[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

US20030046210A1 - Anonymous acquisition of digital products based on secret splitting - Google Patents

Anonymous acquisition of digital products based on secret splitting Download PDF

Info

Publication number
US20030046210A1
US20030046210A1 US09/944,739 US94473901A US2003046210A1 US 20030046210 A1 US20030046210 A1 US 20030046210A1 US 94473901 A US94473901 A US 94473901A US 2003046210 A1 US2003046210 A1 US 2003046210A1
Authority
US
United States
Prior art keywords
identification
shareholders
entity
digital product
secret shares
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US09/944,739
Inventor
Poorvi Vora
Verna Knapp
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hewlett Packard Development Co LP
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US09/944,739 priority Critical patent/US20030046210A1/en
Application filed by Individual filed Critical Individual
Priority to US09/976,637 priority patent/US20030046198A1/en
Assigned to HEWLETT-PACKARD COMPANY reassignment HEWLETT-PACKARD COMPANY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: VORA, POORVI L., KNAPP, VERNA E.
Priority to US10/099,446 priority patent/US20030046213A1/en
Priority to US10/098,261 priority patent/US20030046200A1/en
Priority to US10/121,563 priority patent/US7711616B2/en
Priority to US10/143,081 priority patent/US7187772B2/en
Priority to GB0218771A priority patent/GB2382425A/en
Priority to EP02255806A priority patent/EP1288832A1/en
Priority to EP02255794A priority patent/EP1288830A1/en
Priority to EP02255792A priority patent/EP1288829A1/en
Priority to EP02255802A priority patent/EP1288831A1/en
Publication of US20030046210A1 publication Critical patent/US20030046210A1/en
Assigned to HEWLETT-PACKARD DEVELOPMENT COMPANY L.P. reassignment HEWLETT-PACKARD DEVELOPMENT COMPANY L.P. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HEWLETT-PACKARD COMPANY
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/383Anonymous user system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/06Asset management; Financial planning or analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the present invention relates generally to electronic commerce systems and, in particular, to the anonymous acquisition of digital products within such electronic commerce systems.
  • an entity 102 such as an individual or organization, may communicate with a provider 104 via a public network 103 .
  • the entity 102 transmits a variety of information to the provider 104 in order to acquire a product being offered by the provider 104 .
  • the information sent by the entity 102 typically comprises an identification of the entity, an identification of the product being acquired and, optionally, information regarding the price of the product being acquired.
  • the provider 104 may supply some or all of the information from the entity 102 to a credit agency 106 .
  • the provider 104 has specific knowledge of the products being purchased by the entity 102 .
  • the credit agency 106 has specific knowledge that the entity 102 is purchasing products from the provider 104 . While this information may be valuable to the provider, an increasing number of consumers object to commercial entities and other third parties having specific knowledge of their purchasing habits.
  • Anonymous acquisition of a digital product by an entity includes the method and apparatus that receives from the entity a plurality of acquisition-related variables necessary for the entity to acquire the digital product. At least some of the plurality of acquisition-related variables are split into a corresponding at least one set of variable secret shares. For each of the at least one set of variable secret shares, the set of variable secret shares is sent to a set of shareholders for long-term storage of the acquisition-related variables. Acquisition of the digital product by the entity is fulfilled based on the plurality of acquisition-related variables such that a provider of the digital product is unable to identify the entity.
  • FIG. 1 is a block diagram illustrating a typical arrangement used in electronic commerce in accordance with prior art techniques.
  • FIG. 2 is a block diagram illustrating an arrangement that may be used for electronic commerce in accordance with the present invention.
  • FIG. 3 is a flow chart illustrating a technique in accordance with the present invention.
  • FIGS. 4 - 7 illustrate operation of an anonymity service in accordance with an embodiment of the present invention.
  • the present invention provides a technique for anonymously conducting electronic commerce transactions while simultaneously providing a means for auditing or memorializing such transactions if later required.
  • electronic commerce encompasses substantially all scenarios in which an acquirer of a digital product desires privacy, such as purchases, free downloads of software, etc.
  • the present invention employs secret sharing techniques whereby information provided by an acquiring entity is kept confidential and yet accessible when required to fulfill the acquisition of a product via a public network such as the Internet or World Wide Web.
  • An entity desiring to acquire a digital product from a provider supplies acquisition-related data such as an entity identification, information identifying the digital product and a provider of the product and, if applicable, a price of the product to an anonymity service.
  • the anonymity service splits each of these pieces of information into a plurality of secret shares that are thereafter provided to corresponding sets of shareholders.
  • the nature of the secret splitting process is such that each shareholder is unable to reproduce the secret corresponding to the shareholder's share without the other shareholders involved in the process.
  • the anonymity service retains a transaction identification and identities of the shareholders, but does not store or otherwise retain the secrets, i.e., the acquisition-related data.
  • the anonymity service reconstructs each piece of information by requesting the secret shares from the shareholders such that it can anonymously fulfill the acquisition of the product.
  • the anonymity service verifies an acquiring entity's credit without identifying the particular product being acquired by the entity.
  • the anonymity service fulfills acquisition of the product from the product provider without identifying the entity acquiring the product. If later required, the anonymity service may reconstruct the secrets for the purposes of auditing, legal investigations or the like.
  • the present invention facilitates anonymous transactions via public networks such as the Internet and World Wide Web while still accommodating the need for accountability.
  • FIG. 2 there is illustrated a block diagram of a system 200 in accordance with the present invention.
  • an anonymity service 203 is provided as an intermediary between the entity 202 and provider 204 .
  • the anonymity service is in communication with a plurality of shareholders 207 , a clearing house 205 and a credit agency 206 .
  • direct connections are illustrated between the anonymity service 203 and the various other elements of the system 200 , it is understood that these connections may comprise paths established through public networks such as the Internet or World Wide Web, within private networks or through a combination of public and private networks.
  • each of a plurality of entities 202 may comprise any individual or organization capable of acquiring a digital product from the provider 204 .
  • each entity 202 communicates with the anonymity service 203 via a computer implementing a network communication program, such as a browser or the like.
  • the provider 204 may likewise comprise any individual or organization that provides digital products via a communication network.
  • digital products comprise anything capable of delivery via a communication network.
  • digital products may include downloadable software or digital data such as text, audio, video or images.
  • the anonymity service 203 preferably comprises a computer-implemented service available via a communication network such as the Internet or World Wide Web. As depicted in FIG. 2, the anonymity service 203 preferably comprises a processor 210 and memory 212 .
  • the anonymity service may be implemented using one or more network servers executing stored software routines as known in the art. A more detailed description of operation of the anonymity service 203 is provided below with reference to FIGS. 3 - 7 .
  • the anonymity service 203 is in communication with a plurality of shareholders 207 and a clearing house 205 .
  • each of the shareholders 207 is provided with a secret share which, by itself, does not enable an individual shareholder to reconstruct a secret.
  • the number of shareholders in each set of shareholders can be equal, although this is not a requirement.
  • each set of shareholders may be completely independent from all other sets of shareholders, or they may share any number of common members to the point where they are identical. In any event, each shareholder is capable of receiving secret shares from the anonymity service 203 .
  • each shareholder preferably comprises a computer-implemented device capable of communicating with the anonymity service 203 .
  • secret sharing schemes are vulnerable to the extent that separate shareholders could collaborate to ascertain the secret in their possession, it is advantageous to maintain the identity of each shareholder in confidence from the other shareholders.
  • shareholders in possession of the secret shares corresponding to a single secret may comprise competitors in a given industry. Such competitors are inherently unlikely or unwilling to share information with each other.
  • the shareholders may comprise a privacy organization that is dedicated to advocating privacy in electronic commerce, and therefore unlikely to collaborate with other shareholders.
  • the entity 202 may comprise one of the shareholders, or the shareholders 207 may be known to the entity 202 , such as family members or friends.
  • the clearing house 205 comprises a computer-implemented service used to credit an account of the provider 204 in those instances in which the transaction between the entity 202 and the provider 204 is a purchase of a digital product.
  • the credit agency 206 comprises a computer-implemented credit verification service used when a digital product is being purchased by the entity 202 .
  • the clearing house 205 and credit agency 206 allow the anonymity service 203 to anonymously fulfill a purchase request from the entity 202 . This is described in greater detail below with reference to FIGS. 4 - 7 .
  • the anonymity service securely receives acquisition-related variables necessary for an entity to acquire a digital product.
  • Security in the transmission of the acquisition-related variables may be provided using known techniques, such as encryption or a trusted path.
  • the acquisition-related variables comprise an entity identification, identifications of a provider of a digital product as well as the digital product itself, and in those instances in which the acquisition is a purchase, a purchase price.
  • the entity identification may comprise any unique identifier such as a public key, credit card number or the like.
  • the identifications of the provider and product may comprise any identifiers uniquely associated with the provider and product, respectively.
  • the acquisition-related variables preferably comprise a component of an acquisition request sent by the entity to the anonymity service.
  • the acquisition request may comprise a purchase request in those instances in which the digital product is offered for sale by the provider.
  • the acquisition request may comprise a request for a free digital product such as shareware or a trial software package as are known in the art.
  • the anonymity service additionally assigns a unique transaction identification to the acquisition request and associated acquisition-related variables.
  • the anonymity service uses the transaction identification to track and fulfill the acquisition request.
  • the anonymity service uses a cryptographic secret splitting technique to split each of the secrets, i.e., the acquisition-related variables, into a plurality of secret shares.
  • secret splitting techniques are well known in the art.
  • a secret splitting technique takes a secret and divides it up into pieces such that each piece by itself does not allow a holder of that piece to reconstruct the secret. However, a holder in possession of all of the pieces is able to reconstruct the secret.
  • secret S is represented as a string of bits having length M.
  • A generates two random bit strings, X and Y, each of length M.
  • the secret S is thereafter exclusive-OR'd with X and Y to provide a new bit string Z, also of length M:
  • A provides Z, X and Y (the secret shares) to, for example, B, C and D (the shareholders), respectively.
  • B, C or D is able to reconstruct the secret S based solely on their respective share (Z, X or Y).
  • the only way to reconstruct the secret is to combine the secret shares once again:
  • the secret shares created at block 304 are sent to shareholders for long term storage. While the secret shares could be sent to the shareholders in encrypted form in order to enhance security, the secret shares are sent unencrypted in a presently preferred embodiment.
  • the length of time required by each shareholder to store a corresponding secret share is a matter of design choice and may be dictated, for example, by legal requirements setting the length of time documentation regarding a transaction is to be stored.
  • the anonymity service additionally provides the transaction identification assigned at block 302 to each respective shareholder.
  • the anonymity service may provide an identification of the anonymity service itself to each shareholder.
  • the anonymity service at block 308 , associatively stores the transaction identification and identifications of the shareholders for each secret. That is, the transaction identification is associated with the identifications of the shareholders in possession of secret shares corresponding to that transaction.
  • the transaction identification and shareholder identifications stored by the anonymity service comprise the only information used by the anonymity service to reconstruct secrets corresponding to a given transaction. In this manner, the chances that an adverse party, such as a hacker, discovering an entity's identification, the identification of any providers with whom the entity is dealing with or the identification of any digital products acquired by that entity are substantially minimized.
  • the anonymity service anonymously fulfills the acquisition of the digital product requested by the entity.
  • the anonymity service does not disclose the identification of the acquiring entity and the digital product being acquired to any one party.
  • the anonymity service first reconstructs the identifications of the digital product and a provider of that product by recalling the corresponding secret shares from the appropriate sets of shareholders based on the corresponding transaction identification.
  • the anonymity service thereafter requests the product from the provider without providing the identification of the requesting entity.
  • the anonymity service Upon delivery of the digital product to the anonymity service, the anonymity service thereafter reconstructs the identification of the entity corresponding to that transaction number and provides the digital product to that entity.
  • the anonymity service again restricts any third party from learning the identification of the entity and the digital product being acquired. This is more fully described with reference to FIGS. 4 - 7 below.
  • the only records retained by the anonymity service comprise the transaction identification and the shareholder identifications associated with that transaction identification. If, in the future, a record memorializing the transaction is required (for example, for auditing or legal purposes), an appropriate record can be reconstructed at block 312 .
  • the anonymity service can reconstruct each secret by requesting the secret shares from the corresponding shareholders. In this manner, the present invention provides accountability to prevent fraud and the like while still providing a greater degree of privacy than previously available.
  • an entity wishing to purchase a digital product provides at least three pieces of information to the anonymity service: a provider/product identification, an entity identification, and a price as shown in FIG. 4.
  • the provider and product identifications are referred to as single piece of information.
  • the instant specification refers to one of either the product or provider identification, the other identification is understood to be available or incorporated. In practice, however, these identifications may be treated separately or in a unified fashion. Regardless, using the secret splitting techniques described above, each of these secrets is split into a corresponding plurality of secret shares as shown in FIG. 4.
  • the provider/product identification is split into a plurality of secret shares labeled PP 1 -PPx
  • the entity identification is split into a plurality of secret shares labeled EI 1 -Ely
  • the price is split into a plurality of secret shares labeled P 1 -Pz.
  • the values of x, y, and z do not have to be equal to each other and may take on any values as a matter of design choice.
  • each secret share illustrated also includes the transaction identification and, optionally, the identification of the anonymity service provider as previously described, either or both of which may be sent in encrypted form.
  • the identification of the anonymity service allows for the use of multiple anonymity services.
  • Each set of secret shares are sent to a corresponding set of shareholders as shown in FIG. 4.
  • the secret shares corresponding to the provider/product identification are sent to a first set of shareholders
  • the plurality of secret shares corresponding to the entity identification are sent to a second set of shareholders
  • the plurality of secret shares corresponding to the price are sent to a third set of shareholders.
  • the anonymity service does not retain copies of any of the secrets but instead retains the transaction identification and the identifications of the shareholders in each set of shareholders corresponding to that transaction identification.
  • the anonymity service In order to fulfill the purchase of the digital product, the anonymity service must first verify the available credit of the requesting entity. This is further illustrated in FIG. 5.
  • the anonymity service receives credit information from the entity attempting to purchase the digital product.
  • the credit information preferably comprises a credit card number, bank account number or any other type of information used to verify credit, as well as an identification of the financial institution against which the credit may be checked.
  • the credit information may be transmitted to the anonymity service using known encryption techniques.
  • the anonymity service requests the plurality of secret shares corresponding to the entity identification from the second set of shareholders. Likewise, the anonymity service requests the plurality of secret shares corresponding to the purchase price from the third set of shareholders.
  • the anonymity service reconstructs the entity identification and the price, which are thereafter transmitted to the credit agency along with the credit information. Based on this information, using known techniques, the credit agency can verify whether an amount of credit equal to the price is available to the entity identified by the entity identification. Note that the credit agency does not receive an identification of the digital product being purchased by the entity. In this manner, the entity is provided with greater privacy with respect to its purchase decisions.
  • the credit agency responds with a credit approval transaction identification which the anonymity service thereafter associates with the transaction identification.
  • the transaction identification can be sent by the anonymity service to the credit agency such that the credit agency, when responding with the credit approval transaction identification, may also inform the anonymity service which transaction the credit approval refers to.
  • the anonymity service and credit agency transmit information to the clearing house as illustrated in FIG. 6.
  • the anonymity service reconstructs the seller/product identification by recalling the plurality of secret shares from the first set of shareholders.
  • the seller/product identification is thereafter provided to the clearing house along with the credit approval transaction identification.
  • the credit agency provides the approved amount (the price) and the credit approval transaction identification to the clearing house as well.
  • the clearing house could request the approved amount from the credit agency based on the credit approval transaction identification received from the anonymity service.
  • the clearing house Seeing the credit approval transaction identification from both the anonymity service and the credit agency, the clearing house thereafter credits an amount equal to the price to an account of the provider for the sale of the product identified in the provider/product identification.
  • the clearing house associates a clearing house transaction identification with this transaction and sends the clearing house transaction identification back to the anonymity service. In this manner, the provider is subsequently able to ascertain the amount of revenue that it has generated based on the sale of its products without necessarily knowing the identification of the entities that are purchasing these products.
  • the anonymity service can complete fulfillment of the purchase by requesting the digital product from the provider. This is further illustrated in FIG. 7.
  • the anonymity service requests the plurality of secret shares from the first set of shareholders to reconstruct the provider/product identification.
  • the anonymity service can send a digital product request to the provider identifying the particular product being requested.
  • the provider sends the requested digital product back to the anonymity service.
  • the anonymity service sends the clearing house transaction identification to the provider such that the provider, prior to providing the product to the anonymity service, can verify payment with the clearing house.
  • the anonymity service thereafter requests the plurality of secret shares from the second set of shareholders in order to reconstruct the entity identification. Based on the entity identification the anonymity service is thereafter able to provide the digital product to the entity. In this manner, the anonymity service is able to provide the digital product to the entity without providing the identification of the entity to the provider.
  • secure multi-party computing could be used in place of the anonymity service. That is, rather than a single third party managing anonymous transactions, a distributed model may be employed. As known in the art, secure multi-party computation involves passing a digital object (e.g., a piece of data) from one shareholder to the next.
  • a digital object e.g., a piece of data
  • each shareholder performs an operation such that, by the time the last shareholder has completed its operation, a desired function has been achieved as a cumulative effect of the processing performed by each of the shareholders.
  • secret shares of public keys may be used in this manner to encrypt and decrypt data.
  • the provider could send the product to the acquiring entity in an encrypted form by letting the shareholders encrypt the product using secure multi-party computation.
  • the shareholders themselves may implement the product delivery or other functions of the secret shares (if the shareholders are known to each other) using known techniques.
  • the present invention has been described in terms of single transactions. However, it need not be so limited and could be expanded to handle multiple transactions. For example, where an entity seeks to purchase multiple electronic books from an on-line provider in a single transaction, the anonymity service could split the multiple products (the electronic books) into separate transactions as described above.
  • the splitting of a single transaction comprising multiple items into multiple transactions each comprising a single item also offers a solution to those instances in which one of the items is not available. Without splitting such a single transaction/multiple item request into separate transactions, the unavailability of one of the items would result in the acquiring entity having been approved for more than necessary.
  • an amount less than or equal to that which was approved may be paid to the product provider, with any overage credited back by the provider to the transaction identification and, in turn, to an account of the acquiring entity.
  • this process can be performed on each item separately.
  • the anonymity service rather than immediately splitting the secrets up, sending them to the shareholders and then recalling them thereafter for reconstruction, could immediately use the first required secret prior to splitting. For example, when an entity makes a purchase, rather than first splitting the entity's identity and subsequently reconstructing it when needed, the anonymity service could immediately send the entity's identity to the credit agency and thereafter split the entity's identity as needed. Similarly, where a non-purchase transaction occurs, the anonymity service could immediately provide the product identification to the provider and thereafter split the product identification. In either case, the anonymity service again does not retain the secrets after they have been split. In this manner, a degree of added efficiency is provided without a significant sacrifice in security.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Computer Security & Cryptography (AREA)
  • Technology Law (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Game Theory and Decision Science (AREA)
  • Human Resources & Organizations (AREA)
  • Operations Research (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

An entity acquiring a digital product from a provider supplies acquisition-related data such as an entity identification as well as information identifying a provider of the product and, if applicable, a price of the product to an anonymity service. In turn, the anonymity service splits each of these pieces of information into a plurality of secret shares that are thereafter provided to corresponding sets of shareholders. The anonymity service retains a transaction identification and identities of the shareholders, but does not store or otherwise retain the secrets, i.e., the acquisition-related data. When needed, the anonymity service reconstructs the secrets by requesting the secret shares from the shareholders such that it can anonymously fulfill the acquisition of the product. If later required, the anonymity service may reconstruct the secrets for the purposes of auditing, legal investigations or the like. In this manner, retraceable anonymous electronic transactions are made possible.

Description

    FIELD OF THE INVENTION
  • The present invention relates generally to electronic commerce systems and, in particular, to the anonymous acquisition of digital products within such electronic commerce systems. [0001]
    • BACKGROUND OF THE INVENTION
  • Electronic commerce is increasingly becoming a part of everyday life. In particular, the rapid growth of the Internet and World Wide Web has lead to a corresponding increase in the ability to acquire goods and services remotely. A generalized example in accordance with current techniques is illustrated in FIG. 1. In particular, an [0002] entity 102, such as an individual or organization, may communicate with a provider 104 via a public network 103. The entity 102 transmits a variety of information to the provider 104 in order to acquire a product being offered by the provider 104. The information sent by the entity 102 typically comprises an identification of the entity, an identification of the product being acquired and, optionally, information regarding the price of the product being acquired. In turn, where the acquisition is a purchase, the provider 104 may supply some or all of the information from the entity 102 to a credit agency 106. As a result, the provider 104 has specific knowledge of the products being purchased by the entity 102. Likewise, the credit agency 106 has specific knowledge that the entity 102 is purchasing products from the provider 104. While this information may be valuable to the provider, an increasing number of consumers object to commercial entities and other third parties having specific knowledge of their purchasing habits.
  • The desire for privacy has lead to an increase in a number of services that maintain in secret the identity of users of those services. For example, a variety of anonymous e-mail services are currently available whereby recipients of an e-mail are not able to associate the sending entity's identification with the e-mail. While such services help maintain privacy, they also provide a means by which malicious parties may act more freely. Furthermore, in a purchase transaction, such anonymity could be used to perpetuate fraud against vendors. Therefore, a need exists for technique that provides enhanced privacy during e-commerce transactions, but that also provides a degree of accountability such that the opportunity for malicious acts is minimized. [0003]
    • SUMMARY OF THE INVENTION
  • Anonymous acquisition of a digital product by an entity includes the method and apparatus that receives from the entity a plurality of acquisition-related variables necessary for the entity to acquire the digital product. At least some of the plurality of acquisition-related variables are split into a corresponding at least one set of variable secret shares. For each of the at least one set of variable secret shares, the set of variable secret shares is sent to a set of shareholders for long-term storage of the acquisition-related variables. Acquisition of the digital product by the entity is fulfilled based on the plurality of acquisition-related variables such that a provider of the digital product is unable to identify the entity.[0004]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram illustrating a typical arrangement used in electronic commerce in accordance with prior art techniques. [0005]
  • FIG. 2 is a block diagram illustrating an arrangement that may be used for electronic commerce in accordance with the present invention. [0006]
  • FIG. 3 is a flow chart illustrating a technique in accordance with the present invention. [0007]
  • FIGS. [0008] 4-7 illustrate operation of an anonymity service in accordance with an embodiment of the present invention.
    • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
  • The present invention provides a technique for anonymously conducting electronic commerce transactions while simultaneously providing a means for auditing or memorializing such transactions if later required. In the context of the present invention, electronic commerce encompasses substantially all scenarios in which an acquirer of a digital product desires privacy, such as purchases, free downloads of software, etc. In particular, the present invention employs secret sharing techniques whereby information provided by an acquiring entity is kept confidential and yet accessible when required to fulfill the acquisition of a product via a public network such as the Internet or World Wide Web. An entity desiring to acquire a digital product from a provider supplies acquisition-related data such as an entity identification, information identifying the digital product and a provider of the product and, if applicable, a price of the product to an anonymity service. In turn, the anonymity service splits each of these pieces of information into a plurality of secret shares that are thereafter provided to corresponding sets of shareholders. The nature of the secret splitting process is such that each shareholder is unable to reproduce the secret corresponding to the shareholder's share without the other shareholders involved in the process. The anonymity service retains a transaction identification and identities of the shareholders, but does not store or otherwise retain the secrets, i.e., the acquisition-related data. When needed, the anonymity service reconstructs each piece of information by requesting the secret shares from the shareholders such that it can anonymously fulfill the acquisition of the product. In one embodiment of the present invention, the anonymity service verifies an acquiring entity's credit without identifying the particular product being acquired by the entity. Likewise, in another embodiment of the present invention, the anonymity service fulfills acquisition of the product from the product provider without identifying the entity acquiring the product. If later required, the anonymity service may reconstruct the secrets for the purposes of auditing, legal investigations or the like. By storing secret shares with a plurality of shareholders, the present invention facilitates anonymous transactions via public networks such as the Internet and World Wide Web while still accommodating the need for accountability. [0009]
  • The present invention may be more readily described with reference to FIGS. [0010] 2-7. Referring now to FIG. 2, there is illustrated a block diagram of a system 200 in accordance with the present invention. In particular, an anonymity service 203 is provided as an intermediary between the entity 202 and provider 204. Additionally, the anonymity service is in communication with a plurality of shareholders 207, a clearing house 205 and a credit agency 206. Although direct connections are illustrated between the anonymity service 203 and the various other elements of the system 200, it is understood that these connections may comprise paths established through public networks such as the Internet or World Wide Web, within private networks or through a combination of public and private networks.
  • In the context of the present invention, each of a plurality of entities [0011] 202 (one shown) may comprise any individual or organization capable of acquiring a digital product from the provider 204. In practice, each entity 202 communicates with the anonymity service 203 via a computer implementing a network communication program, such as a browser or the like. The provider 204, in turn, may likewise comprise any individual or organization that provides digital products via a communication network. In the context of the present invention, digital products comprise anything capable of delivery via a communication network. For example, digital products may include downloadable software or digital data such as text, audio, video or images. Those having ordinary skill in the art will recognize that other types of digital products may be used in conjunction with the present invention, and the present invention is not limited in this regard.
  • The [0012] anonymity service 203 preferably comprises a computer-implemented service available via a communication network such as the Internet or World Wide Web. As depicted in FIG. 2, the anonymity service 203 preferably comprises a processor 210 and memory 212. For example, the anonymity service may be implemented using one or more network servers executing stored software routines as known in the art. A more detailed description of operation of the anonymity service 203 is provided below with reference to FIGS. 3-7.
  • The [0013] anonymity service 203 is in communication with a plurality of shareholders 207 and a clearing house 205. As described in greater detailed below, each of the shareholders 207 is provided with a secret share which, by itself, does not enable an individual shareholder to reconstruct a secret. Preferably, for each secret involved in a given transaction, there exists a separate set of shareholders used to maintain secret shares about that secret. The number of shareholders in each set of shareholders can be equal, although this is not a requirement. As a matter of design choice, each set of shareholders may be completely independent from all other sets of shareholders, or they may share any number of common members to the point where they are identical. In any event, each shareholder is capable of receiving secret shares from the anonymity service 203. To this end, each shareholder preferably comprises a computer-implemented device capable of communicating with the anonymity service 203. Because secret sharing schemes are vulnerable to the extent that separate shareholders could collaborate to ascertain the secret in their possession, it is advantageous to maintain the identity of each shareholder in confidence from the other shareholders. Furthermore, it is preferred to select the shareholders such that they have an inherent reason not to collaborate with each other. For example, shareholders in possession of the secret shares corresponding to a single secret may comprise competitors in a given industry. Such competitors are inherently unlikely or unwilling to share information with each other. Additionally, the shareholders may comprise a privacy organization that is dedicated to advocating privacy in electronic commerce, and therefore unlikely to collaborate with other shareholders. Further still, the entity 202 may comprise one of the shareholders, or the shareholders 207 may be known to the entity 202, such as family members or friends.
  • The [0014] clearing house 205 comprises a computer-implemented service used to credit an account of the provider 204 in those instances in which the transaction between the entity 202 and the provider 204 is a purchase of a digital product. The credit agency 206 comprises a computer-implemented credit verification service used when a digital product is being purchased by the entity 202. Together, the clearing house 205 and credit agency 206 allow the anonymity service 203 to anonymously fulfill a purchase request from the entity 202. This is described in greater detail below with reference to FIGS. 4-7.
  • Referring now to FIG. 3, a method in accordance with the present invention is illustrated. In particular, the method of FIG. 3 is preferably implemented by the [0015] anonymity service 203. Thus, at block 302 the anonymity service securely receives acquisition-related variables necessary for an entity to acquire a digital product. Security in the transmission of the acquisition-related variables may be provided using known techniques, such as encryption or a trusted path. In the context of the present invention, the acquisition-related variables comprise an entity identification, identifications of a provider of a digital product as well as the digital product itself, and in those instances in which the acquisition is a purchase, a purchase price. The entity identification may comprise any unique identifier such as a public key, credit card number or the like. Likewise, the identifications of the provider and product may comprise any identifiers uniquely associated with the provider and product, respectively. Those having ordinary skill in the art will appreciate that a greater or lesser number of acquisition-related variables may be used as determined by the type of acquisition being undertaken. The acquisition-related variables preferably comprise a component of an acquisition request sent by the entity to the anonymity service. The acquisition request may comprise a purchase request in those instances in which the digital product is offered for sale by the provider. Alternatively, the acquisition request may comprise a request for a free digital product such as shareware or a trial software package as are known in the art. Regardless, at block 302, the anonymity service additionally assigns a unique transaction identification to the acquisition request and associated acquisition-related variables. The anonymity service uses the transaction identification to track and fulfill the acquisition request.
  • At [0016] block 304, the anonymity service uses a cryptographic secret splitting technique to split each of the secrets, i.e., the acquisition-related variables, into a plurality of secret shares. Such secret splitting techniques are well known in the art. In essence, a secret splitting technique takes a secret and divides it up into pieces such that each piece by itself does not allow a holder of that piece to reconstruct the secret. However, a holder in possession of all of the pieces is able to reconstruct the secret.
  • As an example of secret sharing, assume that a party A wishes to split a secret S into three shares that will be subsequently given to parties B, C and D. In accordance with a preferred embodiment of the present invention, further assume that the secret S is represented as a string of bits having length M. First, A generates two random bit strings, X and Y, each of length M. (Techniques for generating random bit strings are well known in the art of cryptography and are therefore not described in detail herein.) The secret S is thereafter exclusive-OR'd with X and Y to provide a new bit string Z, also of length M:[0017]
  • Z=S⊕X⊕Y
  • Thereafter, A provides Z, X and Y (the secret shares) to, for example, B, C and D (the shareholders), respectively. Note that none of B, C or D is able to reconstruct the secret S based solely on their respective share (Z, X or Y). To the contrary, the only way to reconstruct the secret is to combine the secret shares once again:[0018]
  • S=Z⊕X⊕Y
  • While this is a simple example, it illustrates the basic concept and implementation of secret splitting. For example, a larger number of shareholders may be employed by simply generating additional random bit strings to combine with the secret. One publication teaching a variety of cryptographic secret splitting techniques is “Applied Cryptography” by Bruce Schneier (John Marley & Sons, 1996), the teachings of which are incorporated herein by this reference. Referring back to FIG. 3, the number of secret shares provided at [0019] block 304 for each secret is a matter of design choice. Furthermore, the number of secret shares for one secret does not necessarily have to be equal to the number of secret shares for another secret.
  • At [0020] block 306, the secret shares created at block 304 are sent to shareholders for long term storage. While the secret shares could be sent to the shareholders in encrypted form in order to enhance security, the secret shares are sent unencrypted in a presently preferred embodiment. The length of time required by each shareholder to store a corresponding secret share is a matter of design choice and may be dictated, for example, by legal requirements setting the length of time documentation regarding a transaction is to be stored. Once these secrets have been split and sent to the respective shareholders, the anonymity service discards any copies of the secrets. In essence, the anonymity service consumes each secret and distributes the resulting secret shares to corresponding shareholders. So that each secret share can be later recalled by the anonymity service as needed, the anonymity service additionally provides the transaction identification assigned at block 302 to each respective shareholder. Optionally, the anonymity service may provide an identification of the anonymity service itself to each shareholder. Substantially simultaneous to the transmission of the secret shares to the shareholders, the anonymity service, at block 308, associatively stores the transaction identification and identifications of the shareholders for each secret. That is, the transaction identification is associated with the identifications of the shareholders in possession of secret shares corresponding to that transaction. The transaction identification and shareholder identifications stored by the anonymity service comprise the only information used by the anonymity service to reconstruct secrets corresponding to a given transaction. In this manner, the chances that an adverse party, such as a hacker, discovering an entity's identification, the identification of any providers with whom the entity is dealing with or the identification of any digital products acquired by that entity are substantially minimized.
  • At [0021] block 310, the anonymity service anonymously fulfills the acquisition of the digital product requested by the entity. In this regard, the anonymity service does not disclose the identification of the acquiring entity and the digital product being acquired to any one party. For example, where the entity is acquiring a free software download the anonymity service first reconstructs the identifications of the digital product and a provider of that product by recalling the corresponding secret shares from the appropriate sets of shareholders based on the corresponding transaction identification. The anonymity service thereafter requests the product from the provider without providing the identification of the requesting entity. Upon delivery of the digital product to the anonymity service, the anonymity service thereafter reconstructs the identification of the entity corresponding to that transaction number and provides the digital product to that entity. Where the acquisition by the entity is a purchase of a digital product, the anonymity service again restricts any third party from learning the identification of the entity and the digital product being acquired. This is more fully described with reference to FIGS. 4-7 below.
  • Once the acquisition of the digital product has been filled by the anonymity service, the only records retained by the anonymity service comprise the transaction identification and the shareholder identifications associated with that transaction identification. If, in the future, a record memorializing the transaction is required (for example, for auditing or legal purposes), an appropriate record can be reconstructed at [0022] block 312. To this end, the anonymity service can reconstruct each secret by requesting the secret shares from the corresponding shareholders. In this manner, the present invention provides accountability to prevent fraud and the like while still providing a greater degree of privacy than previously available.
  • Referring now to FIGS. [0023] 4-7, a technique for purchasing a digital product in accordance with the present invention is illustrated. In particular, an entity wishing to purchase a digital product provides at least three pieces of information to the anonymity service: a provider/product identification, an entity identification, and a price as shown in FIG. 4. Note that, for the sake of simplicity, the provider and product identifications are referred to as single piece of information. Where the instant specification refers to one of either the product or provider identification, the other identification is understood to be available or incorporated. In practice, however, these identifications may be treated separately or in a unified fashion. Regardless, using the secret splitting techniques described above, each of these secrets is split into a corresponding plurality of secret shares as shown in FIG. 4. In particular, the provider/product identification is split into a plurality of secret shares labeled PP1-PPx, the entity identification is split into a plurality of secret shares labeled EI1-Ely, and the price is split into a plurality of secret shares labeled P1-Pz. Note that the values of x, y, and z do not have to be equal to each other and may take on any values as a matter of design choice. Note also that, although not shown in FIG. 4, each secret share illustrated also includes the transaction identification and, optionally, the identification of the anonymity service provider as previously described, either or both of which may be sent in encrypted form. The identification of the anonymity service allows for the use of multiple anonymity services. Each set of secret shares are sent to a corresponding set of shareholders as shown in FIG. 4. In the example shown, the secret shares corresponding to the provider/product identification are sent to a first set of shareholders, the plurality of secret shares corresponding to the entity identification are sent to a second set of shareholders, and the plurality of secret shares corresponding to the price are sent to a third set of shareholders. Once again, note that the anonymity service does not retain copies of any of the secrets but instead retains the transaction identification and the identifications of the shareholders in each set of shareholders corresponding to that transaction identification.
  • In order to fulfill the purchase of the digital product, the anonymity service must first verify the available credit of the requesting entity. This is further illustrated in FIG. 5. The anonymity service receives credit information from the entity attempting to purchase the digital product. The credit information preferably comprises a credit card number, bank account number or any other type of information used to verify credit, as well as an identification of the financial institution against which the credit may be checked. The credit information may be transmitted to the anonymity service using known encryption techniques. Additionally, based on the transaction identification, the anonymity service requests the plurality of secret shares corresponding to the entity identification from the second set of shareholders. Likewise, the anonymity service requests the plurality of secret shares corresponding to the purchase price from the third set of shareholders. Based on these secret shares, the anonymity service reconstructs the entity identification and the price, which are thereafter transmitted to the credit agency along with the credit information. Based on this information, using known techniques, the credit agency can verify whether an amount of credit equal to the price is available to the entity identified by the entity identification. Note that the credit agency does not receive an identification of the digital product being purchased by the entity. In this manner, the entity is provided with greater privacy with respect to its purchase decisions. [0024]
  • Assuming that a sufficient amount of credit is available to the purchasing entity, the credit agency responds with a credit approval transaction identification which the anonymity service thereafter associates with the transaction identification. Note that the transaction identification can be sent by the anonymity service to the credit agency such that the credit agency, when responding with the credit approval transaction identification, may also inform the anonymity service which transaction the credit approval refers to. Those having ordinary skill in the art will recognize that other techniques for associating the transaction identification with the credit approval transaction identification may be equally employed. [0025]
  • Regardless, once credit approval has been ascertained by the anonymity service, a corresponding amount must be credited to an account of the provider for the purchase of the specific digital product. To this end, the anonymity service and credit agency transmit information to the clearing house as illustrated in FIG. 6. In particular, the anonymity service reconstructs the seller/product identification by recalling the plurality of secret shares from the first set of shareholders. The seller/product identification is thereafter provided to the clearing house along with the credit approval transaction identification. Substantially simultaneously, the credit agency provides the approved amount (the price) and the credit approval transaction identification to the clearing house as well. Alternatively, the clearing house could request the approved amount from the credit agency based on the credit approval transaction identification received from the anonymity service. Seeing the credit approval transaction identification from both the anonymity service and the credit agency, the clearing house thereafter credits an amount equal to the price to an account of the provider for the sale of the product identified in the provider/product identification. In response, the clearing house associates a clearing house transaction identification with this transaction and sends the clearing house transaction identification back to the anonymity service. In this manner, the provider is subsequently able to ascertain the amount of revenue that it has generated based on the sale of its products without necessarily knowing the identification of the entities that are purchasing these products. [0026]
  • Once the account of the provider has been credited with the proper amount, the anonymity service can complete fulfillment of the purchase by requesting the digital product from the provider. This is further illustrated in FIG. 7. In particular, the anonymity service requests the plurality of secret shares from the first set of shareholders to reconstruct the provider/product identification. Based on the provider/product identification, the anonymity service can send a digital product request to the provider identifying the particular product being requested. In response, the provider sends the requested digital product back to the anonymity service. Additionally, the anonymity service sends the clearing house transaction identification to the provider such that the provider, prior to providing the product to the anonymity service, can verify payment with the clearing house. Once the digital product has been delivered to the anonymity service, the anonymity service thereafter requests the plurality of secret shares from the second set of shareholders in order to reconstruct the entity identification. Based on the entity identification the anonymity service is thereafter able to provide the digital product to the entity. In this manner, the anonymity service is able to provide the digital product to the entity without providing the identification of the entity to the provider. [0027]
  • In the foregoing specification, the invention has been described with reference to specific embodiments. However, one of ordinary skill in the art appreciates that various modifications and changes can be made without departing from the scope of the present invention as set forth in the claims below. Accordingly, the specification and figures are to be regarded in an illustrative rather than a restrictive sense, and all such modifications are intended to be included within the scope of present invention. For example, secure multi-party computing could be used in place of the anonymity service. That is, rather than a single third party managing anonymous transactions, a distributed model may be employed. As known in the art, secure multi-party computation involves passing a digital object (e.g., a piece of data) from one shareholder to the next. Throughout this chain, each shareholder performs an operation such that, by the time the last shareholder has completed its operation, a desired function has been achieved as a cumulative effect of the processing performed by each of the shareholders. For example, secret shares of public keys may be used in this manner to encrypt and decrypt data. As a result, the provider could send the product to the acquiring entity in an encrypted form by letting the shareholders encrypt the product using secure multi-party computation. Thus, in the context of the present invention, the shareholders themselves may implement the product delivery or other functions of the secret shares (if the shareholders are known to each other) using known techniques. [0028]
  • Furthermore, the present invention has been described in terms of single transactions. However, it need not be so limited and could be expanded to handle multiple transactions. For example, where an entity seeks to purchase multiple electronic books from an on-line provider in a single transaction, the anonymity service could split the multiple products (the electronic books) into separate transactions as described above. The splitting of a single transaction comprising multiple items into multiple transactions each comprising a single item also offers a solution to those instances in which one of the items is not available. Without splitting such a single transaction/multiple item request into separate transactions, the unavailability of one of the items would result in the acquiring entity having been approved for more than necessary. In this case, an amount less than or equal to that which was approved may be paid to the product provider, with any overage credited back by the provider to the transaction identification and, in turn, to an account of the acquiring entity. Alternatively, where such a single transaction/multiple item request is split into separate transactions, this process can be performed on each item separately. [0029]
  • In yet another embodiment, the anonymity service, rather than immediately splitting the secrets up, sending them to the shareholders and then recalling them thereafter for reconstruction, could immediately use the first required secret prior to splitting. For example, when an entity makes a purchase, rather than first splitting the entity's identity and subsequently reconstructing it when needed, the anonymity service could immediately send the entity's identity to the credit agency and thereafter split the entity's identity as needed. Similarly, where a non-purchase transaction occurs, the anonymity service could immediately provide the product identification to the provider and thereafter split the product identification. In either case, the anonymity service again does not retain the secrets after they have been split. In this manner, a degree of added efficiency is provided without a significant sacrifice in security. [0030]
  • Benefits, other advantages, and solutions to problems have been described above with regard to specific embodiments. However, the benefits, advantages, solutions to problems, and any element(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as a critical, required, or essential features or elements of any or all the claims. As used herein, the terms “comprises,” “comprising,” or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. [0031]

Claims (25)

What is claimed is:
1. A method by an anonymity service provider for anonymous acquisition of a digital product by an entity, the method comprising:
receiving, from the entity, a plurality of acquisition-related variables necessary for the entity to acquire the digital product;
splitting at least some of the plurality of acquisition-related variables into a corresponding at least one set of variable secret shares;
for each of the at least one set of variable secret shares, sending the set of variable secret shares to a set of shareholders for long-term storage of the acquisition-related variables; and
fulfilling acquisition of the digital product by the entity based on the plurality of acquisition-related variables such that a provider of the digital product is unable to identify the entity.
2. The method of claim 1, further comprising:
assigning a transaction identification to the plurality of acquisition-related variables; and
associatively storing the transaction identification with identifications of shareholders of each set of shareholders.
3. The method of claim 1, wherein a first set of shareholders receive a first set of variable secret shares and at least a second set of shareholders receive at least a second set of variable secret shares.
4. The method of claim 3, wherein the first set of shareholders is not identical to the at least second set of shareholders.
5. The method of claim 4, wherein the first set of shareholders and each of the at least second set of shareholders do not share any common members.
6. The method of claim 3, wherein the first set of shareholders is identical to each of the at least second set of shareholders.
7. The method of claim 1, wherein the plurality of acquisition-related variables comprises an entity identification corresponding to the entity and a digital product identification corresponding to the digital product.
8. The method of claim 7, wherein the plurality of acquisition-related variables further comprises a purchase price corresponding to the digital product.
9. The method of claim 8, wherein the plurality of acquisition-related variables comprise credit information, and wherein fulfilling acquisition of the digital product further comprises:
verifying credit of the entity with a credit agency based on the entity identification, purchase price and credit information such that the credit agency is unable to identify the digital product or the provider of the digital product.
10. A method for an anonymity service provider to support anonymous acquisition, by an entity, of a digital product, the method comprising:
receiving, from the entity, an acquisition request comprising a digital product identification corresponding to the digital product and an entity identification corresponding to the entity;
assigning a transaction identification that uniquely identifies the acquisition request;
upon receipt of the digital product identification, splitting, without retaining, the digital product identification into a plurality of digital product identification secret shares;
upon receipt of the entity identification, splitting, without retaining, the entity identification into a plurality of entity identification secret shares; and
sending the transaction identification, the plurality of digital product identification secret shares and the plurality of entity identification secret shares to at least one set of shareholders,
wherein the anonymity service provider associatively stores the transaction identification with identifications of shareholders of the at least one set of shareholders.
11. The method of claim 10, wherein the anonymity service provider communicates with the entity via a public communication network.
12. The method of claim 10, wherein a first set of shareholders of the at least one set of shareholders receive the plurality of digital product identification secret shares and a second set of shareholders of the at least one set of shareholders receive the plurality of entity identification secret shares.
13. The method of claim 12, wherein the first set of shareholders is not identical to the second set of shareholders.
14. The method of claim 13, wherein the first set of shareholders and the second set of shareholders do not share any common members.
15. The method of claim 12, wherein the first set of shareholders is identical to the second set of shareholders.
16. The method of claim 10, further comprising:
requesting, based on the stored transaction identification and identifications of shareholders, the plurality of digital product identification secret shares from the at least one set of shareholders;
reconstructing the digital product identification based on the plurality of digital product identification secret shares;
sending a digital product request comprising the digital product identification to a provider of the digital product, where in the anonymity service provider does not subsequently retain the digital product identification:
receiving, in response to the digital product request, the digital product from the provider;
requesting, based on the stored transaction identification and identifications of shareholders, the plurality of entity identification secret shares from the at least one set of shareholders;
reconstructing the entity identification based on the plurality of entity identification secret shares; and
sending the digital product to the entity based on the entity identification, wherein the anonymity service provider does not subsequently retain the entity identification.
17. The method of claim 16, wherein the acquisition request further comprises a purchase price corresponding to the digital product, the method further comprising:
upon receipt of the purchase price, splitting, without retaining, the purchase price into a plurality of purchase price secret shares; and
sending the plurality of purchase price secret shares to an additional set of shareholders,
wherein the anonymity service provider associatively stores the transaction identification with identifications of shareholders of the additional set of shareholders.
18. The method of claim 17, further comprising:
receiving, from the entity, credit information;
requesting, based on the stored transaction identification and identifications of shareholders, the plurality of purchase price secret shares from the additional set of shareholders;
reconstructing the purchase price based on the plurality of purchase price secret shares;
requesting, based on the stored transaction identification and identifications of shareholders, the plurality of entity identification secret shares from the at least one set of shareholders;
reconstructing the entity identification based on the plurality of entity identification secret shares;
sending, based on the credit information, a credit verification request comprising the transaction identification, the entity identification, the purchase price and the credit information to a credit agency, wherein the anonymity service provider does not subsequently retain the entity identification, the purchase price and the credit information;
receiving, from the credit agency, a credit approval identification and the transaction identification;
requesting, based on the stored transaction identification and identifications of shareholders, the plurality of digital product identification secret shares from the at least one set of shareholders;
reconstructing the digital product identification based on the plurality of digital product identification secret shares;
sending the digital product identification and the credit approval identification to a clearing house in order to credit an amount equal to the purchase price to an account of the provider, wherein the anonymity service provider does not subsequently retain the digital product identification, the purchase price and the credit information.
19. An apparatus for providing anonymous acquisition of a digital product by an entity, comprising:
means for receiving, from the entity, a plurality of acquisition-related variables necessary for the entity to acquire the digital product;
means for splitting at least some of the plurality of acquisition-related variables into a corresponding at least one set of variable secret shares;
means for sending, for each of the at least one set of variable secret shares, the set of variable secret shares to a set of shareholders for long-term storage of the acquisition-related variables; and
means for fulfilling acquisition of the digital product by the entity based on the plurality of acquisition-related variables such that a provider of the digital product is unable to identify the entity.
20. The apparatus of claim 19, further comprising:
means for assigning a transaction identification to the plurality of acquisition-related variables; and
means for associatively storing the transaction identification with identifications of shareholders of each set of shareholders.
21. An apparatus for providing anonymous acquisition of a digital product by an entity, comprising:
means for receiving, from the entity, an acquisition request comprising a digital product identification corresponding to the digital product and an entity identification corresponding to the entity;
means for assigning a transaction identification that uniquely identifies the acquisition request;
means for splitting, without retaining, the digital product identification into a plurality of digital product identification secret shares upon receipt of the digital product identification, and for splitting, without retaining, the entity identification into a plurality of entity identification secret shares; and
means for sending the transaction identification, the plurality of digital product identification secret shares and the plurality of entity identification secret shares to at least one set of shareholders,
wherein the apparatus associatively stores the transaction identification with identifications of shareholders of the at least one set of shareholders.
22. The apparatus of claim 21, further comprising a network connection, coupled to the means for receiving and the means for sending, whereby the apparatus communicates with the entity via a public communication network.
23. The apparatus of claim 21, further comprising:
means for requesting, based on the stored transaction identification and identifications of shareholders, the plurality of digital product identification secret shares from the at least one set of shareholders;
means for reconstructing the digital product identification based on the plurality of digital product identification secret shares;
means for sending a digital product request comprising the digital product identification to a provider of the digital product, wherein the apparatus does not subsequently retain the digital product identification;
means for receiving, in response to the digital product request, the digital product from the provider;
means for requesting, based on the stored transaction identification and identifications of shareholders, the plurality of entity identification secret shares from the at least one set of shareholders;
means for reconstructing the entity identification based on the plurality of entity identification secret shares; and
means for sending the digital product to the entity based on the entity identification, wherein the anonymity service provider does not subsequently retain the entity identification.
24. The apparatus of claim 23, wherein the acquisition request further comprises a purchase price corresponding to the digital product, the apparatus further comprising:
means for splitting, without retaining, the purchase price into a plurality of purchase price secret shares upon receipt of the purchase price; and
means for sending the plurality of purchase price secret shares to an additional set of shareholders,
wherein the apparatus associatively stores the transaction identification with identifications of shareholders of the additional set of shareholders.
25. The apparatus of claim 24, further comprising:
means for receiving, from the entity, credit information;
means for requesting, based on the stored transaction identification and identifications of shareholders, the plurality of purchase price secret shares from the additional set of shareholders;
means for reconstructing the purchase price based on the plurality of purchase price secret shares;
means for requesting, based on the stored transaction identification and identifications of shareholders, the plurality of entity identification secret shares from the at least one set of shareholders;
means for reconstructing the entity identification based on the plurality of entity identification secret shares;
means for sending, based on the credit information, a credit verification request comprising the transaction identification, the entity identification, the purchase price and the credit information to a credit agency, wherein the apparatus does not subsequently retain the entity identification, the purchase price and the credit information;
means for receiving, from the credit agency, a credit approval identification and the transaction identification;
means for requesting, based on the stored transaction identification and identifications of shareholders, the plurality of digital product identification secret shares from the at least one set of shareholders;
means for reconstructing the digital product identification based on the plurality of digital product identification secret shares; and
means for sending the digital product identification and the credit approval identification to a clearing house in order to credit an amount equal to the purchase price to an account of the provider, wherein the apparatus does not subsequently retain the digital product identification, the purchase price and the credit information.
US09/944,739 2001-08-31 2001-08-31 Anonymous acquisition of digital products based on secret splitting Abandoned US20030046210A1 (en)

Priority Applications (11)

Application Number Priority Date Filing Date Title
US09/944,739 US20030046210A1 (en) 2001-08-31 2001-08-31 Anonymous acquisition of digital products based on secret splitting
US09/976,637 US20030046198A1 (en) 2001-08-31 2001-10-12 Anonymous recommendation technique
US10/099,446 US20030046213A1 (en) 2001-08-31 2002-03-15 Anonymous processing of usage rights with variable degrees of privacy and accuracy
US10/098,261 US20030046200A1 (en) 2001-08-31 2002-03-15 Anonymous recommendation technique with variable degrees of privacy and accuracy
US10/121,563 US7711616B2 (en) 2001-08-31 2002-04-12 Anonymous transactions between an entity and a provider
US10/143,081 US7187772B2 (en) 2001-08-31 2002-05-10 Anonymous transactions based on distributed processing
GB0218771A GB2382425A (en) 2001-08-31 2002-08-13 Anonymous transactions based on distributed processing
EP02255806A EP1288832A1 (en) 2001-08-31 2002-08-20 Anonymous recommendation technique
EP02255802A EP1288831A1 (en) 2001-08-31 2002-08-20 Anonymous recommendation technique with variable degrees of privacy and accuracy
EP02255794A EP1288830A1 (en) 2001-08-31 2002-08-20 Anonymous processing of usage rights with variable degrees of privacy and accuracy
EP02255792A EP1288829A1 (en) 2001-08-31 2002-08-20 Anonymous acquisition of digital products based on secret splitting

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/944,739 US20030046210A1 (en) 2001-08-31 2001-08-31 Anonymous acquisition of digital products based on secret splitting

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/976,637 Continuation-In-Part US20030046198A1 (en) 2001-08-31 2001-10-12 Anonymous recommendation technique

Related Child Applications (3)

Application Number Title Priority Date Filing Date
US09/976,637 Continuation-In-Part US20030046198A1 (en) 2001-08-31 2001-10-12 Anonymous recommendation technique
US10/121,563 Continuation-In-Part US7711616B2 (en) 2001-08-31 2002-04-12 Anonymous transactions between an entity and a provider
US10/143,081 Continuation-In-Part US7187772B2 (en) 2001-08-31 2002-05-10 Anonymous transactions based on distributed processing

Publications (1)

Publication Number Publication Date
US20030046210A1 true US20030046210A1 (en) 2003-03-06

Family

ID=25481980

Family Applications (3)

Application Number Title Priority Date Filing Date
US09/944,739 Abandoned US20030046210A1 (en) 2001-08-31 2001-08-31 Anonymous acquisition of digital products based on secret splitting
US09/976,637 Abandoned US20030046198A1 (en) 2001-08-31 2001-10-12 Anonymous recommendation technique
US10/121,563 Expired - Fee Related US7711616B2 (en) 2001-08-31 2002-04-12 Anonymous transactions between an entity and a provider

Family Applications After (2)

Application Number Title Priority Date Filing Date
US09/976,637 Abandoned US20030046198A1 (en) 2001-08-31 2001-10-12 Anonymous recommendation technique
US10/121,563 Expired - Fee Related US7711616B2 (en) 2001-08-31 2002-04-12 Anonymous transactions between an entity and a provider

Country Status (2)

Country Link
US (3) US20030046210A1 (en)
EP (1) EP1288829A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7698560B2 (en) 2002-04-11 2010-04-13 Spitlock Holdings Pty Ltd Information storage system
US20160180327A1 (en) * 2014-12-19 2016-06-23 Capital One Services, Llc Systems and methods for contactless and secure data transfer
US11636225B2 (en) * 2020-05-22 2023-04-25 The Toronto-Dominion Bank Method and system for managing access to entity identity data
US11669855B2 (en) * 2021-07-01 2023-06-06 Capital One Services, Llc Split up a single transaction into many transactions based on category spend

Families Citing this family (84)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6832245B1 (en) 1999-12-01 2004-12-14 At&T Corp. System and method for analyzing communications of user messages to rank users and contacts based on message content
CN100401733C (en) 2000-03-17 2008-07-09 美国在线服务公司 Communication method and communication device
US7979802B1 (en) * 2000-05-04 2011-07-12 Aol Inc. Providing supplemental contact information corresponding to a referenced individual
US20130073648A1 (en) 2000-05-04 2013-03-21 Facebook, Inc. Presenting a recipient of an e-mail with an option to instant message a sender or another recipient based on the sender's or the other recipient's address and online status
US9100221B2 (en) 2000-05-04 2015-08-04 Facebook, Inc. Systems for messaging senders and recipients of an electronic message
US8122363B1 (en) 2000-05-04 2012-02-21 Aol Inc. Presence status indicator
US8132110B1 (en) 2000-05-04 2012-03-06 Aol Inc. Intelligently enabled menu choices based on online presence state in address book
US20130067340A1 (en) 2000-05-04 2013-03-14 Facebook, Inc. Intelligently enabled menu choices based on online presence state in address book
US6912564B1 (en) 2000-05-04 2005-06-28 America Online, Inc. System for instant messaging the sender and recipients of an e-mail message
US8001190B2 (en) 2001-06-25 2011-08-16 Aol Inc. Email integrated instant messaging
AU2001277145A1 (en) 2000-07-25 2002-02-05 America Online, Inc. Video messaging
US6636590B1 (en) * 2000-10-30 2003-10-21 Ingenio, Inc. Apparatus and method for specifying and obtaining services through voice commands
US20020133402A1 (en) 2001-03-13 2002-09-19 Scott Faber Apparatus and method for recruiting, communicating with, and paying participants of interactive advertising
US7765484B2 (en) * 2001-09-28 2010-07-27 Aol Inc. Passive personalization of lists
US7774711B2 (en) 2001-09-28 2010-08-10 Aol Inc. Automatic categorization of entries in a contact list
US7512652B1 (en) * 2001-09-28 2009-03-31 Aol Llc, A Delaware Limited Liability Company Passive personalization of buddy lists
US8135621B2 (en) * 2002-04-26 2012-03-13 At&T Intellectual Property I, L.P. System and method for supporting anonymous transactions
US7636755B2 (en) 2002-11-21 2009-12-22 Aol Llc Multiple avatar personalities
US8037150B2 (en) 2002-11-21 2011-10-11 Aol Inc. System and methods for providing multiple personas in a communications environment
US7263614B2 (en) 2002-12-31 2007-08-28 Aol Llc Implicit access for communications pathway
US7945674B2 (en) * 2003-04-02 2011-05-17 Aol Inc. Degrees of separation for handling communications
US7949759B2 (en) * 2003-04-02 2011-05-24 AOL, Inc. Degrees of separation for handling communications
US7484176B2 (en) 2003-03-03 2009-01-27 Aol Llc, A Delaware Limited Liability Company Reactive avatars
US7908554B1 (en) * 2003-03-03 2011-03-15 Aol Inc. Modifying avatar behavior based on user action or mood
US7913176B1 (en) * 2003-03-03 2011-03-22 Aol Inc. Applying access controls to communications with avatars
JP4292835B2 (en) * 2003-03-13 2009-07-08 沖電気工業株式会社 Secret reconstruction method, distributed secret reconstruction device, and secret reconstruction system
US8117265B2 (en) 2003-03-26 2012-02-14 Aol Inc. Identifying and using identities deemed to be known to a user
US9710819B2 (en) 2003-05-05 2017-07-18 Interactions Llc Real-time transcription system utilizing divided audio chunks
EP1620777A4 (en) * 2003-05-05 2009-11-25 Interactions Llc Apparatus and method for processing service interactions
US20040225573A1 (en) * 2003-05-09 2004-11-11 Ling Marvin T. Methods and apparatus for anonymously transacting internet shopping and shipping
US7734282B2 (en) * 2003-08-28 2010-06-08 Qwest Communications International Inc System and method for provisioning customer premises equipment
US9202220B2 (en) * 2003-10-06 2015-12-01 Yellowpages.Com Llc Methods and apparatuses to provide application programming interface for retrieving pay per call advertisements
US9208495B2 (en) * 2003-10-06 2015-12-08 Yellowpages.Com Llc Methods and apparatuses for advertisement presentation
US20070140451A1 (en) * 2003-10-06 2007-06-21 Utbk, Inc. Methods and Systems for Pay For Performance Advertisements
US10425538B2 (en) * 2003-10-06 2019-09-24 Yellowpages.Com Llc Methods and apparatuses for advertisements on mobile devices for communication connections
US7428497B2 (en) 2003-10-06 2008-09-23 Utbk, Inc. Methods and apparatuses for pay-per-call advertising in mobile/wireless applications
US7366683B2 (en) 2003-10-06 2008-04-29 Utbk, Inc. Methods and apparatuses for offline selection of pay-per-call advertisers
US9203974B2 (en) * 2003-10-06 2015-12-01 Yellowpages.Com Llc Methods and apparatuses for offline selection of pay-per-call advertisers
US8837698B2 (en) 2003-10-06 2014-09-16 Yp Interactive Llc Systems and methods to collect information just in time for connecting people for real time communications
US20070121845A1 (en) * 2003-10-06 2007-05-31 Utbk, Inc. Methods and apparatuses for offline selection of pay-per-call advertisers via visual advertisements
US8140389B2 (en) 2003-10-06 2012-03-20 Utbk, Inc. Methods and apparatuses for pay for deal advertisements
US8898239B2 (en) 2004-03-05 2014-11-25 Aol Inc. Passively populating a participant list with known contacts
US8595146B1 (en) 2004-03-15 2013-11-26 Aol Inc. Social networking permissions
US7730143B1 (en) 2004-12-01 2010-06-01 Aol Inc. Prohibiting mobile forwarding
US9002949B2 (en) 2004-12-01 2015-04-07 Google Inc. Automatically enabling the forwarding of instant messages
US8060566B2 (en) * 2004-12-01 2011-11-15 Aol Inc. Automatically enabling the forwarding of instant messages
US9652809B1 (en) 2004-12-21 2017-05-16 Aol Inc. Using user profile information to determine an avatar and/or avatar characteristics
US8934614B2 (en) * 2005-02-25 2015-01-13 YP Interatcive LLC Systems and methods for dynamic pay for performance advertisements
US7445559B2 (en) * 2005-03-16 2008-11-04 Graco Children's Products Inc. Swing with support base
US7606580B2 (en) 2005-05-11 2009-10-20 Aol Llc Personalized location information for mobile devices
US7765265B1 (en) * 2005-05-11 2010-07-27 Aol Inc. Identifying users sharing common characteristics
US8599832B2 (en) 2005-09-28 2013-12-03 Ingenio Llc Methods and apparatuses to connect people for real time communications via voice over internet protocol (VOIP)
US8681778B2 (en) 2006-01-10 2014-03-25 Ingenio Llc Systems and methods to manage privilege to speak
US9197479B2 (en) 2006-01-10 2015-11-24 Yellowpages.Com Llc Systems and methods to manage a queue of people requesting real time communication connections
US7937270B2 (en) * 2007-01-16 2011-05-03 Mitsubishi Electric Research Laboratories, Inc. System and method for recognizing speech securely using a secure multi-party computation protocol
US20080208697A1 (en) * 2007-02-23 2008-08-28 Kargman James B Secure system and method for payment card and data storage and processing via information splitting
US20080262910A1 (en) * 2007-04-20 2008-10-23 Utbk, Inc. Methods and Systems to Connect People via Virtual Reality for Real Time Communications
US20080263460A1 (en) * 2007-04-20 2008-10-23 Utbk, Inc. Methods and Systems to Connect People for Virtual Meeting in Virtual Reality
US8838476B2 (en) * 2007-09-07 2014-09-16 Yp Interactive Llc Systems and methods to provide information and connect people for real time communications
US8010782B2 (en) * 2008-01-18 2011-08-30 Sap Ag Method and system for mediated secure computation
US8548503B2 (en) 2008-08-28 2013-10-01 Aol Inc. Methods and system for providing location-based communication services
WO2012109139A1 (en) * 2011-02-08 2012-08-16 Telcordia Technologies, Inc. Method and apparatus for secure data representation allowing efficient collection, search and retrieval
US8751381B2 (en) 2011-02-23 2014-06-10 Mastercard International Incorporated Demand deposit account payment system
US9536268B2 (en) 2011-07-26 2017-01-03 F. David Serena Social network graph inference and aggregation with portability, protected shared content, and application programs spanning multiple social networks
US11411910B2 (en) * 2011-07-26 2022-08-09 Frank A Serena Shared video content employing social network graph inference
US12095721B2 (en) 2011-07-26 2024-09-17 Friendship Link Protocol, Llc Social network graph inference and aggregation with portability, protected shared content, and application programs spanning multiple social networks
GB2513260B (en) * 2014-06-27 2018-06-13 PQ Solutions Ltd System and method for quorum-based data recovery
AU2017222469A1 (en) 2016-02-23 2018-08-30 nChain Holdings Limited System and method for controlling asset-related actions via a blockchain
EP4235552A3 (en) 2016-02-23 2023-09-13 nChain Licensing AG Methods and systems for efficient transfer of entities on a peer-to-peer distributed ledger using the blockchain
BR112018016819A2 (en) 2016-02-23 2018-12-26 Nchain Holdings Ltd method and systems for protecting a controlled digital resource using a distributed scatter table and ledger and a blockchain
AU2017222468B2 (en) 2016-02-23 2023-01-12 nChain Holdings Limited Agent-based turing complete transactions integrating feedback within a blockchain system
KR102753027B1 (en) 2016-02-23 2025-01-14 엔체인 홀딩스 리미티드 Method and system for secure transfer of entities on blockchain
EP3364598B1 (en) 2016-02-23 2020-10-14 Nchain Holdings Limited Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys
EP3257191B1 (en) 2016-02-23 2018-04-11 Nchain Holdings Limited Registry and automated management method for blockchain-enforced smart contracts
CN114282926A (en) 2016-02-23 2022-04-05 区块链控股有限公司 Cryptographic method and system for secure extraction of data from blockchains
AU2017223126B2 (en) 2016-02-23 2022-12-15 nChain Holdings Limited Blockchain-based exchange with tokenisation
GB2561725A (en) 2016-02-23 2018-10-24 Nchain Holdings Ltd Blockchain-implemented method for control and distribution of digital content
GB2561726A (en) 2016-02-23 2018-10-24 Nchain Holdings Ltd Method and system for efficient transfer of cryptocurrency associated with a payroll on a blockchain that leads to an automated payroll method and system
EP3259725B1 (en) 2016-02-23 2020-06-10 Nchain Holdings Limited Universal tokenisation system for blockchain-based cryptocurrencies
CA3009731C (en) 2016-02-23 2024-04-09 nChain Holdings Limited Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
BR112018016826A2 (en) 2016-02-23 2018-12-26 Nchain Holdings Ltd method and control system implemented by blockchain
KR101999188B1 (en) 2016-02-23 2019-07-11 엔체인 홀딩스 리미티드 Secure personal devices using elliptic curve cryptography for secret sharing
US10289835B1 (en) * 2016-06-13 2019-05-14 EMC IP Holding Company LLC Token seed protection for multi-factor authentication systems
US11539674B2 (en) * 2022-02-14 2022-12-27 Rafal Marek Leszczyna Method and system for anonymous sending of physical items with possibility of responding

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5839119A (en) * 1996-09-27 1998-11-17 Xerox Corporation Method of electronic payments that prevents double-spending

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020022967A1 (en) * 2000-08-18 2002-02-21 International Business Machines Corporation Goods delivery method, online shopping method, online shopping system, server, and vender server

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5839119A (en) * 1996-09-27 1998-11-17 Xerox Corporation Method of electronic payments that prevents double-spending

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7698560B2 (en) 2002-04-11 2010-04-13 Spitlock Holdings Pty Ltd Information storage system
US20100146288A1 (en) * 2002-04-11 2010-06-10 Andrew Dominic Tune information storage system
US8090953B2 (en) 2002-04-11 2012-01-03 Splitlock Holdings Pty Ltd. Information storage system
US20160180327A1 (en) * 2014-12-19 2016-06-23 Capital One Services, Llc Systems and methods for contactless and secure data transfer
US11200560B2 (en) * 2014-12-19 2021-12-14 Capital One Services, Llc Systems and methods for contactless and secure data transfer
US11636225B2 (en) * 2020-05-22 2023-04-25 The Toronto-Dominion Bank Method and system for managing access to entity identity data
US11966495B2 (en) * 2020-05-22 2024-04-23 The Toronto-Dominion Bank Method and system for managing access to entity identity data
US11669855B2 (en) * 2021-07-01 2023-06-06 Capital One Services, Llc Split up a single transaction into many transactions based on category spend
US20230252518A1 (en) * 2021-07-01 2023-08-10 Capital One Services, Llc Split up a single transaction into many transactions based on category spend

Also Published As

Publication number Publication date
EP1288829A1 (en) 2003-03-05
US7711616B2 (en) 2010-05-04
US20030046198A1 (en) 2003-03-06
US20030046202A1 (en) 2003-03-06

Similar Documents

Publication Publication Date Title
US20030046210A1 (en) Anonymous acquisition of digital products based on secret splitting
US7187772B2 (en) Anonymous transactions based on distributed processing
US7325136B2 (en) Method and apparatus for secured electronic commerce
US6957199B1 (en) Method, system and service for conducting authenticated business transactions
US7725404B2 (en) Secure electronic commerce using mutating identifiers
US5848161A (en) Method for providing secured commerical transactions via a networked communications system
US7805336B2 (en) Anonymous delivery of digital products over a network via a link
US5903652A (en) System and apparatus for monitoring secure information in a computer network
US7376629B1 (en) Method of and system for effecting anonymous credit card purchases over the internet
US7370199B2 (en) System and method for n-way authentication in a network
US20070005989A1 (en) User identity privacy in authorization certificates
CN113011894A (en) Financial derivative digital transaction system based on trusted computing and intelligent contract
JP2000029973A (en) Lock box mechanism electronic bidding method, and security providing method
CA2808369A1 (en) System for protecting an encrypted information unit
EP1288832A1 (en) Anonymous recommendation technique
US8712915B2 (en) System and method for providing private demand-driven pricing
Cha et al. A blockchain-based privacy preserving ticketing service
KR102085997B1 (en) Method and system for real estate transaction service based on block chain
US8725651B2 (en) System and method for providing private demand-driven pricing
Zhang et al. A practical fair-exchange e-payment protocol for anonymous purchase and physical delivery
WO2021124769A1 (en) Server, data processing method, computer system, and computer
US11928188B1 (en) Apparatus and method for persistent digital rights management
EP1288830A1 (en) Anonymous processing of usage rights with variable degrees of privacy and accuracy
Zhang et al. A mutual authentication enabled fair-exchange and anonymous e-payment protocol
KR20010044263A (en) Electron payment system

Legal Events

Date Code Title Description
AS Assignment

Owner name: HEWLETT-PACKARD COMPANY, COLORADO

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:VORA, POORVI L.;KNAPP, VERNA E.;REEL/FRAME:012699/0573;SIGNING DATES FROM 20010829 TO 20010830

AS Assignment

Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY L.P., TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD COMPANY;REEL/FRAME:014061/0492

Effective date: 20030926

Owner name: HEWLETT-PACKARD DEVELOPMENT COMPANY L.P.,TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HEWLETT-PACKARD COMPANY;REEL/FRAME:014061/0492

Effective date: 20030926

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION