United States Patents Authored

US5712913: Limited-traceability systems *

US5781631: Limited-traceability systems *

US5493614: Private signature and proof systems*

US5485520: Automatic real-time highway toll collection from moving vehicles*

US5434919: Compact endorsement signature systems *

US5373558: Desinated-confirmer signature systems*

US5276736: Optionally moderated transaction systems*

US5131039: Optionally moderated transaction systems*

US4996711: Selected-exponent signature systems *

US4991210: Unpredictable blind signature systems*

US4987593: One-show blind signature systems*

US4949380: Returned-value blind signature systems*

US4947430: Undeniable signature systems*

US4926480: Card-computer moderated systems*

US4914698: One-show blind signature systems*

US4759064: Blind unanticipated signature systems*

US4759063: Blind signature systems*

US4529870: Cryptographic identification, financial transaction, and credential device*

 

US5712913: Limited-traceability systems

Inventor(s): Chaum; David , Sherman Oaks, CA

Applicant(s): DigiCash Incorporated, New York, NY

Issued/Filed Dates: Jan. 27, 1998 / Feb. 8, 1994

Application Number: US1994000193500

IPC Class: H04L 009/00;

Class: 380/024; 380/030;

Field of Search: 320/29,25,30

Priority Number(s): US1994000193500

 

Abstract: Cryptographic methods and apparatus for payment and related transaction systems are disclosed that allow some kinds of tracing under some conditions and make substantially infeasible other kinds of tracing under other conditions. Examples include: allowing tracing if and only if agreed sets of trustees cooperate; tracing from a payment to the payer by cooperation of a set of trustees; tracing from a payment to the payer without revealing to trustees which payer is being traced or which payment; identifying all payments by a payer provided appropriate trustees cooperate; and identifying all payments by a payer under investigation without trustees learning which payer and/or which payments; Other examples include: limiting resolution to groups of payers in tracing for statistical purposes; allowing limited different markings of payment instruments while preventing payers from learning which marking they receive; providing for recovery of lost money without compromise of unrelated transactions; allowing participants the ability to retain, not forward, and even destroy some tracing information without financial harm; providing the option of artificial increase in the computational cost of at least some tracing; and providing the option of blurry linking of payments to payers.

Attorney, Agent, or Firm: Nixon & Vanderhye P.C.;

Primary/Assistant Examiners: Cangialosi; Salvatore;

 

US5781631: Limited-traceability systems

Inventor(s):Chaum; David , Sherman Oaks, CA

Applicant(s): DigiCash Incorporated, New York, NY

Issued/Filed Dates: July 14, 1998 / Aug. 12, 1997 M

Application Number: US1997000910123

IPC Class: H04L 009/00;

Class: 380/024; 380/030;

Field of Search: 380/24,30

 

Abstract: Cryptographic methods and apparatus for payment and related transaction systems are disclosed that allow some kinds of tracing under some conditions and make substantially infeasible other kinds of tracing under other conditions. Examples include: allowing tracing if and only if agreed sets of trustees cooperate; tracing from a payment to the payer by cooperation of a set of trustees; tracing from a payment to the payer without revealing to trustees which payer is being traced or which payment; identifying all payments by a payer provided appropriate trustees cooperate; and identifying all payments by a payer under investigation without trustees learning which payer and/or which payments; Other examples include: limiting resolution to groups of payers in tracing for statistical purposes; allowing limited different markings of payment instruments while preventing payers from learning which marking they receive; providing for recovery of lost money without compromise of unrelated transactions; allowing participants the ability to retain, not forward, and even destroy some tracing information without financial harm; providing the option of artificial increase in the computational cost of at least some tracing; and providing the option of blurry linking of payments to payers.

Attorney, Agent, or Firm: Nixon & Vanderhye P.C.;

Primary/Assistant Examiners: Cangialosi; Salvatore;

This is a division of application Ser. No. 08/193,500, filed Feb. 8, 1994, now U.S. Pat. No. 5,712,913.

US5493614: Private signature and proof systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Issued/Filed Dates: Feb. 20, 1996 / May. 3, 1994

Application Number: US1994000237098

IPC Class: H04K 001/00;

Class: 380/030; 380/028; 380/023;

Field of Search: 380/30,28,23

Priority Number(s): US1994000237098

Abstract: Cryptographic methods and apparatus for forming (102) and verifying (103) private signatures and proofs (203,204, 207, and 209) are disclosed. Such a signature convinces the intended recipient that it is a valid undeniable or designated-confirmer signature. And such a proof convinces the intended recipient, just as any cryptographic proof. Even though the signatures and proofs are convincing to the intended recipient, they are not convincing to others who may obtain them. Unlike previously known techniques for convincing without transferring the ability to convince others, those disclosed here do not require interaction--a signature or proof can simply be sent as a single message. Because the intended recipient can forge the signatures and proofs, they are not convincing to others; but since only the intended recipient can forge them, they are convincing to the intended recipient. Exemplary embodiments use a cryptographic challenge value that is said to pivot on a trap-door function, in that the value can be manipulated by those with the corresponding trap-door information, and is believed impractical to manipulate without it.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Cain; David C.

US5485520: Automatic real-time highway toll collection from moving vehicles

Inventor(s): Chaum; David , Sherman Oaks, CA

Hendrick; Peter L. , Jupiter, FL

Applicant(s): Amtech Corporation, Dallas, TX

Issued/Filed Dates: Jan. 16, 1996 / Oct. 7, 1993

Application Number: US1993000132984

IPC Class: H04L 009/00;

Class: 380/024; 380/023; 340/825.31; 340/825.34; 235/379; 235/380; 235/384; 342/042; 342/044; 342/050; 342/051;

Field of Search: 380/23,24 342/42-45,50,51 235/379,380,384 340/825.31,825.34

Priority Number(s): US1993000132984

Abstract: One or more roadside collection stations (RCS) communicate over a short-range, high speed bidirectional microwave communication link with one or more in-vehicle units (IVU) associated with one or more respectively corresponding vehicles in one or more traffic lanes of a highway. At least two up-link (IVU to RCS) communication sessions and at least one downlink (RCS to IVU) communication session are transacted in real time during the limited duration of an RCS communication footprint as the vehicle travels along its lane past a highway toll plaza. Especially efficient data formatting and processing is utilized so as to permit, during this brief interval, computation of the requisite toll amount and a fully verified and cryptographically secured (preferably anonymous) debiting of a smart card containing electronic money. Preferably an untraceable electronic check is communicated in a cryptographically sealed envelope with opener. Transaction linkage data is utilized in each phase of the complete toll payment transaction to facilitate simultaneous multi-lane RCS/IVU operation. A plaza computer local area network and downlink plaza controller is also used to facilitate simultaneous multi-lane transactions.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Gregory; Bernarr E.

US5434919: Compact endorsement signature systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: July 18, 1995 / Jan. 11, 1994

Application Number: US1994000179962

IPC Class: H04L 009/30;

Class: 380/030;

Field of Search: 380/25,30

 

Abstract: Cryptographic methods and apparatus for issuing (101), endorsing (102), and verifying (103, 104) compact endorsement signatures are disclosed. Such signatures allow an endorser to provide a public-key verifiable signature on a chosen message more efficiently than if the endorser were to make a public key signature, since the endorser needs only to perform conventional cryptographic operations and has to store less data per signature than required by previously known endorsement schemes. A hierarchy of compression functions takes a plurality of one-time signatures into the value upon which the public key signature is formed. Each endorsement uses up one of the one-time signatures and provides a subset of inputs to the compression hierarchy sufficient to allow its evaluation. Preparation for subsequent endorsements is made by pre-evaluating one-time signatures and saving only some of the intermediate values of the compression hierarchy.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Cangialosi; Salvatore

US5373558: Desinated-confirmer signature systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: Dec. 13, 1994 / May. 25, 1993

Application Number: US1993000066669

IPC Class: H01L 009/32;

Class: 380/023; 380/024; 380/030;

Field of Search: 380/30,23

 

Abstract: Cryptographic methods and apparatus for signing (101), receiving (102), verifying (103), and confirming (104) designated-confirmer signatures are disclosed. Such a signature (11) convinces the receiver that the confirmer can convince others that the signer issued the signature. Thus, more protection is provided to the recipient of a signature than with prior art zero-knowledge or undeniable signature techniques, and more protection is provided to the signer than with prior art self-authenticating signatures. A designated confirmer signature is formed in a setting where the signer creates and issues a public key (201) and the confirmer also creates and issues a public key (202). Should the confirmer offer a confirmation (13), the verifier is convinced that the signature was issued by the signer. Such confirmation can itself be, for example, self-authenticating, unconvincing to other parties, or designated confirmer. With plural confirmers, various combinations may be realized, some even including confirmer anonymity.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Barron, Jr.; Gilberto;

US5276736: Optionally moderated transaction systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: Jan. 4, 1994 / July 13, 1992

Application Number: US1992000912193

IPC Class: H04K 001/00; H04L 009/02; H04L 009/00;

Class: 380/024; 380/025; 380/049;

Field of Search: 380/23,25,49,24

Priority Number(s): Jan. 29, 1990 EP1990000200207 Family

 

Abstract: A tamper-resistant part is disclosed that can conduct transactions with an external system through a moderating user-controlled computer or that can on other occasions be brought into direct connection with the external system. In the moderated configuration, the moderating computer is able to ensure that certain transactions with the external system are unlinkable to each other. In the unmoderated configuration the tamper-resistant part can also ensure the unlinkability of certain transactions. Also testing configurations are disclosed that allow improper functioning of the tamper-resistant part, such as that which could link transactions, to be detected by user-controlled equipment. Another testing configuration can detect improper functioning of an external system that could, for instance, obtain linking information from a tamper-resistant part.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Buczinski; Stephen C.

This is a continuation of application Ser. No. 07/609,519, filed Nov. 5, 1990, now U.S. Pat. No. 5,131,039.

US5131039: Optionally moderated transaction systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: July 14, 1992 / Nov. 5, 1990

Application Number: US1990000609519

IPC Class: H04K 001/00; H04K 009/00; H04L 009/02;

Class: 380/023; 380/025; 380/049;

Field of Search: 380/23,25,49,3,4

Priority Number(s): Jan. 29, 1990 EP1990000200207 Family

 

Abstract: A tamper-resistant part is disclosed that can conduct transactions with an external system through a moderating user-controlled computer or that can on other occasions be brought into direct connection with the external system. In the moderated configuration, the moderating computer is able to ensure that certain transactions with the external system are unlinkable to each other. In the unmoderated configuration, the tamper-resistant part can also ensure the unlinkability of certain transactions. Also testing configurations are disclosed that allow improper functioning of the tamper-resistant part, such as that which could link transactions, to be detected by user-controlled equipment. Another testing configuration can detect improper functioning of an external system that could, for instance, obtain linking information from a tamper-resistant part.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Buczinski; Stephen C.

US4996711: Selected-exponent signature systems

Inventor(s): Chaum; David L. , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: Feb. 26, 1991 / June 21, 1989

Application Number: US1989000368677

IPC Class: H04L 009/30;

Class: 380/030; 380/009; 380/023; 380/025; 380/049;

Field of Search: 380/6,9,24,28,30,44,23,25,49,50

 

Abstract: Digital signature techniques are disclosed in which exponents may be selected by the message to be signed itself, by the signing party, by the party providing the message to the signing party for signature, and/or by a party to whom the signature is shown. When a message selects the exponent(s), the need for "hash functions" in known signature schemes is overcome. When the exponent is chosen by the party receiving the signature, to take another example, computation, storage and bandwidth requirements of known one-show blind signature systems may be improved. Also, the bank cannot falsely incriminate a payer for showing a signature more than once, even if the bank has unlimited computing resources.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Buczinski; Stephen C.; Gregory; Bernarr Earl.

US4991210: Unpredictable blind signature systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: Feb. 5, 1991 / May. 4, 1989

Application Number: US1989000347303

IPC Class: H04L 009/30;

Class: 380/030; 380/023; 380/025; 380/028; 380/049;

Field of Search: 380/6,9,28,30,44,49,50,23,25

 

Abstract: Blind signature systems secure against chosen message attack are disclosed. Multiple candidate original messages can be accommodated. Each of plural candidates in the final signature can be marked by the party issuing the signature in a way that is unmodifiable by the party receiving the signatures. The exponents on the candidates in the final signature need not be predictable by either party. In some embodiments, these exponents are not at all or are only partly determined by the candidates in the signature shown. Single candidate signatures are also accommodated.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Buczinski; Stephen C.; Gregory; Bernarr Earl.

US4987593: One-show blind signature systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: Jan. 22, 1991 / April 5, 1990

Application Number: US1990000504878

IPC Class: H04L 009/00;

Class: 380/003; 380/025; 380/030;

Field of Search: 380/25,30,3

 

Abstract: Numbers standing for cash money can be spent only one time each, otherwise the account from which they were withdrawn would be revealed. More generally, a technique for issuing and showing blind digital signatures ensures that if they are shown responsive to different challenges, then certain information their signer ensures they contain will be revealed and can be recovered efficiently. Some embodiments allow the signatures to be unconditionally untraceable if shown no more than once. Extensions allow values to be encoded in the signatures when they are shown, and for change on unshown value to be obtained in a form that is aggregated and untraceable.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Cangialosi; Salvatore.

This is a continuation of application Ser. No. 07/384,092, filed July 24, 1989, now U.S. Pat. No. 4,914,698 which is a continuation of Ser. No. 07/168,802, filed Mar. 16, 1988, now abandoned.

US4949380: Returned-value blind signature systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: Aug. 14, 1990 / Oct. 20, 1988

Application Number: US1988000260053

IPC Class: H04L 009/30;

Class: 380/030; 380/028;

Field of Search: 364/200,900 380/9,24,28,30

Priority Number(s): US1988000260053 Family

Abstract: A payer party obtains from a signer party by a blind signature system a first public key digital signature having a first value in a withdrawal transaction; the payer reduces the value of the first signature obtained from the first value to a second value and provides this reduced-value form of the signature to the signer in a payment transaction; the signer returns a second digital signature to the payer by a blind signature system in online consummation of the payment transaction; the paper derives from the first and the second signature a third signature having a value increased corresponding to the magnitude of the difference between the first and the second values. Furthermore, the following additional features are provided: payments are unlinkable to withdrawals; a shop between the payer and signer can be kept from obtaining more value than desired by the payer; the first value need not be revealed to the signer or intermediary in the payment transaction; the returned difference can be accumulated across multiple payment transactions; and the returned difference can be divided between a plurality of payment transactions.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Buczinski; Stephen C.; Gregory; Bernarr Earl.

US4947430: Undeniable signature systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: Aug. 7, 1990 / Nov. 23, 1987

Application Number: US1987000123703

IPC Class: H04L 009/02;

Class: 380/025; 380/030; 380/023;

Field of Search: 380/30,23,25

Priority Number(s): US1987000123703 Family

Abstract: Cryptographic methods and apparatus for forming, checking, blinding, and unblinding of undeniable signatures are disclosed. The validity of such signatures is based on public keys and they are formed by a signing party with access to a corresponding private key, much as with public key digital signatures. A difference is that whereas public key digital signatures can be checked by anyone using the corresponding public key, the validity of undeniable signatures is in general checked by a protocol conducted between a checking party and the signing party. During such a protocol, the signing party may improperly try to deny the validity of a valid signature, but the checking party will be able to detect this with substantially high probability. In case the signing party is not improperly performing the protocol, the checking party is further able to determine with high probability whether or not the signature validly corresponds to the intended message and public key. Blinding can be used while obtaining undeniable signatures, while providing them to other parties, and while checking their validity.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Tarcza; Thomas H.; Cain; David.

US4926480: Card-computer moderated systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: May. 15, 1990 / May. 24, 1988

Application Number: US1988000198315

IPC Class: H04K 001/00;

Class: 380/023; 380/024; 380/030; 235/379; 235/380; 235/382;

Field of Search: 380/23-25,30,43,44,47,49,50 235/379-382

Priority Number(s): US1988000198315 Family

Abstract: A user controlled card computer C and communicating tamper-resistant part T are disclosed that conduct secure transactions with an external system S. All communication between T and S is moderated by C, who is able to prevent T and S from leaking any message or pre-arranged signals to each other. Additionally, S can verify that T is in immediate physical proximity. Even though S receives public key digital signatures through C that are checkable using public keys whose corresponding private keys are known only to a unique T, S is unable to learn which transactions involve which T. It is also possible for S to allow strictly limited messages to be communicated securely between S and T.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Buczinski; Stephen C.; Gregory; Bernarr Earl.

US4914698: One-show blind signature systems

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: April 3, 1990 / July 24, 1989

Application Number: US1989000384092

IPC Class: H04L 009/00;

Class: 380/030; 380/025;

Field of Search: 380/25,30

 

Abstract: Numbers standing for cash money can be spent only one time each, otherwise the account from which they were withdrawn would be revealed. More generally, a technique for issuing and showing blind digital signatures ensures that if they are shown responsive to different challanges, then certain information their signer ensures they contain will be revealed and can be recovered efficiently. Some embodiments allow the signatures to be unconditionally untraceable if shown no more than once. Extensions allow values to be encoded in the signatures when they are shown, and for change on unshown value to be obtained in a form that is aggregated and untraceable.

Attorney, Agent, or Firm: Nixon & Vanderhye;

Primary/Assistant Examiners: Cangialosi; Salvatore.

US4759064: Blind unanticipated signature systems

Inventor(s): Chaum; David L. , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: July 19, 1988 / Oct. 7, 1985

Application Number: US1985000784999

IPC Class: H04L 009/00;

Class: 380/030; 380/028;

Field of Search: 178/22.11 380/30,28

Priority Number(s): US1985000784999 Family

Abstract: An improved blind signature system not requiring computation during blinding for anticipating which of a plurality of possible signatures will be made during signing, while still allowing the blinding party to unblind and recover the unanticipated kind of signature on what was blinded. An exemplary embodiment blinds by forming a product including a plurality of generators raised to powers normally secret from the signing party, and unblinds by forming a product with the multiplicative inverse of a signed form of the generators raised to the original powers. Re-blinding allows a signature on a value to be transformed into a signature on a particular blinded form of the value.

Attorney, Agent, or Firm: Nixon; Larry S.; Test; Aldo J.;

Primary/Assistant Examiners: Cangialosi; Salvatore; Lewis; Aaron J.

US4759063: Blind signature systems

Inventor(s): Chaum; David L. , Sherman Oaks, CA 91306

Applicant(s): none

Issued/Filed Dates: July 19, 1988 / Aug. 22, 1983

Application Number: US1983000524896

IPC Class: H04L 009/00;

Class: 380/030; 380/044; 380/028; 380/009;

Field of Search: 178/22.11,22.08,22.09,22.14 380/28,30,6,9,44

Priority Number(s): US1983000524896 Family

Abstract: A cryptographic system allows, in one exemplary use, a supplier to cryptographically transform a plurality of messages responsive to secret keys; the transformed messages to be digitally signed by a signer; and the signed transformed messages returned to the supplier to be transformed by the supplier, responsive to the same secret keys, in such a way that a digital signature related to each original message is developed by the supplier. One important property of these systems is that the signer cannot determine which transformed message received for signing corresponds with which digital signature--even though the signer knows that such a correspondence must exist.

Attorney, Agent, or Firm: Nixon; Larry S.; Test; Aldo J.;

Primary/Assistant Examiners: Cangialosi; Salvatore; Lewis; Aaron J.

US4529870: Cryptographic identification, financial transaction, and credential device

Inventor(s): Chaum; David , Sherman Oaks, CA 91403

Applicant(s): none

Issued/Filed Dates: July 16, 1985 / June 25, 1982

Application Number: US1982000392271

IPC Class: G06K 005/00;

Class: 235/380; 235/379; 235/381;

Field of Search: 235/379,380,381

 

Abstract: The invention provides a cryptographic apparatus which may be "personalized" to its owner. The apparatus may be utilized by its owner to identify himself to an external computer system, to perform various financial transactions with an external system, and to provide various kinds of credentials to an external system. The apparatus, in one embodiment, is separable into a cryptographic device, packaged in a tamper resistant housing, and a personal terminal device. The cryptographic device includes interface circuitry to permit information exchange with the external system, a memory device for storage of data necessary to allow identification of the owner, and control logic for controlling the exchange of data with the external system to identify the owner. Certain data which must be utilized to perform the identification information exchange is stored in the memory device in encrypted form. The decryption of this data requires the entry of a secret ID, known to the owner. The personal terminal device includes a data entry capability to allow the owner to enter his secret ID. Certain embodiments of the personal terminal device include data display capability to provide transaction information to the owner. Other embodiments include memory devices and a processor to allow storage and manipulation of relatively unsecured data of the owner.

Attorney, Agent, or Firm: Spensley Horn Jubas & Lubitz;

Primary/Assistant Examiners: Pitts; Harold I.