| 主权项 |
1. A virtual account and token-based digital cash protocol method implementing digital cash for a user having multiple pairs of user keys, at least a first pair of the user keys being linked to the real identity of the user, the first pair including a master public key and a master secret key, and at least a second pair of the user keys being linked to the pseudonym identity of the user, second pair of the user keys including a pseudonym public key and a pseudonym secret key, in a system including exchange of information among a network of servers and a user's computing device, the network of servers including a first digital cash issuer server, a certificate authority server, a bank server, and a shop server, the method comprising the steps of: the user's computing device signing the pseudonym public key and a real identification of the user (UID); the user's computing device then transmitting the signed pseudonym public key and real identification to the certificate authority server as a request for issuance of a license to use the pseudonym public key; the certificate authority server receiving and decrypting the license request; the certificate authority server verifying the authenticity of the user's signature; upon successful authentication of the user's signature, the certificate authority server generating a license for the user's pseudonym public key and storing the user's pseudonym public key in correspondence with the user's master public key and real identification UID; the certificate authority then encrypting and transmitting the license to the user's computing device; the user's computing device receiving and decrypting the license; the user's computing device verifying the authenticity of the certificate authority's signature; upon successful authentication of the user's signature, the user's computing device storing the license in the user's computing device; the user's computing device preparing for transmission to the digital cash issuer user signed information including the user's pseudonym public key, and the user's request amount of digital cash x, user signature of the user signed information being formed using the user's pseudonym secret key; the user's computing device encrypting the user signed information using the digital cash issuer's public key; the user's computing device signing data including a user signed user real identification UID, amount of money to be withdrawn x, the encrypted signed user's pseudonym public key and amount of digital cash, using the user's master secret key, all the user data being encrypted using the public key of the bank; the encrypted user data being transmitted by the user's computing device to the bank server of the user's bank; the bank server decrypting the encrypted user data using a secret key of the bank; the bank server verifying validity of the signature for authentication using the user's master public key; upon successful signature authentication the bank server withdrawing the amount of money x from the user's account; the bank server signing the user data including the encrypted signed user's pseudonym public key and the amount of digital cash and the withdrawn amount of money x, using the bank's secret key; the bank server encrypting the user data using the digital cash issuer's public key; the bank server forwarding the bank encrypted user data to the digital cash issuer; the digital cash issuer receiving the bank encrypted user data and decrypting the bank encrypted user data using the digital cash issuer's secret key; the digital cash issuer performing a bank's signature verification by utilizing the user's bank's public key; upon successful bank's signature verification the digital cash issuer decrypting the user encrypted user data using the digital cash issuer's secret key; the digital cash issuer verifying user's signature by utilizing the user's pseudonym public key; upon successful verification of the user's signature, the digital cash issuer verifying the equality of the two amounts x and if they are not equal revealing real identity of the user; upon successful verification of the equality of the two amounts x, the digital cash issuer incrementing the user's virtual account by amount x of digital cash; the digital cash issuer then signing the pseudonym public key and digital cash amount x using the digital cash issuer's secret key and encrypting the digital cash issuer signed data using the public key of the bank; the digital cash issuer then sending the encrypted digital cash issuer signed data to the bank; the user's bank receiving the encrypted digital cash issuer signed data and decrypting it using the bank's secret key; the user's bank then verifying validity of digital cash issuer signature using public key of the digital cash issuer; upon successful digital cash issuer signature validity verification, the user's bank forwarding the digital cash issuer signed data to the user's computing device in an encrypted manner using the user's pseudonym public key; the user's computing device decrypting the digital cash issuer signed data using the pseudonym private key; the user's computing device then verifying validity of the digital cash issuer's signature by using the digital cash issuer's public key; upon successful verification of the validity of the digital cash issuer's signature, the user's computing device then increments by the amount x the cumulative amount of digital cash stored in the user's computing device; and wherein via the digital cash protocol method the user initiated transfer from the user's bank to the user's virtual cash store on the user's computing device is honored without using blind signatures. |
