMINAL K270; CARD chain command doio encrypi proof1

send(proof1) {2702 K2705 chain command duic decryp’r proo? increase commii cn’rr encryp’r proofZ

Z704 encrypt proof_P 2705\ 4 \\

2707 j / > f

2706 COLL? 1 f2 f P) 2703 sen proo ,proo_

2709 §_ ................................... .. \ 4 finish commit

decrypi proof2 decrypt proof_P 2770

f} [2711 NDONE= 0

Fig. 2 7


ISSUER TERMINAL CARD

2800

[2807 request data from card [2802

/ : /2803 send data to

28 5 Z504\ terminal 0 \ = \ send authorization

Z806\ request to issuer 2807\ process authorization request 2808 V

I make script I 2809\ i send authorization response to terminal K2870

/ 28/7

: f I terminal performs script with card j

2872\ i send authorization code to card [2813

/ W K2814

2875\ | send response 1 4 \

process res onse \Z575

ii K2877 I terminal performs script with card I

28/8\ V request payment root from card 2879

p [7 [2820 i send payment

proof to terminal Z822\ _ \

[ verity POP ‘ \Z82/ ii

171g. 26’ END 2823

U.S. Patent Aug. 13, 2002

2900

l START )

Sheet 15 0f 32 US 6,434,238 B1

29,70 \ 1!

a W “Wyn-21507“? v

siuri session 1 | 1 2920\1 98? Proof | I done V2927 2 l

§ 2905

V

Y

i ‘ 902 i siuri session 2 I

L i i v _ _ _ _ _ “ _ _ _ _ _ _ ¢ _ _ _ _ _ _ _ _ _ k 3 i 3 3 _ _ , _ k i V W__'

v :

i L4 ----------- -+~~-4 ***** “4 --------- -+ ---------------- —-J

2905 v 2904 2905 2906 2907 2909 commit 1!

V

2934 r‘ “\i verif

1 2955 \{éenerm‘e AC 1|

V exiernol ouihen?cuiel

V 2938 \{generoie AC 2| Hg. 29

v 2959 manage opplico?on 2

seleci file P 2930

2940

get lost AC

U.S. Patent Aug. 13, 2002 Sheet 16 of 32 US 6,434,238 B1

TERMINAL CARD [3000

300, send_ commil lo 5002\ \\ lermlnal

slore commll choose c 3005 send a lo card

//_ [5004 send‘ response lo

3006\ 3005‘ lermlnal fermlnal verifies response Fig-o

\

37 70

l BEGIN l

v [377/

cnl: cnl+cond savel= cond*x+(l-cond)*savel > 1g. save2[cond]- y

v K5772 END

_/

TERMINAL CARD 3200\ send command

Gel proof {5207 [5202 52 ‘i if proofs available

0 5204 3\ send(proof2,proof3) \ < \ F1 32

process proofs1 D go send common one 5205

// [3206 I remove proofs I

U.S. Patent Aug . 13, 2002

TERMINAL

Sheet 17 0f 32 US 6,434,238 B1

5300

( BEGIN )

V K3307

sepd command 5304 CARD scr|pi[n] 10 cord 7 F3305

w perform command send

5306\ response to terminal

V K3509 v K3570 SCRlPT PERFORMED SCRIPT FAILED

V 537]

[ND .

U.S. Patent

3400 \

Aug. 13, 2002

sfarf

ferminal challenge) send command(key_bifs,

[5401 / _

5404 \ | end

7 send

5403 \ \

Sheet 18 0f 32

[3402 resp0nse(card challenge)

“sfarf session 1”

sforf send command(proof) K5477

/

54/4 \ | end

54/3 >| send response 4 \

I

sfarf send command(’rag)

5424 \ | end

54.30 X

[342 I /

5425 \ proof) \

send response(dafa,

K34 l2

“sfarf session 2”

K3422

s’rarf send command(fag, access,dafa,proof) [343i

/

3434 \ [end

5453—\>| send response = \

“puf frame”

5500\ sfarf send command(fag,proof)

3504 \ [end

[3507 /

l‘ “gef frame”

K3432

K3502 3503—\>|send response

_ \

I_ “kill frame”

US 6,434,238 B1

Hg. 34

United States Patent Aug. 13,2002 - David Chaum/ W K2814 2875\ | send response 1 process res onse 4...

Documents

Transcript of United States Patent Aug. 13,2002 - David Chaum/ W K2814 2875\ | send response 1 process res onse 4...