Electronic-monetary system5453601
Abstract
An improved monetary system using electronic media to exchange economic value securely and reliably. The invention provides a complete monetary system having electronic money that is interchangeable with conventional paper money comprising (1) issuing banks or financial institutions that are coupled to a money generator device for generating and issuing to subscribing customers electronic money including electronic currency backed by demand deposits, or electronic credit authorizations; (2) correspondent banks that accept and distribute the electronic money; (3) a plurality of transaction devices that are used by subscribers for storing electronic money, for performing money transactions with the on-line systems of the participating banks or for exchanging electronic money with other like transaction devices; (4) teller devices, associated with the issuing and correspondent banks, for process handling and interfacing the transaction devices to the issuing and correspondent banks, and for interfacing between the issuing and correspondent banks themselves; (5) a security arrangement for maintaining the integrity of the system; and (6) reconciliation and clearing processes to monitor and balance the monetary system.
Claims
I claim:
1. An electronic monetary system comprising:
an issuing bank having an on-line accounting system;
electronic representations of currency that are credited in said on-line accounting system as current liabilities of said issuing bank;
a money generator module associated with said issuing bank, for generating said electronic representations of currency;
a teller module associated with said issuing bank, capable of storing said electronic representations of currency, and intermediating banking transactions involving said electronic representations of currency;
a transaction module capable of storing said electronic representations of currency, performing on-line transactions with said issuing bank, and exchanging said electronic representations of currency with other transaction modules in off-line transactions;
where said electronic representations of currency each include an original monetary value generated by said money generator module; and
said teller and transaction modules having processors operative, when said modules are functioning as transferor modules transferring one of said electronic representations of currency to a transferee module, to generate and include in said transferred electronic representation of currency a transfer record having a transferred monetary value.
2. The electronic monetary system of claim 1, wherein said transaction module and said teller module each have a note directory for keeping track of a current monetary value for each of said electronic representations of currency stored therein.
3. The electronic monetary system of claim 2, wherein said current monetary value recorded in said note directory of said transferor module, and associated with one of said electronic representations of currency stored therein, is decremented by said transferred monetary value upon transferring said transferred electronic representation of currency to said transferee module.
4. The electronic monetary system of claim 1, where said electronic representations of currency include a money generator digital signature produced by said money generator and a transferor digital signature produced by said transferor module.
5. The electronic monetary system of claim 4, where said electronic representations of currency include certificates corresponding to said money generator digital signature, and said transferor digital signature, where each of said certificates includes a module identifier and a first cryptographic key of said digital signature producer, and where said first cryptographic key is used to validate said corresponding digital signature.
6. The electronic monetary system of claim 5, where said certificates are digitally signed by a security server associated with a Certification Agency, and said certificates may be validated using a second cryptographic key of said security server that is available to said teller module and said transaction module.
7. The electronic monetary system of claim 1, wherein said transfer record further includes an indication of date-of-transfer and a transferee module identifier.
8. The electronic monetary system of claim 1, wherein said electronic representations of currency include transferor module identifiers and transferee module identifiers.
9. The electronic monetary system of claim 8, wherein said transferee module verifies that the most recent of said transferor module identifiers contained in said transferred electronic representation of currency is the same as a module identifier of said transferor module.
10. The electronic monetary system of claim 1, wherein said money generator, teller, and transaction modules are tamper-proof devices that are capable of communicating via cryptographically secure sessions.
11. The electronic monetary system of claim 10, wherein each of said modules is configured to perform as a modular co-processor of an electronic processing device.
12. The electronic monetary system of claim 10, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
13. An electronic monetary system comprising:
an issuing bank having an on-line accounting system;
electronic representations of currency that are credited in said on-line accounting system as current liabilities of said issuing bank;
a money generator module associated with said issuing bank, for generating said electronic representations of currency;
a teller module associated with said issuing bank, capable of storing said electronic representations of currency, and intermediating banking transactions involving said electronic representations of currency;
a transaction module capable of storing said electronic representations of currency, performing on-line transactions with said issuing bank, and exchanging said electronic representations of currency with other transaction modules in off-line transactions;
where said electronic representations of currency include an expiration date;
said other transaction modules having processors adapted to refuse to accept attempted transfers of said electronic representations of currency when said attempted transfers occur after said expiration date of said electronic representations of currency.
14. The electronic monetary system of claim 13, wherein said issuing bank has accounting process means for maintaining appropriate accounts during deposits and withdrawals of said electronic representations of currency.
15. The electronic monetary system of claim 13, wherein said expiration date varies in accordance with a monetary value associated with said electronic representations of currency.
16. The electronic monetary system of claim 13, wherein said electronic representations of currency stored in said transaction module are updated when transacting with said teller module.
17. The electronic monetary system of claim 16, wherein said electronic representations of currency are updated by said transaction module transferring said stored electronic representations of currency to said teller module, said money generator module generating a new replacement electronic representation of currency having a new expiration date, and said teller module transferring said new replacement electronic representation of currency to said transaction module.
18. The electronic monetary system of claim 13, wherein said money generator, teller, and transaction modules are tamper-proof devices that are capable of communicating via cryptographically secure sessions.
19. The electronic monetary system of claim 18, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
20. An electronic monetary system comprising:
an issuing bank having a first on-line accounting system;
electronic representations of money that are credited in said first on-line accounting system as current liabilities of said issuing bank;
a money generator module associated with said issuing bank, for generating said electronic representations of money;
a teller module associated with said issuing bank, capable of storing said electronic representations of money, and intermediating banking transactions involving said electronic representations of money;
a transaction module capable of storing said electronic representations of money, performing on-line transactions with said issuing bank, and exchanging said electronic representations of money with other transaction modules in off-line transactions;
a security server used for implementing the security of the electronic monetary system;
where said money generator module, said teller module, and said transaction module are each associated with a unique module identifier contained within a certificate that is digitally signed by said security server, where said certificates are only valid for a limited period of time, after which time said associated module will not be able to transact with other modules until a new certificate is obtained.
21. The electronic monetary system of claim 20, wherein said issuing bank has accounting process means for maintaining appropriate accounts during deposits and withdrawals of said electronic representations of money.
22. The electronic monetary system of claim 20, wherein said security server distributes said new certificate, a bad module list, and a certificatory key, when required.
23. The electronic monetary system of claim 20, wherein said security server digitally signs an account profile having data fields including a bank identifier, an account number, and an indication of account type, where said account profile is used by said transaction module to access a subscriber account identified by said account number.
24. The electronic monetary system of claim 20, wherein said money generator module, teller module, transaction module, and security server are tamper-proof devices capable of communicating via cryptographically secure sessions.
25. The electronic monetary system of claim 24, wherein each said module and said security server may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module and said security server may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
26. An electronic monetary system comprising:
an issuing bank having an on-line accounting system;
an electronic credit authorization that is drawn on a subscriber's loan account in said on-line accounting system so as to reduce said subscriber's available credit line;
a money generator module associated with said issuing bank, for generating said electronic credit authorization;
a teller module associated with said issuing bank, capable of storing said electronic credit authorization, and intermediating banking transactions involving said electronic credit authorization;
a transaction module capable of storing said electronic credit authorization, performing on-line transactions with said issuing bank, and transferring said electronic credit authorization to another transaction module in an off-line transaction; and
where said electronic credit authorization includes an account number of said subscriber's loan account, a monetary amount and a digital signature produced by said money generator module; and
where, when said electronic credit authorization is deposited, said issuing bank debits said subscriber's loan account by said monetary amount.
27. The electronic monetary system of claim 26, wherein said issuing bank has accounting process means for maintaining appropriate accounts during deposits and withdrawals of said electronic credit authorization.
28. The electronic monetary system of claim 26, wherein said transaction module may only once transfer said electronic credit authorization to another transaction module.
29. The electronic monetary system of claim 26, wherein said money generator, teller, and transaction modules are tamper-proof devices capable of communicating via cryptographically secure sessions.
30. The electronic monetary system of claim 29, wherein said electronic credit authorization includes digital signatures produced by said teller and transaction modules upon transferring said electronic credit authorization; and where said money generator module, said teller module, and said transaction module are each associated with an electronic certificate by which other modules may verify their authenticity; whereby said transferring of said electronic credit authorization by said transaction module to said other transaction module may be performed without subscriber identification.
31. The electronic monetary system of claim 29, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
32. The electronic monetary system of claim 26, wherein said transaction module is capable of storing both electronic representations of currency and electronic credit authorizations, and where said transaction module can transfer both said electronic representations of currency and said electronic credit authorizations in a single transaction transfer to said other transaction module via a cryptographically secure session.
33. An electronic monetary system comprising:
an issuing bank having a first on-line accounting system;
electronic representations of money that are credited in said first on-line accounting system as current liabilities of said issuing bank;
a money generator module associated with said issuing bank, for generating said electronic representations of money;
a first teller module associated with said issuing bank, capable of storing said electronic representations of money;
a plurality of correspondent banks, each having a second on-line accounting system and each maintaining an account at said issuing bank;
a plurality of second teller modules, each associated with one of said correspondent banks, each capable of storing said electronic representations of money;
a transaction module capable of storing said electronic representations of money, performing on-line transactions with said plurality of correspondent banks or said issuing bank, and exchanging said electronic representations of money with other transaction modules in off-line transactions;
where said first teller module has a first processor capable of intermediating transactions among said first on-line accounting system, said money generator, said second teller module, and/or said transaction module; and
where said second teller module has a second processor capable of intermediating transactions among said second on-line accounting system, said first teller module, and/or said transaction module.
34. The electronic monetary system of claim 33, wherein said issuing bank and said correspondent banks have accounting process means for maintaining appropriate accounts during deposits and withdrawals of said electronic representations of money.
35. The electronic monetary system of claim 33, wherein said money generator, transaction, and first and second teller modules are tamper-proof devices capable of communicating via cryptographically secure sessions.
36. The electronic monetary system of claim 35, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
37. An electronic monetary system comprising:
a plurality of issuing banks having on-line accounting systems;
electronic representations of currency that are credited in said on-line accounting system as current liabilities of said plurality of issuing banks;
a plurality of money generator modules associated with said plurality of issuing banks, for generating said electronic representations of currency;
a plurality of teller modules associated with said plurality of issuing banks, capable of storing said electronic representations of currency;
a clearing bank having a data processing system for clearing said electronic representations of currency, at which each of said plurality of issuing banks has an account;
where each of said electronic representations of currency includes an issuing bank identifier; and
where each of said plurality of teller modules sends electronic representations of currency deposited at its issuing bank but issued by another issuing bank to said clearing bank data processing system for balancing said issuing bank accounts and for sending each said electronic representation of currency back to said issuing bank indicated by its issuing bank identifier.
38. The electronic monetary system of claim 37, wherein said plurality of issuing banks and said clearing bank have accounting process means for maintaining appropriate accounts during clearing of said electronic representations of money.
39. The electronic monetary system of claim 37, wherein said money generator modules and said teller modules are tamper-proof devices capable of communicating via cryptographically secure sessions.
40. The electronic monetary system of claim 39, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
41. An electronic monetary system comprising:
a plurality of issuing banks having on-line accounting systems;
electronic credit authorizations that are drawn on subscribers' loan accounts in said on-line accounting system so as to reduce said subscribers' available credit lines;
a plurality of money generator modules associated with said plurality of issuing banks, for generating said electronic credit authorizations;
a plurality of teller modules associated with said plurality of issuing banks, capable of storing said electronic credit authorizations;
a clearing bank having a data processing system for clearing said electronic credit authorizations, at which each of said plurality of issuing banks has an account;
where each of said electronic credit authorizations includes an issuing bank identifier; and
where each of said plurality of teller modules sends electronic credit authorizations deposited at its issuing bank but issued by another issuing bank to said clearing bank data processing system for balancing said issuing bank accounts and for sending each said electronic credit authorization back to said issuing bank indicated by its issuing bank identifier.
42. The electronic monetary system of claim 41, wherein said plurality of issuing banks and said clearing bank have accounting process means for maintaining appropriate accounts during clearing of said electronic credit authorizations.
43. The electronic monetary system of claim 41, wherein said money generator modules and said teller modules are tamper-proof devices capable of communicating via cryptographically secure sessions.
44. The electronic monetary system of claim 43, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
45. An electronic monetary system comprising:
an issuing bank having an on-line accounting system and a money issued reconciliation system;
electronic representations of money that are accounted for in said on-line accounting system;
a money generator module associated with said issuing bank, for generating said electronic representations of money;
a teller module associated with said issuing bank, capable of storing said electronic representations of money;
where said electronic representations of money include a note identifier used to uniquely identify each said electronic representation of money;
where said money issued reconciliation system maintains a record of said electronic representations of money that issued from said issuing bank; and
where said electronic representations of money that are deposited are sent to said money issued reconciliation system having a processor for matching said record of electronic representations of money that issued to those electronic representations of money deposited; and
where unmatched cases may indicate note counterfeiting in said electronic monetary system.
46. The electronic monetary system of claim 45, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
47. An electronic monetary system comprising:
an issuing bank having an on-line accounting system and a transaction reconciliation system;
electronic representations of money that are accounted for in said on-line accounting system;
a money generator module associated with said issuing bank, for generating said electronic representations of money;
a teller module associated with said issuing bank, capable of storing said electronic representations of money;
where transaction records from said money generator module, said teller module, and said on-line accounting system are periodically passed to said transaction reconciliation system;
said transaction reconciliation system having a processor for analyzing said transaction records to ensure that teller transactions match the appropriate accounting transactions and to ensure that money generator transactions match the appropriate teller transactions and accounting transactions; and
where any mismatches may indicate incomplete processing or a security breach.
48. The electronic monetary system of claim 47, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
49. A method for a transaction module having a time-limited certificate to update said certificate through interaction with a security server comprising the steps of:
said transaction module generating a new public and private key pair;
said transaction module sending certificate data including said new public key and an identifier associated with said transaction module to said security server, where said data is digitally signed by an old private key of said transaction module;
said security server verifying the validity of said data signed by said old private key;
said security server digitally signing an updated certificate incorporating said certificate data and sending said updated certificate to said transaction module; and
said transaction module validating said updated certificate.
50. A method for a subscriber using a transaction module to perform a withdrawal from said subscriber's bank account at an issuing bank having a teller module, a money generator module, and an on-line accounting system, comprising the steps of:
(a) said subscriber selecting, by way of said transaction module, said bank account from which to make said withdrawal and a withdrawal amount;
(b) said transaction module establishing a first cryptographically secure session with said teller module;
(c) said transaction module sending a withdrawal request to said teller module, via said first cryptographically secure session, where said withdrawal request includes said withdrawal amount and bank account information corresponding to said bank account;
(d) checking said bank account information to verify its validity;
(e) checking said bank account for sufficient funds;
(f) said teller module establishing a second cryptographically secure session with said money generator module;
(g) said teller module sending a create money request to said money generator module, via said second cryptographically secure session, where said create money request includes a requested note value;
(h) crediting a money issued account in said on-line accounting system by said requested note value;
(i) debiting said bank account in said on-line accounting system by said withdrawal amount;
(j) said money generator module generating a first electronic representation of money of said requested note value;
(k) transferring said first electronic representation of money to said teller module, via said second cryptographically secure session;
(l) transferring said first electronic representation of money from said teller module to said transaction module, via said first cryptographically secure session;
(m) committing said transaction module and said teller module session; and
(n) committing said teller module and said money generator module session.
51. The withdrawal method of claim 50, further comprising a step for maintaining appropriate accounts at said issuing bank during said withdrawal transaction.
52. The withdrawal method of claim 50, wherein said bank account information comprises an account profile having a bank account number that is digitally signed by a security server; where said step of checking the validity of said bank account information includes the step of checking said digital signature on said account profile with a public key of said security server.
53. The withdrawal method of claim 50, wherein said requested note value equals said withdrawal amount.
54. The withdrawal method of claim 50, further comprising the step of:
before step (f), said transaction module transferring a second electronic representation of money to said teller module, via said first cryptographically secure session;
where said second electronic representation of money includes an expiration date and a monetary value;
where said requested note value equals said withdrawal amount added to said monetary value; and
where said first electronic representation of money includes an updated expiration date.
55. The withdrawal method of claim 50, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
56. A method for a subscriber using a transaction module to withdraw an electronic representation of money from a correspondent bank, comprising the steps of:
(a) said subscriber selecting, by way of said transaction module, a bank account from which to make a withdrawal and a withdrawal amount;
(b) establishing a first cryptographically secure session between said transaction module and a first teller module associated with said correspondent bank;
(c) said transaction module sending a first withdrawal request to said teller module, via said first cryptographically secure session, where said withdrawal request includes said withdrawal amount and bank account information corresponding to said bank account;
(d) checking said bank account information to verify its validity;
(e) checking said bank account for sufficient funds;
(f) establishing a second cryptographically secure session between said first teller module and a second teller module associated with said issuing bank;
(g) debiting said subscriber's bank account by said withdrawal amount in a first on-line accounting system associated with said correspondent bank;
(h) crediting a deposited at issuing bank account in said first on-line accounting system by said withdrawal amount;
(i) said first teller module sending a second withdrawal request to said second teller module, via said second cryptographically secure session, where said second withdrawal request includes said withdrawal amount;
(j) establishing a third cryptographically secure session between said second teller module and said money generator module;
(k) said second teller module sending a create money request to said money generator module, via said third cryptographically secure session, where said create money request includes said withdrawal amount;
(l) said money generator module generating a new electronic representation of money of said withdrawal amount;
(m) transferring said new electronic representation of money to said second teller module, via said third cryptographically secure session;
(n) crediting a money issued account in a second on-line accounting system associated with said issuing bank by said withdrawal amount;
(o) debiting a correspondent bank money account in said second on-line accounting system by said withdrawal amount;
(p) transferring said new electronic representation of money from said second teller module to said first teller module, via said second cryptographically secure session;
(q) transferring said new electronic representation of money from said first teller module to said transaction module, via said first cryptographically secure session;
(r) committing said transaction module and said first teller module session;
(s) committing said first teller module and second teller module session; and
(t) committing said second teller module and said money generator module session.
57. The withdrawal method of claim 56, further comprising a step for maintaining appropriate accounts at said issuing bank and correspondent bank during said withdrawal transaction.
58. The withdrawal method of claim 56, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
59. A method for a subscriber using a transaction module to perform a deposit to said subscriber's bank account at an issuing bank having a teller module, a money generator module, and an on-line accounting system, comprising the steps of:
(a) said subscriber selecting, by way of said transaction module, a deposit amount and said bank account in which to make said deposit;
(b) checking if said transaction module contains sufficient funds;
(c) said transaction module establishing a first cryptographically secure session with said teller module;
(d) said transaction module sending a deposit request to said teller module, via said first cryptographically secure session, where said deposit request includes said deposit amount and bank account information corresponding to said bank account;
(e) checking said bank account information to verify its validity;
(f) said transaction module transferring a first electronic representation of money to said teller module, via said first cryptographically secure session;
(g) crediting said bank account in said on-line accounting system by said deposit amount; and
(h) committing said transaction module and said teller module session.
60. The deposit method of claim 59, further comprising a step for maintaining appropriate accounts at said issuing bank during said deposit transaction.
61. The deposit method of claim 59, wherein said first electronic representation of money comprises all electronic notes stored in said transaction module, where each said electronic note has an individual monetary value and an expiration date, and where said all electronic notes have a total monetary value equalling the sum of said individual monetary values; and further comprising the steps of:
when said total monetary value exceeds said deposit amount, establishing a second cryptographically secure session between said teller module and a money generator module;
said teller module sending a create money request to said money generator module, via said second cryptographically secure session, where said create money request includes a requested note value equalling the difference between said total monetary value and said deposit amount;
crediting a money issued account in said on-line accounting system by said requested note value;
said money generator generating a second electronic representation of money of said requested note value and including an updated expiration date;
transferring said second electronic representation of money to said teller module, via said second cryptographically secure session; and
transferring said second electronic representation of money from said teller module to said transaction module, via said first cryptographically secure session.
62. The deposit method of claim 59, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
63. A method for a subscriber using a transaction module to deposit electronic representations of money at a correspondent bank, comprising the steps of:
(a) said subscriber selecting, by way of said transaction module, a deposit amount and a bank account in which to make a deposit;
(b) checking if said transaction module contains sufficient funds;
(c) establishing a first cryptographically secure session between said transaction module and a first teller module associated with said correspondent bank;
(d) said transaction module sending a first deposit request to said first teller module, via said first cryptographically secure session, where said deposit request includes said first deposit amount and bank account information corresponding to said bank account;
(e) checking said bank account information to verify its validity;
(f) said transaction module transferring said electronic representations of money to said first teller module, via said first cryptographically secure session;
(g) said first teller module sending a first deposit acknowledgment to said transaction module, via said first cryptographically secure session;
(h) committing said transaction module and said first teller module session;
(i) crediting said subscriber's bank account in a first on-line accounting system associated with said correspondent bank by said deposit amount;
(j) establishing a second cryptographically secure session between said first teller module and said second teller module;
(k) said first teller module sending a second deposit request to said second teller module, via said second cryptographically secure session, where said second deposit request includes said deposit amount;
(l) debiting a deposited at issuing bank account in said first on-line accounting system by said deposit amount;
(m) transferring said electronic representations of money from said first teller module to said second teller module, via said second cryptographically secure session;
(n) crediting a correspondent bank money account in a second on-line accounting system associated with said issuing bank by said deposit amount;
(o) said second teller module sending a second deposit acknowledgement to said first teller module, via said second cryptographically secure session; and
(p) committing said first teller module and second teller module session.
64. The deposit method of claim 63, further comprising a step for maintaining appropriate accounts at said issuing bank and said correspondent bank during said deposit transaction.
65. The deposit method of claim 63, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
66. A method for a subscriber payment using a first transaction module to transfer an electronic representation of money to a second transaction module:
(a) establishing a cryptographically secure session between said first and second transaction modules;
(b) a first subscriber selecting, by way of said first transaction module, a transfer amount;
(c) checking if said first transaction module contains sufficient funds;
(d) said first transaction module sending a first message including said transfer amount to said second transaction module, via said cryptographically secure session;
(e) said second transaction module prompting a second subscriber for verification of said transfer amount;
(f) said second transaction module sending an acknowledgement message to said first transaction module, via said cryptographically secure session;
(g) said first transaction module transferring said electronic representation of money to said second transaction module, via said cryptographically secure session; and
(h) committing said first and second transaction module session.
67. The subscriber payment method of claim 66, wherein said electronic representation of money is an electronic representation of currency having an expiration date and a monetary value; where step (g) further comprises the step of:
said first transaction module choosing for transfer a least number of electronic representations of currency and said electronic representations of currency closest to said expiration date.
68. The subscriber payment method of claim 66, wherein said electronic representation of money is an electronic representation of currency having a monetary value and a list of transfer records; where step (g) further comprises the step of:
said first transaction module appending a transfer record to said electronic representation of currency to be transferred, where said transfer record includes a transferred monetary value.
69. The subscriber payment method of claim 66, wherein step (h) further comprises the steps of:
said first transaction module committing by logging said transfer transaction so that said first transaction module can no longer abort said transfer transaction by rolling-back its state;
said second transaction module committing by logging said transfer transaction so that said second transaction module can no longer abort said transfer transaction by rolling-back its state.
70. The subscriber payment method of claim 66, wherein said electronic representation of money includes an indication of one of a plurality of different monetary units;
wherein step (b) further includes the step of said first subscriber selecting an indication of monetary unit; and
wherein step (e) further includes the step of prompting said second subscriber for verification of said indication of monetary unit.
71. The subscriber payment method of claim 66, wherein said subscriber may be either a person or an electronic processing device used by said person to control said transaction module.
72. A payment method using a first money module to transfer an electronic representation of money to a second money module, comprising the steps of:
(a) establishing a cryptographically secure session between said first money module and said second money module where said first and second money modules are tamper-proof modules;
(b) said first money module prompting a first subscriber for transaction terms, and said first subscriber supplying said first transaction terms to said first money module;
(c) said first money module sending said transaction terms to said second money module, via said cryptographically secure session;
(d) said second money module prompting a second subscriber to verify said transaction terms, and said second subscriber supplying a verification of said transaction terms;
(e) said first money module transferring said electronic representation of money to said second money module, via said cryptographically secure session;
(f) said first money module committing to said electronic money transfer by logging said electronic money transfer so that said first transaction module can no longer abort said electronic money transfer by rolling-back its state; and
(g) said second money module committing by logging said electronic money transfer so that said second money module can no longer abort said electronic money transfer by rolling-back its state.
73. The payment method of claim 72, wherein said subscriber may be either a person or an electronic processing device used by said person to control said money module.
74. The payment method of claim 72, wherein said transaction terms include a monetary value.
75. The payment method of claim 72, wherein said money modules may abort during said electronic money transfer by following an abort routine programmed in said money modules, where control is transferred to said abort routine from other routines including a time-out protocol.
76. A method for a subscriber to exchange an electronic representation of a first foreign currency stored in a first transaction module for an electronic representation of a second foreign currency stored in a second transaction module, comprising the steps of:
(a) establishing a cryptographically secure session between said first transaction module and said second transaction module;
(b) said subscriber selecting, by way of said first transaction module, a first amount of said first foreign currency to be sold and an exchange rate;
(c) checking if said first transaction module has sufficient funds;
(d) said first transaction module sending said first amount and said exchange rate to said second transaction module, via said cryptographically secure session;
(e) said second transaction module prompting its owner to verify said first amount and said exchange rate;
(f) checking if said second transaction module has sufficient funds;
(g) said second transaction module sending an acknowledgment message to said first transaction module, via said cryptographically secure session;
(h) said first transaction module sending said electronic representation of first foreign currency to said second transaction module, in said first amount, via said cryptographically secure session;
(i) said second transaction module sending said electronic representation of said second foreign currency to said first transaction module, in a second amount calculated from said first amount and said exchange rate, via said cryptographically secure session; and
(j) committing said first and second transaction module session.
77. The foreign exchange method of claim 76, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
78. A method for a subscriber to exchange an electronic representation of first foreign currency stored in a transaction module for an electronic representation of second foreign currency from an issuing bank having a money generator capable of generating said electronic representation of second foreign currency, a teller module, and an on-line accounting system, comprising the steps of:
(a) said subscriber selecting, by way of said transaction module, a first amount of said first foreign currency to be sold;
(b) checking if said transaction module has sufficient funds;
(c) establishing a first cryptographically secure session between said transaction module and said teller module;
(d) said transaction module sending said first amount to said teller module, via said first cryptographically secure session;
(e) said transaction module sending said electronic representation of first foreign currency to said teller module, via said first cryptographically secure session;
(f) establishing a second cryptographically secure session between said teller module and said money generator module;
(g) said teller module sending a create money request to said money generator, via said second cryptographically secure session, where said create money request includes a second amount calculated from said first amount and an exchange rate maintained by said issuing bank;
(h) crediting a money issued account in said on-line accounting system by said second amount;
(i) said money generator generating said electronic representation of second foreign currency of said second amount;
(j) transferring said electronic representation of second foreign currency to said teller module, via said second cryptographically secure session;
(k) transferring said electronic representation of second foreign currency from said teller module to said transaction module, via said first cryptographically secure session;
(l) committing said transaction module and said teller module session; and
(m) committing said teller module and said money generator module session.
79. The method of claim 78, further comprising a step for maintaining appropriate accounts at said issuing bank during said foreign exchange transaction.
80. The foreign exchange method of claim 78, further comprising the steps of:
after step (d), said teller module sending said exchange rate to said transaction module, via said first cryptographically secure session; and
said transaction module prompting said subscriber to verify said exchange rate.
81. The foreign exchange method of claim 78, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
82. A method for a subscriber to exchange an electronic representation of first foreign currency stored in a transaction module for an electronic representation of second foreign currency from an issuing bank having a money generator module capable of generating said electronic representation of second foreign currency, a second teller module, a second on-line accounting system, received via a correspondent bank having a first teller module and a first on-line accounting system, comprising the steps of:
(a) said subscriber selecting, by way of said transaction module, a first amount of said first foreign currency to be sold;
(b) checking if said transaction module has sufficient funds;
(c) establishing a first cryptographically secure session between said transaction module and said first teller module;
(d) said transaction module sending said first amount to said first teller module, via said first cryptographically secure session;
(e) said transaction module sending said electronic representation of first foreign currency to said first teller module, via said first cryptographically secure session;
(f) establishing a second cryptographically secure session between said first teller module and said second teller module;
(g) said first teller module sending a withdrawal request to said second teller module, via said second cryptographically secure session, where said withdrawal request includes a second amount calculated from said first amount and an established exchange rate;
(h) crediting a deposited at issuing bank account in said first on-line accounting system by said second amount of second foreign currency;
(i) establishing a third cryptographically secure session between said second teller module and said money generator module;
(j) said second teller module sending a create money request to said money generator module, via said third cryptographically secure session, where said create money request includes said second amount;
(k) said money generator generating said electronic representation of second foreign currency of said second amount;
(l) transferring said electronic representation of second foreign currency to said teller module, via said third cryptographically secure session;
(m) crediting a money issued account in said second on-line accounting system by said second amount of second foreign currency;
(n) debiting a correspondent bank money account by said second amount of second foreign currency;
(o) transferring said electronic representation of second foreign currency from said second teller module to said first teller module, via said second cryptographically secure session;
(p) transferring said electronic representation of second foreign currency from said first teller module to said transaction module, via said first cryptographically secure session;
(q) committing said transaction module and said first teller module session;
(r) committing said first teller module and said second teller module session; and
(s) committing said second teller module and said money generator module session.
83. The foreign exchange method of claim 82, further comprising a step for maintaining appropriate accounts at said issuing bank and said correspondent bank during said foreign exchange transaction.
84. The foreign exchange method of claim 82, wherein each said module may commit by logging a transaction so that it can no longer abort said transaction by rolling-back its state; and wherein each said module may abort during said transaction by following a programmed abort routine, where control is transferred to said abort routine from other routines including a time-out protocol.
85. A method for updating an electronic representation of currency having an expiration date and stored in a transaction module with an updated electronic representation of currency, comprising the steps of:
(a) establishing a first cryptographically secure session between said transaction module and a teller module associated with an issuing bank;
(b) said transaction module sending an update request to said teller module, via said first cryptographically secure session;
(c) said teller module sending an acknowledgment message to said transaction module, via said first cryptographically secure session;
(d) said transaction module transferring said electronic representation of currency to said teller module, via said first cryptographically secure session;
(e) establishing a second cryptographically secure session between said teller module and a money generator module;
(f) said teller module sending a create money request to said money generator module, via said second cryptographically secure session, where said create money request includes said first amount;
(g) crediting a money issued account by said first amount in an on-line accounting system associated with said issuing bank;
(h) said money generator module generating said updated electronic representation of currency having a new expiration date;
(i) transferring said updated electronic representation of currency from said money generator module to said teller module, via said second cryptographically secure session;
(j) transferring said updated electronic representation of currency from said teller module to said transaction module, via said first cryptographically secure session;
(k) committing said transaction module and said teller module session; and
(l) committing said teller module and said money generator module session.
86. The method of claim 85, further comprising a step for maintaining appropriate accounts at said issuing bank during said updating procedure.
87. A system for transferring electronic notes between processor-based electronic modules comprising:
processor-based electronic modules each capable of creating a cryptographically secure channel and transferring and receiving electronic notes via said cryptographically secure channel, and where each said electronic module has a memory for storing said electronic notes;
wherein each stored electronic note comprises:
a body group of data fields including data indicative of a monetary value of said electronic note;
a transfer group of data fields including a list of transfer records, where each transfer record is generated by a transferor electronic module and appended to said electronic note upon transfer; and
a signature and certificate group of data fields including a list of transferors containing each transferor electronic module's digital signature and certificate.
88. The system of claim 87, wherein said body group of data fields further includes a monetary unit identifier, an issuing bank identifier, a note identifier, a date-of-issue, a date-of-expiration, and an identifier of a processor-based electronic money generator module.
89. The system of claim 88, wherein said body group of data fields further includes an indication of type of electronic note and a subscriber's account number when said type of note corresponds to an electronic credit authorization.
90. The electronic monetary system of claim 1, wherein said money generator module and said teller module are embodied in a device having a single processor.
91. The electronic monetary system of claim 13, wherein said money generator module and said teller module are embodied in a device having a single processor.
92. The electronic monetary system of claim 20, wherein said money generator module and said teller module are embodied in a device having a single processor.
93. The electronic monetary system of claim 26, wherein said money generator module and said teller module are embodied in a device having a single processor.
94. The electronic monetary system of claim 33, where said money generator module and said first teller module are embodied in an electronic processing device controlled by said first processor.
95. The electronic monetary system of claim 37, wherein at least one of said money generator modules and one of said teller modules are embodied in a device having a single processor.
96. The electronic monetary system of claim 41, wherein at least one of said money generator modules and one of said teller modules are embodied in a device having a single processor.
97. The electronic monetary system of claim 45, wherein said money generator module and said teller module are embodied in a device having a single processor.
98. The electronic monetary system of claim 47, wherein said money generator module and said teller module are embodied in a device having a single processor.
Description
BACKGROUND OF THE INVENTION
The present invention relates to an electronic monetary system for implementing electronic money payments as an alternative medium of economic exchange to cash, checks, credit and debit cards, and electronics funds transfer. The Electronic-Monetary System is a hybrid of currency, check, card payment systems, and electronic funds transfer systems, possessing many of the benefits of these systems with few of their limitations. The system utilizes electronic representations of money which are designed to be universally accepted and exchanged as economic value by subscribers of the monetary system.
Today, approximately 350 billion coin and currency transactions occur between individuals and institutions every year. The extensive use of coin and currency transactions has limited the automation of individual transactions such as purchases, fares, and bank account deposits and withdrawals. Individual cash transactions are burdened by the need of having the correct amount or providing change therefor. Furthermore, the handling and managing of paper cash and coins is inconvenient, costly and time consuming for both individuals and financial institutions alike.
Although checks may be written for any specific amount up to the amount available in the account, checks have very limited transferability and must be supplied from a physical inventory. Paper-based checking systems do not offer sufficient relief from the limitations of cash transactions, sharing many of the inconveniences of handling currency while adding the inherent delays associated with processing checks. To this end, economic exchange has striven for greater convenience at a lower cost, while also seeking improved security.
Automation has achieved some of these qualities for large transactions through computerized electronic funds transfer ("EFT") systems. Electronic funds transfer is essentially a process of value exchange achieved through the banking system's centralized computer transactions. EFT services are a transfer of payments utilizing electronic "checks," which are used primarily by large commercial organizations.
The Automated Clearing House (ACH) and point of sale (POS) systems are examples of electronic funds transfer systems that have become used by retail and commercial organizations on a substantial basis in recent years. However, the payments made through these types of EFT systems are limited in that they cannot be performed without the banking system. Moreover, ACH transactions usually cannot be performed during off business hours.
Home Banking bill payment services are examples of an electronic funds transfer system used by individuals to make payments. Currently, home banking initiatives have found few customers. Of the banks that have offered services for payments, account transfers and information over the telephone lines using personal computers, less than one percent of the bank's customers are using the service. One reason that Home Banking has not been a successful product is because the customer cannot deposit and withdraw money as needed in this type of system.
Current EFT systems, credit cards, or debit cards, which are used with an on-line system to transfer money between accounts, such as between the account of a merchant and that of a customer, cannot satisfy the need for an automated transaction system that provides for the transfer of universally accepted economic value outside of the banking system.
To implement an automated, yet more convenient transaction system that does not require the banking system to intermediate the transfer, and that can dispense some form of economic value, there has been a trend towards off-line electronic funds transfer. For example, numerous ideas have been proposed for some form of "electronic money" that can be used in cashless payment transactions as alternatives to the traditional currency and check types of payment systems. See U.S. Pat. No. 4,977,595, entitled "METHOD AND APPARATUS FOR IMPLEMENTING ELECTRONIC CASH, and U.S. Pat. No. 4,305,059, entitled "MODULAR FUNDS TRANSFER SYSTEM."
The more well known techniques include magnetic stripe cards purchased for a given amount and from which a prepaid value can be deducted for specific purposes. Upon exhaustion of the economic value, the cards are thrown away. Other examples include memory cards or so called smart cards which are capable of repetitively storing information representing value that is likewise deducted for specific purposes.
However, these proposed systems suffer from a failure to recognize fully the significance of bank deposits as money, and their necessity to back any form of universally accepted monetary representations that may be issued. In the systems disclosed thus far, representations of economic value, whether electronic or paper, are issued without the backing of equal valued liabilities as the counterpart to their assets.
None of the paperless payment systems that have been proposed so far are comprehensive enough so as to implement a multipurpose electronic monetary system that includes not only the automated devices that allow subscribers to transfer electronic funds or money between them without any intermediating system, but that also encompasses and includes an entire banking system for generating the value represented by the electronic money and for clearing and settling the electronic money accounts of the banks and financial institutions involved to maintain a monetary balance within the system.
Thus, there is a need for a system that allows common payor to payee economic exchanges without the intermediation of the banking system, and that gives control of the payment process to the individual. Furthermore, a need exists for providing a system of economic exchange that can be used by large organizations for commercial payments of any size, that does not have the limitations of the current EFT systems.
Accordingly, it is an object of the present invention to provide a complete electronic monetary system which utilizes electronic money that is interchangeable with traditional cash and is universally accepted.
It is another object of the present invention to provide a method of securely transferring economic value including currency and credit among subscribers, among financial institutions, and between subscribers and financial institutions.
A further object of the present invention is to provide a multipurpose paperless payment system whereby transactions can be carried out in both an on-line and an off-line mode between subscribers.
It is yet another object of the present invention to provide a payment system that reduces the cost of central electronic funds transfer systems by off loading much of the payments to off-line devices.
It is still another object of the present invention to provide a system of inexpensive electronic transfers to reduce an institution's cost of managing paper cash, checks and coins.
It is still a further object of the present invention to provide a user friendly electronic payment system that may be used reliably and securely for real time transfers of money between members of the general public, between members of the general public and commercial organizations, and between commercial organizations.
It is still another object of the present invention to provide a system for depositing and withdrawing economic value which may be integrated with a wide variety of data processing and data communication systems including currently available home banking services.
It is still a further object of the present invention to provide an electronic monetary system which utilizes electronic money in the form of multiple currencies.
It is yet a further object of the present invention to provide a system for safely transferring economic value in transactions of virtually any size denomination.
It is yet another object of the present invention to provide a medium of economic exchange that is fungible, easily transferable, undeniably redeemable, and secure from reuse, duplication, and counterfeiting.
The foregoing objects and advantages of the invention are illustrative of those which can be achieved by the present invention and are not intended to be exhaustive or limiting of the possible advantages which can be realized. Thus, these and other objects and advantages of the invention will be apparent from the description herein or can be learned from practicing the invention, both as embodied herein or as modified in view of any variations which may be apparent to those skilled in the art. Accordingly, the present invention resides in the novel methods, arrangements, combinations and improvements herein shown and described.
SUMMARY OF EXEMPLARY EMBODIMENT
To achieve the foregoing, and other objects, the method and apparatus of the present invention employ a preferred embodiment in the form of an electronic-monetary system having (1) banks or financial institutions that are coupled to a money generator device for generating and issuing to subscribing customers electronic money including electronic currency backed by demand deposits and electronic credit authorizations; (2) correspondent banks that accept and distribute the electronic money; (3) a plurality of transaction devices that are used by subscribers for storing electronic money, for performing money transactions with the on-line systems of the participating banks or for exchanging electronic money with other like transaction devices in off-line transactions; (4) teller devices, associated with the issuing and correspondent banks, for process handling and interfacing the transaction devices to the issuing and correspondent banks, and for interfacing between the issuing and correspondent banks themselves; (5) a clearing bank for balancing the electronic money accounts of the different issuing banks; (6) a data communications network for providing communications services to all components of the system; and (7) a security arrangement for maintaining the integrity of the system, and for detecting counterfeiting and tampering within the system.
In the preferred embodiment, the functions of the money generating devices, the transaction devices, and the teller devices will be performed by a combination of tamper-proof computer hardware and application software modules that may be networked together. Information is transmitted in an encrypted form to provide security from unauthorized inspection. The electronic money is transmitted with digital signatures to provide authentication, and security from modification or counterfeiting.
The electronic money exchanged by these devices may be an electronic representation of currency or credit. An important aspect of the electronic currency is that it is the equivalent of bank notes and is interchangeable with conventional paper money through claims on deposits in an issuing bank, but can be withdrawn or deposited both at an issuing bank and at a correspondent bank. However, only the issuing banks can generate the electronic currency, and will be liable for its redemption.
The issuing banks later utilize inter-bank clearing and settling processes to maintain the monetary balance in the banking system, as is currently practiced by today's banking industry.
The electronic money representations are fungible, universally accepted, and undeniably redeemable from the issuing banks, i.e., they have the characteristics of money transactions. To preserve the integrity of the electronic monetary system, each exchange of electronic money includes, along with other information, data identifying the monetary unit of the credit or currency, (i.e., dollars, yen, etc.) the amount by unit of credit or currency, the bank issuing the electronic credit or currency, and several digital signatures.
SUMMARY OF THE INVENTION
In accordance with these and other objects of the invention, a brief summary of the present invention is presented. Some simplifications and omissions may be made in the following summary, which is intended to highlight and introduce some aspects of the present invention, but not to limit its scope. Detailed descriptions of a preferred exemplary embodiment adequate to allow those of ordinary skill in the art to make and use the inventive concepts will follow in later sections.
According to a broad aspect of the invention, an electronic monetary system provides for transactions utilizing electronic money including electronic currency backed by demand deposits in a bank in lieu of cash transactions, and electronic credit authorizations. The invention comprises a money module for generating the electronic money; a money module for issuing, distributing, and accepting the electronic money; and a money module for accepting, storing, and transferring the electronic money between other accepting money modules and between the accepting money module and the issuing money module.
According to a further aspect of the invention, an electronic monetary system is provided for implementing and maintaining electronic money which includes electronic currency that is interchangeable with conventional money through claims on deposits in a bank and electronic credit authorizations.
The system includes a plurality of issuing banks; a generator module for creating electronic money; teller modules coupled to the generator module, for performing teller transactions and for interfacing with other teller modules, such transactions including the accepting and the distributing of the electronic money; a security system for providing the overall integrity of the electronic monetary system; a clearing and settling process for balancing the electronic money accounts of the separate issuing banks and for clearing the electronic money issued by the issuing banks; and a plurality of transaction modules owned by authorized users, for transferring the electronic money between the transaction modules and between the transaction modules and the teller modules.
In accordance with another aspect of the invention, the functions of the generator modules, the transaction modules, and the teller modules will be performed by a combination of tamper-proof computer hardware and application software that may be networked together.
The electronic money exchanged by these modules, which may be an electronic representation of currency backed by demand deposit accounts at the issuing bank or credit authorizations, may be transmitted with digital signatures to provide security from unauthorized modification or counterfeiting. In a preferred embodiment, security from counterfeiting and tampering is also provided by requiring the modules and the individual units of electronic money to be renewed periodically. Offending modules or counterfeit electronic money can be removed from circulation as soon as they are discovered.
Briefly, a process in accordance with the invention comprises the steps of
(1) providing a generating module to generate electronic representations of economic value backed by demand deposits or by a credit line;
(2) providing a teller module to accept the generated electronic representations of economic value and to issue the electronic representations of economic value;
(3) providing the authorized users with a transacting module for accepting, storing and transferring the electronic representations of economic value to other authorized users having the transacting module and to the teller processing module;
(4) accepting and transferring the electronic representations of economic value to other authorized users having a transacting module and to the teller module; and
(5) providing a security system to allow the transfer of electronic representations of economic value in a secure manner between the generating module, the teller module and the transacting module.
BRIEF DESCRIPTION OF THE DRAWINGS
Other objects and advantages of the present invention will become more apparent by the following description with reference to accompanying drawings, in which:
FIG. 1 is a diagram illustrating general aspects of the invention;
FIG. 2 is a schematic diagram of the operative arrangement of the components, according to the invention.
FIG. 3 is a perspective diagram of several embodiments of external systems that may house a money module, according to the invention.
FIG. 4 is a block form diagram of a Transaction money module, according to the invention.
FIG. 5 is a block form diagram of a Teller money module, according to the invention.
FIG. 6 is a block form diagram of a Money Generator module, according to the invention.
FIG. 7 is a block diagram of the network arrangement, according to the invention.
FIG. 8 is a block diagram of a Network Server, according to the invention.
FIG. 9 is a flow diagram of the security system, according to the invention.
FIG. 10 is a block form diagram of a security server, according to the invention.
FIGS. 11-24 are flow diagrams of accounting examples, according to the invention.
FIG. 25 a flow diagram of the Transaction Reconciliation System, according to the invention.
FIG. 26 is a flow diagram of the Clearing System, according to the invention.
FIG. 27 is a flow diagram of the Money Issued Reconciliation System, according to the invention.
FIGS. 28-50A are flow charts of transaction examples, according to the invention.
FIG. 51 shows an example of a note transfer tree.
DISCLOSURE OF THE PREFERRED EMBODIMENT OF THE INVENTION
The present invention contemplates an improved monetary system using electronic media to securely and reliably exchange economic value. The system can be implemented by integrating novel data processing systems with other procedures which can be implemented with the current worldwide banking systems.
Throughout this description, "electronic money" may also be referred to by the abbreviation "E-M." Additionally, the term "bank" is used hereinafter to indicate any banking, financial institution or the like which is a participant of the present invention.
Referring now to the drawings, wherein like numerals refer to like components, there is disclosed in FIG. 1, in block form, broad aspects of the preferred embodiment. In FIG. 1, the general relationship among the features of the system is shown. The system includes Issuing Banks 1 each having a Teller money module 5 and a Money Generator module 6; Correspondent Banks 2 each having a Teller money module 5; an electronic money Clearing Bank 3; a Certification Agency 28 and a plurality of Transaction money modules 4 owned by subscribers of the system. Though money generator module 6 and teller module 5 are preferably embodied separately, the functions of these modules may be embodied in a unitary device under processor control.
Electronic notes 11, the media for transferring electronic money, are generated by the Money Generator module 6 for an Issuing Bank 1. These notes 11 are then transferred by a Teller money module 5 to a subscriber utilizing a Transaction money module 4. Electronic notes 11 may be representations of currency or credit authorizations. For security reasons, all electronic notes 11 will expire after a preset time period. Once expired, the notes 11 must be redeemed at a participating bank for updated ones before they can be transferred.
An Issuing Bank 1 generates and distributes the electronic notes 11, and is liable for their redemption. An Issuing Bank 1 performs deposits, withdrawals, payments to loans and inquiries for other money modules.
A Correspondent Bank 2 is a participating bank which distributes electronic money through accounts it maintains at Issuing Banks 1, but does not generate any electronic money, and is not liable for its redemption. Because it cannot generate any electronic money, the Correspondent Bank 2 in the preferred embodiment must make real-time requests of electronic money from an account it maintains at an Issuing Bank 1 whenever a subscriber wishes to withdraw electronic money at a Correspondent Bank 2.
Conversely, a Correspondent Bank 2 deposits all electronic money deposited by subscribers, to the accounts the Correspondent Bank 2 holds at Issuing Banks 1. These accounts will be described hereinafter. A Correspondent Bank 2, like an Issuing Bank 1, will perform deposits withdrawals, payments to loans and bank inquiries.
Notably, an Issuing Bank 1 may also be a Correspondent Bank 2 for the monetary units that it does not generate. For example, an Issuing Bank 1 for electronic dollar notes 11 may be a Correspondent Bank 2 for electronic notes 11 of yen, marks, etc., issued by other banks.
It is also important to note that the system of the invention can function without Correspondent Banks 2. For example, a subscriber can eliminate the use of a Correspondent Bank 2 by communicating directly with his/her Issuing Bank 1 when making a deposit, withdrawal, etc. Correspondent Banks 2 are included in the preferred embodiment for the practical purpose of expanding distribution of the system while reducing the risks that are inherent in any banking system, such as the risks caused by the collapse of a bank issuing money.
The Clearing Bank 3 is utilized when more than one bank is issuing electronic money. According to the invention, it is anticipated that more than one bank will be issuing electronic money. Thus, the Clearing Bank 3 is provided to clear the electronic money deposited and to balance accounts it maintains for the Issuing Banks 1. The Clearing Bank 3 maintains demand accounts for each Issuing Bank 1 in the system.
The Certification Agency 28, is the centerpiece of the system security. It provides a process that "certifies" the validity of a money module for a certain period of time by issuing a certificate to each money module. A money module must have a valid certificate in order to be able to transact with other money modules 4, 5, 6.
Before the certificate expires, it must be updated so that a subscriber can continue to use his/her transaction money module 4. This process makes users of the system establish periodic contact with the Certification Agency 28.
Periodic contact allows for faster response when tampering with the money modules of the system is detected. To this end, the Certification Agency 28 also provides a list of offending or compromised money modules to other money modules so that transactions with the bad units may be blocked.
The components shown in FIG. 1 are best understood by referring to the system's operative arrangement illustrated in FIG. 2. As illustrated in FIG. 2, the preferred embodiment provides for supplements to the current banking systems that include the following additional components: a plurality of the Transaction money modules 4, the Teller money modules 5, and the Money Generator modules 6, for creating, transferring and storing the electronic notes 11 (money); a Clearing System 13 to balance the accounts of banks issuing currency and credit; a security system 21 to maintain the integrity of the electronic notes 11; the current banking systems 20; a network 25 (exemplified by the lines interconnecting modules and systems) to mediate transactions between money modules 4,5,6, the participating banks 1,2,3 of system 20 and the security system 21; a Transaction Reconciliation system 22 to detect money module malfunctions and insider tampering of the system; a Money Issued Reconciliation System 23 to detect counterfeiting and reuse of electronic money; and a Money Position System 24 to keep track of the electronic money in circulation.
Playing major roles in the preferred embodiment are three classes of "money modules" for creating, storing, and transferring the electronic objects that represent economic value. These include the Transaction money modules 4, the Teller money modules 5, and the Money Generator modules 6. It is contemplated that these money modules 4,5,6 will be a combination of tamper-proof hardware and application software that are meant to be components of a larger processing environment.
Referring to the top right-hand side of FIG. 2, a Transaction money module 4 containing electronic notes 11 stored therein (not shown) may be used to exchange foreign currency or make a payment with another Transaction money module 4, using a secure, encrypted protocol either by a telephonic link, or a proximate communication link. Because it is contemplated that an electronic note 11 will be fungible, i.e., it can be broken into any desired amount, the amount transacted between the Transaction money modules 4 may be of any amount up to the amount stored in the payor's Transaction money module 4.
A payee's Transaction money module 4 that has received the electronic notes 11 as a payment may, in turn, be used to transfer all or any amount of the electronic money contained therein to another subscriber's Transaction money module 4. Alternatively, the payee may deposit the electronic money into his/her bank account.
The value of the electronic money stored in the Transaction money module 4 may also be redeemed at any participating bank (e.g., Correspondent Bank 2 or Issuing Bank 1) for paper money by transferring any amount of the electronic money to a bank's Teller money module 5, whereby a teller or an Automated Teller Machine (ATM) will return an equal amount of paper money. Naturally, it is anticipated that paper money may also be exchanged for equal valued electronic money.
As will be appreciated, the Transaction money module 4 may be configured to make deposits, withdrawals, loan payments, inquiries and exchanges of currencies of electronic notes 11 directly through a Teller money module 5 at an Issuing 1 or Correspondent Bank 2 or remotely through a telephonic connection to an Issuing 1 or Correspondent Bank 2 Teller money module 5 (thereby providing, among other things, the transactions not available in current home banking systems). Upon a request to transact with a bank, the Teller money module 5 mediates the transactions for the subscriber's bank account as well as the banking system's electronic money accounts.
It should be noted that a subscriber will not be required to maintain a bank account in order to own and use a Transaction money module 4. For instance, a subscriber may obtain a stand-alone computing device that contains a Transaction money module 4 and use the device only in off-line peer-to-peer transactions with other devices containing a Transaction money module 4, such as a merchant's point-of-sale terminal. Of course, the merchant may then transfer the electronic money to another commercial organization to meet its obligations, or it may deposit the electronic money at its own bank.
In the preferred embodiment, electronic money deposited at any Issuing Bank 1 other than the original Issuing Bank 1 itself will subsequently be settled for value with the original Issuing Bank 1 through the central clearing and settling process performed by the Clearing System 13. It is anticipated that the clearing and settling processes will be managed by the Clearing Bank 3 (FIG. 1). Each Issuing Bank 1 Teller money module 5 sends all the electronic notes 11 deposited at its bank but issued from other Issuing Banks 1 to the Clearing Bank 3 in order to settle for the value posted to their customers' accounts.
When a withdrawal, an exchange for foreign currencies, an exchange of paper cash for electronic money, or an updating of the electronic money occurs, the Money Generator module 6, FIG. 2, creates and digitally signs electronic objects having economic value--either currency or credit notes 11 (FIG. 1)--that are to be sent to the Transaction money modules 4 through the participating bank's Teller money modules 5 in the form of a packet of electronic notes 11. As mentioned above, the electronic currency notes 11 are the equivalent of bank notes that are backed by deposits, and can be traded between Transaction money modules 4.
During the withdrawal transaction, the Teller money module 5 and the Transaction money module 4 may establish a communications link using an encrypted protocol to securely transfer the notes 11 from the Teller money module 5 to the Transaction money module 4.
Records of the notes 11 generated and conveyed by the Money Generator module 6 are sent to the local bank's Transaction Reconciliation System 22 and an Issuing Bank's 1 Money Issued Reconciliation System 23 for maintaining statistical and housekeeping functions. Records of the electronic notes 11 cleared and settled at the Clearing Bank 3 are also provided to the Money Issued Reconciliation System 23. From these compilations, a financial position of the system can be produced by the Money Position System 24.
Discrepancies and malfunctions are reported to the Security System 21 which downloads the lists of problem money modules to all money modules in the system when they are connected to the Network 25. By carrying this list, a Transaction money module 4 will be inhibited from transacting with other suspect Transaction money modules 4.
Having thus provided an overview of the preferred embodiment, there will now follow a more detailed description of the individual elements and the transactions between them.
MONEY MODULES
FIG. 3 provides several embodiments of external systems or devices for housing money modules.
In the preferred embodiment, the external system or device will typically contain data display means, data input means, data processing means, memory storage means, direct connection or contactless bidirectional communications means, and the money module packaged in a tamper-proof housing, all interfaced by suitable means for information transfer, such as are well known in the art.
As will be understood, a money module may be embodied as a modular component of any larger processing environment while still performing the same functions. For example, Transaction money modules 4 may work as co-processors embedded in personal portable computing devices like the Hewlett-Packard 95LX, or as co-processors in mainframe computers, workstations, point-of-sale terminals or telephone devices (fixed or portable) connected to a network.
A Teller money module 5 may be embodied as a co-processor in the bank's financial computer systems. The Money Generator module 6 could be a separate processing unit networked to the bank, a co-processor in a general purpose computer, or it may be combined with an Issuing Bank's 1 Teller money module 5 in a larger processor as illustrated by the unitary device 1001 of FIG. 1.
Because it is anticipated that a money module will be implemented in a separate processing device, it is assumed that corresponding interface circuitry would be provided in the host processing device to provide communication between the processing device and the money module.
Notably, all classes of money modules contemplated by the invention may be implemented programmatically or by direct electrical connection through customized integrated circuits, or a combination of both, using any of the methods known in the industry for providing the functions described below without departing from the teachings of the invention. Those skilled in the art will appreciate that from the disclosure of the invention provided herein, commercial semiconductor integrated circuit technology would suggest numerous alternatives for actual implementation of the inventive functions of the money module that would still be within the scope of the invention.
TRANSACTION MONEY MODULE
In one embodiment, the Transaction money module 4 may be imbedded in any computer of any size or use, like those serving as general purpose computers or work-stations, to provide functions not limited to E-M transaction use. This latter application will allow for such uses as real-time, off-line payments between personal computing devices, or on-line payments for network services such as information retrieval, telephone calls, or for purchasing airline tickets, theater tickets, etc.
In another embodiment, the Transaction money module 4 may be imbedded in an individual hand-held integrated circuit unit, such as a personalized hand-held computer that may be readily carried by an individual as though it were a wallet. As an illustration, the device of the preferred embodiment may include a keyboard, a pen or stylus, a touch screen or voice recognition circuitry as a data input means, an alphanumeric LCD dot matrix display as a display means, an infrared optical transceiver as a contactless bidirectional communications means, and an RJ-11 telephone jack coupled to modem circuitry as a telephonic communications means. Additionally, the device may also include various electronic processing and storage means for providing calculator capabilities, for storage and processing data of the owner, etc.
It is important to note that the particular design of the external device is not critical to the invention, and other technologies suitable for accomplishing the foregoing functions may also be used. For example, an LED instead of an LCD display panel may be used; radio, infrared, inductive or capacitive communications methods may be used instead of direct connection; optical communications methods may be used; etc.
In general, it is anticipated that any Transaction money module 4 owned by a subscriber will be embodied in a self-contained, tamper-resistant unit that contains components which are difficult to access, and thus prevent any person from improperly examining, counterfeiting or modifying any of its contents or arrangements. For example, integrated semiconductor circuits, whose contents are difficult to examine, encased in a tamper-resistant package such as that formed by an epoxy or plastic lamination may provide a high degree of physical security while providing the necessary storage, computation, timing, and other data processing functions.
However, the invention is not limited to any particular tamper-resistance means, inasmuch as there are a number of methods known in the industry for providing such security. Such tamper-resistance will also prevent the owner, who can control only some of the internal operations of the Transaction money modules 4, from certain accesses to thereby provide security from abuse to other relevant institutions and individuals.
Each Transaction money module 4 will have a way of ensuring its own association with a particular subscriber, so that its use by other individuals may be limited. In addition to the use of Personalized Identification Number (PIN) methods that are well known in the art, the Transaction money module 4 may also include means such as a fingerprint reader, voiceprint analyzer, written signature analyzer, or other so-called biometrics means, to determine the physical identity of an authorized subscriber.
Additionally, the Transaction money module 4 may utilize personalized interactive proofs using questions that only a true owner would be able to correctly answer, such as the owner's mother's maiden name, his/her favorite color, etc. Any such techniques may provide additional security for organizations, and may also be to the advantage of the authorized user since such security can protect the subscriber's data from inspection and use by someone else coming into possession of the Transaction money module 4.
Because the Transaction money module 4 can take on a variety of physical representations, it will be described by the functions performed in addition to the pertinent physical characteristics of a preferred embodiment.
Referring now to FIG. 4, a Transaction money module 4 is shown diagrammatically in block form. Specifically, a Transaction money module 4 has (1) an external interface 30 that interfaces the Transaction money module 4 to the module's data processing means, the input/output means (human interface) and the communications circuitry of the external device; (2) a session manager 31 to control and commit (i.e., finalize) or abort a transaction session; (3) a transactor 32 to manage application functions; and (4) a money holder 38 to contain and manage the electronic representations of money.
According to the invention, the following application functions may be implemented in the preferred embodiment of the present invention:
The To Subscriber application 33 performs the function of comparing the owner identification characteristics, such as a user's personal identification number (PIN) and biometrics characteristic (e.g., fingerprint, voiceprint, etc.), that are stored in the memory of the Transaction money module 4, to those of the individual who is attempting to gain access to the Transaction money module 4. After the proper ownership is verified, the Transaction money module 4 may be activated, and the user is allowed certain accesses to the Transaction money module's 4 stored contents. Messages to the subscriber, and subscriber inquiries as to the information contained within the Transaction money module 4 are also handled by this application function.
The To Teller application 34 interfaces the Transaction money module 4 to the Teller money modules 5 for initiating and performing deposit, withdrawal, loan payment transactions, and bank inquiries with such Teller money modules 5.
The Pay/Exchange application 35 supervises the sending and receiving of electronic notes 11 between Transaction money modules 4, managing the process in which the electronic notes 11 are properly "packaged" as to amount, digital signatures, etc. This application provides that the electronic notes 11 are transferred in a recognized, valid format. Notably, this is the application that allows a money module to perform payments and foreign exchanges. Without this application in the preferred embodiment, a Transaction money module 4 cannot make a payment to another Transaction money module 4.
The Tran Log Mgr. application 36 provides the management and overseeing of a log that records completed transactions undertaken by the money module. For each completed transfer of electronic money, an illustrative Tran Log records:
(1) the type of transfer (i.e., payment, deposit, foreign exchange, etc.),
(2) the date of transfer,
(3) the amount of transfer,
(4) the Issuing Bank 1 identifier
(5) the note identifier,
(6) the monetary unit,
(7) the identifier of the other money module involved in the transaction, and
for deposits, withdrawals and loan payments:
(8) the bank account number,
(9) the bank identifier, and
(10) the amount of the transaction.
In the preferred embodiment, every money module will have an identifier. A money module identifier may be thought of as the "serial number" of the money module and is never changed.
It is anticipated that a subscriber may have access to several of the fields of data stored in the Tran Log application, such as histories of the amount, date, and type of transfer. Information as to the expiration date of a certificate may also be accessed by the subscriber so that he/she will be informed as to the need to update or revalidate the money module's certificate.
The Maintain Security application 37 manages a list of money module identifiers that are known to have been generally compromised. In particular, this is a list that is distributed to each money module when it communicates with the Network 25, and is a list of money modules that have passed an invalid or counterfeit electronic note 11 or have performed acts deemed detrimental to the system.
When establishing a session between money modules, each money module checks its list of bad money modules to see if the other is an offending money module. If the other money module's identifier appears on the list, the communication is broken off.
This application also provides the process for obtaining the certificate unique to the money module, for synchronizing an internal clock, and for managing the creation of new cryptography keys.
The Note Directory 39 application performs the function of keeping track of the location, identification and value of each of the electronic notes 11 stored within the money module. A note 11, whether it is an electronic currency note or an electronic credit note, is the basic unit of electronic money. It is the electronic object representing the economic value, the electronic bits that contain the amount, expiration date, note identifier etc. (described in detail below) that gets digitally signed (described below) and encrypted when being transferred. Both electronic currency notes 11 and electronic credit notes 11 may be located by the Note Directory 39.
The Note Directory application 39 updates the current amount of electronic notes 11 (both currency and credit), after every transfer. A date-of-expiration, a note identification number and an Issuing Bank identifier is also recorded with the location of each note 11.
In summary, the Note Directory 39 keeps track of the note identification number, the Issuing Bank 1 identifier, the date-of-expiration of the note 11, the location of the note 11 as stored in the Transaction money module 4, and the current amount of the value of each of the notes 11 stored. These records are maintained for both electronic currency and electronic credit. For a credit note 11, the account number of the credit line is also maintained.
The Notes application 40 manages the storage of the representations of the electronic notes 11 themselves, both currency and credit notes 11. This application also generates the transfers when notes 11 are to be conveyed.
The Packet Manager application 41 manages the construction and formatting of a packet of electronic notes 11 that are to be transferred to another money module. For example, the Packet Manager 41 will utilize an algorithm so that the least number of electronic notes 11 are used to fulfill the requested amount of transfer, with the earliest dated electronic notes 11 being used first. Alternatively, when a packet of notes 11 is transferred to the receiving money module, the Packet Manager 41 application "disassembles" the packet, verifying the date and separating the data fields that represent the different electronic notes 11.
The formatted packet gets several data fields appended to it when electronic notes 11 are "assembled." An identifier data field provides the indicia that identifies it as a packet. Additionally, data fields for the total value of the notes 11, the number of notes 11, and the individual locations of the notes 11 are provided.
The Verifier application 42 verifies that a received packet contains valid electronic notes 11 before a receiving money module accepts them. The Verifier 42 also checks that the total amount received is equal to the sum of the electronic notes 11 that are to be transferred. If the total amount and the individual electronic notes 11 are valid, an acknowledgment is returned to allow for completion of the transfer. Otherwise, an "invalid" message is sent, and the transfer may be aborted.
Services applications that are provided fall under two categories: Clock/Timer 43 and Cryptography. The Clock/Timer 43 provides output pulses for controlling a transaction timeout, such as the time between the sending of a message and the return of a corresponding message.
As will be appreciated, when two money modules are communicating, they may be monitoring a time-out protocol. For example, after a first money module has sent a message to a second money module, the Session Manager 31 of the first money module ("A") may set a timer for a reply if the Transactor 32 indicates that a reply is required. The Session Manager 31 may also number the message sent. This number would appear in the reply message from the Session Manager 31 of the second money module ("B").
If the timer expires before the message has been received, then Session Manager A 31 will query Session Manager B 31 to determine if the transaction is still running in B. If B does not reply then Session Manager A 31 will abort the transaction. If a reply is received that the transaction is proceeding, then the timer will be reset to a new time. If A queries B a predetermined number of times without receiving a reply to the original message, then A may abort the transaction.
Separately, this application also maintains the current date and time, both for user display and for verifying that an electronic note 11 to be received is not an expired one, along with other general clock functions that are commonly used in the industry.
The Cryptography application contains a Public Key 44 operation, a Symmetric Key 45 operation, and a Random Number Generator 46. While the tamper-resistance of the Transaction money module 4 and its components makes it difficult for a person to modify the structure of the device or its contents, known cryptographic techniques are also employed to provide secure communications and payment transfers between money modules.
Public key cryptography 44, as is well known in the art, may be employed by this application to provide public key digital signatures, which are called "digital signatures" or simply "signatures" for brevity. The data in electronic notes 11, may be represented by a digital number. The electronic notes 11, are signed by digital signatures formed from this number. A digital signature can then be checked as corresponding to a particular message by anyone knowing the corresponding public key, which in the preferred embodiment would be all other money modules.
This application provides each money module with the ability to check the digital signature for authenticity. A money module receiving the digitally signed electronic note 11 can in turn sign and transfer it to others, who could also check, sign and distribute it.
Because of the "one way" nature and computational complexity of public-key digital signatures, it is thought to be infeasible to decipher and duplicate them within a feasible period of time, making such a security system resistant to forgery.
Lastly, this application also creates new public and private keys when needed.
Symmetric Key cryptography 45 provides private key algorithms that are well known in the art, for individual session security and privacy between money modules. In the preferred embodiment, this application provides encryption/decryption means in order to secure information being exchanged between two money modules.
Any well known symmetric key cryptography technique, such as the National Data Encryption Standard (DES) system or other cryptography techniques, may be provided in this application. For example, due to the increasing interest in providing cryptographically secured communications, manufacturers are providing various semiconductor integrated circuit devices which perform the encryption and decryption of data. Cylink corporation's CIDEC data encryption devices are examples of commercially available encryption/decryption circuitry that would be suitable in the present invention for this application. Due to the federally mandated use of the DES algorithm, devices such as these are widely utilized to implement that algorithm.
It is important to note that the details of the particular cryptographic methodology utilized by the money modules are not critical and are not limited to a particular cryptographic technique.
The Random Number Generator 46 generates random like numbers for creating new public/private keys for the Public Key application 44 and new private keys for the Symmetric Key 45 application. This application is utilized to vary in an unpredictable way the generation of temporary session keys.
Circuitry for providing such random number generation capability are well known in the art. For instance, a circuit utilizing a "noisy" diode may provide random values, as is well known in the industry. Random numbers may also be provided by a pseudorandom number generator circuit which implements a mathematical algorithm, such as the power-residue algorithm, that generates apparently random values from a "seed" number. The use of clocks or counters provides another often used source of random data. As will be understood, the Random Number Generator 46 may use techniques that are well known to a person of ordinary skill in the art to generate the temporary numbers, and thus need not be further described.
It should be further understood that the foregoing functions disclosed herein may be performed by known programming techniques and/or dedicated hardware and in some cases may be combination of both or shared resources from each. As may be appreciated by a person skilled in the art, many changes in form and detail can be made in dependance on specific application requirements without departing from the essential features of the money modules.
TELLER MONEY MODULE
The banking systems 20 of both the Issuing Banks 1 and the Correspondent Banks 2 interface to the system of the invention through a Teller money module 5. The Teller money module 5 may be imbedded in any general purpose computer or workstation. The particular design of the Teller money module 5, like the Transaction money module 4, may be implemented in readily known programming techniques or dedicated computer hardware, or a combination of both. As will be appreciated by a person skilled in the art, various designs of the Teller money module 5 may be employed to implement the functions described herein.
The details of one embodiment of the Teller money module 5 is shown in block form in FIG. 5. The Teller money module 5 contains many of the same components and application functions of the Transaction money module 4 described above. Therefore, the identical components will only be repeated briefly here, while the distinguishing components will be fully described. It should be noted that the Teller money module 5, like other money modules of the system, is also contained within a tamper-proof enclosure of the type common in the industry, so as to ensure the necessary security involved.
The Teller money module 5 contains an External Interface 30, a Session Manager 31, a Transactor 32 and a Money Holder 38 that perform similar functions to the corresponding components in the Transaction money module 4 described above.
Briefly, the External Interface 30 interfaces the Teller money module 5 to other processing and communications means within the Teller money module 5 host processor; the Session Manager 31 acts to control and commit (i.e., finalize) or abort a transaction session between the Teller money module 5 and another money module; the Money Holder 38 manages the storing and retrieval of electronic money; and the Transactor 32 manages the application functions of a To Teller 34, the Tran Log Mgr. 36, the Maintain Security 37, the To Bank 47, a To Money Generator 48, and the To Transaction 49.
The following list describes in brief, the applications contained in the Teller money module 5 that are functionally identical to the applications found in the Transaction money module 4:
To Teller 34: Interfaces deposit and withdrawal functions to another Teller money module 5.
Tran Log Mgr. 36: Transaction log manager for recording transaction details.
Maintain Security 37: Manages the list of compromised money modules, applies for certificates, synchronizes the clocks, and manages the creation of new digital keys.
Note Directory 39: Keeps track of the location, value and identification of notes 11 by monetary unit. Summary totals are also maintained.
Notes 40: Manages storage for the electronic notes 11 of exchange, and creates the transfers for the notes 11.
Packet Manager 41: Manages the assembly and disassembly of a packet to be transferred to a different money module.
Verifier 42: Verifies that a received packet contains valid electronic notes 11.
Clock/Timer 43: Controls transaction timeout, expiration of the validity of the electronic notes 11, expiration of the certificate, and general clock functions.
Cryptography
(i) Public key 44: used for signatures to sign and validate notes 11 and to set up a secure transaction session.
(ii) Symmetric key 45: Controls the security of a transaction session.
(iii) Random number generator 46: Generates random like numbers for new cryptographic keys.
Some of the distinguishing applications are the To Bank 47 and To Transaction 49 applications. The To Bank application 47 provides the interfacing means whereby the Teller money module 5 can perform exchanges of data for inquiries and account postings with the on-line systems of a bank. This application is also utilized for crosschecking the customer's account number with the accounts and type of transaction being requested.
The To Transaction application 49 performs deposits, withdrawals and payments to loans. This application operates whenever a Teller money module 5 is transacting with a subscriber's Transaction money module 4.
As mentioned above, a Teller money module 5 may be associated with an Issuing Bank 1 or a Correspondent Bank 2. When the Teller money module S is associated with a Correspondent Bank 2, it is utilized for intermediating deposits, withdrawals, and payments to loan accounts between a Transaction money module 4, the Correspondent Bank's 2 on-line systems, and an Teller money module 5 at an Issuing Bank 1.
When operating in an Issuing Bank 1 mode, the Teller money module 5 is used for intermediating deposits, withdrawals, and payments to loan accounts between other money modules and the Issuing Bank's 1 on-line systems. Additionally, when the Teller money module 5 is performing in an Issuing Bank 1 mode, a To Money Generator application 48 may be employed when requesting new notes 11.
Basically, the To Money Generator application 48 performs banking functions dealing with requests for electronic notes 11. It interfaces an Issuing Bank's 1 Teller money module 5 to a Money Generator Module 6.
All of the other elements performed in an Issuing Bank's 1 Teller money module 5 are essentially identical to the similarly named components and application functions described above.
MONEY GENERATOR MODULE
FIG. 6 is a block diagram illustrating the application functions of a Money Generator module 6. Money Generator modules 6 provide the mechanism that Issuing Banks 1 utilize to issue electronic money. A Money Generator module 6 is also encased in a tamper-resistant package for the same security reasons stated above for other money modules.
A Money Generator module 6 generates the electronic money (in the form of electronic notes 11, to be described in further detail below), and distributes them to other money modules through the Teller money module 5 of an Issuing Bank 1. The Money Generator module 6 includes a unique application not present in other money modules for responding to requests for electronic money. This is the Money Creator application 50.
The Money Creator application 50 creates and formats the electronic objects representing value--either currency backed by demand deposits, or credit authorizations--and digitally signs these "electronic notes 11" using public key cryptography in conjunction with its secret key, so that it may be sent to an Issuing Bank's Teller money module 5.
Notably, in a Money Generator module 6 the To Bank application 47 notifies the bank systems of any irregularities, off-loads transaction records in the Tran Log to the Transaction Reconciliation System 22 and transfers electronic notes 11 to the Money Issued Reconciliation System 23. All of the other applications of the Money Generator module 6 are identical to the similarly named applications of the money modules described above.
THE NETWORK
According to one embodiment of the invention, the individual components of the present invention may communicate over a Network 25, as shown in FIG. 7. The Network 25 will link together the Issuing Banks 1, Correspondent Banks 2, the Clearing Bank 3 and the Certification Agency 28.
Transaction money modules 4 may be coupled to the Network 25 over the telephone exchange or via special terminal facilities at bank locations (e.g., additional contactless or cable connections at an ATM booth). A communication layer will carry transaction requests (e.g., deposits, withdrawals), packets of notes 11 and new certificates securely across the Network 25. In the preferred embodiment, the Network 25 will also provide directories of financial services, and update the money module clocks and the bad money module list of all money modules.
As will be understood, the Network 25 may use well known data link or communications systems and techniques that utilize, for example, telephone lines, fiber-optic land lines, and satellites, and that include connective, timing and control software and circuitry for allowing access and transmitting digital information. The Network 25 may use commercially available protocols and operating techniques such as those set forth by the International Standards Organization ("ISO") for Open Systems Interconnect network standards. It is important to note that the particular design of the Network 25 is not critical and suitable technologies for accomplishing the foregoing data communications functions may be used.
Each entity (Banks 1 and 2, Certifying Agency 28, or Clearing Bank 3) is also assumed to have an individual local network 16, 17, 18 and a gateway to the larger system Network 25. The larger Network 25 will provide directory services for the routing of messages to connect to the appropriate local network 16, 17, 18. The local network 16, 17, 18 has the responsibility of routing messages to the correct money module or a Security Server 27. A Security Server 27 is associated with each participating bank and the Certification Agency 28, and is used for implementing the security of the system.
FIG. 7 illustrates the preferred embodiment of the Network 25 generally, indicating that money modules of any participating bank may be intercoupled to the money modules of other banks and financial institutions, or another subscriber's Transaction money module 4 via a communications link directly connected into switching and processing centers and alternatively connected to a local network 16, 17, 18 at each entity.
A money module need only identify the local network 16, 17, 18 destination (typically a bank subnetwork) for the transmission of most messages. The local network 16, 17, 18 will route the message to an appropriate money module for establishing a session. Once a session is established, the Network 25 directs all messages between the two money modules. The Network 25 also controls messages between money modules and Security Servers 27.
Transaction money modules 4 may communicate over the Network 25 for deposits, withdrawals, payments to loan accounts, updates or inquiries. The Teller 5 and Money Generator modules 6 will sign on the Network 25 periodically to update security information. The sign-on will be initiated by the money module Session Manager 31, or by the bank Security Server 27 if recertification is required or if there are changes to the bad money module list.
A bank services directory may be available to the money modules primarily for updating the electronic notes 11 and performing foreign exchange. A list of participating banks for either service will be available from the Network 25.
In the preferred embodiment, the Network 25 will provide time services to the individual components of the present invention. Transaction 4, Teller 5 and Money Generator modules 6 and Security Server 27 clocks may be updated from a Network Server 26 in the Network 25 every time that the respective money module accesses the Network 25.
Network Servers 26 may provide the money module services described below, and gateway services to the local networks 16, 17, 18. The application functions of the preferred embodiment of the Network Server 26 are shown in the block diagram of FIG. 8. The following application functions are contemplated for the Network Server 26:
(1) External Interface 56--a communications layer which interfaces to the Network 25; and
(2) Communication Session Manager 57--manages a communication session between money modules, and between a money module and the Security Server 27.
Application Services are provided by:
(3) Manage Network Sign-on 58--controls the money module Network sign-on process;
(4) Synchronized Time/Date 59--keeps money module Clock/Timer 43 services synchronized to a system time;
(5) Route Message 60--directory services for routing messages, controlling message routing during sign-on and during a money module session; and
(6) Direct to Bank Services 61--provides information on services provided by participating banks.
As will be appreciated by one skilled in the art, switching and processing centers that are known in the industry may be used to enable the networking cooperation between a financial institution and any other that is coupled to the same centers.
ELECTRONIC NOTES
We turn now to a further description of the elements of the electronic notes 11 themselves.
An electronic currency note 11 representing value is essentially an electronic object created from a transaction request (deposit or withdrawal) which is backed by demand deposits at an Issuing Bank 1. At various times and in various points of the system, the notes may appear in electrical or magnetic forms or as electromagnetic radiation. These notes 11 may be transferred over several transactions just like paper money, with the additional property of fungibility that allows the electronic notes 11 to be commuted and transferred in amounts less than or equal to the value of the note 11.
Notes 11 may be split by appending a transfer record to the note 11 and signing the note 11 using the private cryptographic key of the money module transferring the note 11. Electronic credit notes 11, however, can only be transferred once in the preferred embodiment, because it is anticipated that its receiver must deposit the credit note 11 so that the loan may be realized.
Credit notes 11, unlike currency notes 11 are drawn on a subscriber's loan account. Each credit note 11 carries the account number it is drawn on. The account may be a revolving credit or credit line on which the note 11 is drawn, operating much in the same way that a check or a credit card account works in today's banking industry. Credit notes 11 can represent a part of or all of the credit line of the account.
In the preferred embodiment, the credit notes 11 can only be transferred to another Transaction money module 4 by the owner of the account, and the receiver of a credit note 11 can only deposit it into his or her account as currency. From there, the credit note 11 is cleared with the currency at the Clearing Bank 3. The subscriber's bank recognizes the loan upon receipt of the cleared credit note 11.
When credit notes 11 are withdrawn, they do not trigger any accounting transactions in the preferred embodiment. Current credit line processing may need to be modified to keep track of the amount of the credit line in the subscriber's Transaction money module 4. Whenever the subscriber communicates with the Issuing Bank 1 maintaining the credit line, the amount of the credit line in the Transaction money module 4 is removed and replaced based on any adjustments to the credit line in the banking system 20. Total credit notes 11 plus outstanding loans must be less than or equal to the total amount of the credit line.
Electronic notes 11 are comprised of three collections of data fields, namely a Body group, a Transfer group, and a Signatures and Certificate group. The Body group of data fields includes the following information:
(1) the type of electronic note 11, i.e., whether it is a currency note 11 or a credit note 11;
(2) the Issuing Bank's 1 identifier;
(3) the monetary unit identifier;
(4) a Note identifier;
(5) its date-of-issue;
(6) its date-of-expiration;
(7) the subscriber's account number (used only for credit notes 11);
(8) the amount or value of the note 11; and
(9) the Money Generator module 6 identifier.
The Transfer group of data fields includes:
(1) a total of the number of times that the electronic note 11 was transferred; (provided for currency notes 11 only)
(2) a list of transfer records that indicate, the date-of-transfer, the amount transferred and the identification number of the receiver.
The Signature and Certificates group of data fields includes:
(1) the digital signature of the Money Generator module 6;
(2) the Money Generator module 6 certificate;
(3) a list of payors which contains each payor's signature and certificate.
The body, transfer records, the signature and the certificate of the chain of the transferred payments constitute the electronic note 11 sent. The remaining amount of the note 11 is recorded in the Note Directory 39 of the money module in which it is stored.
It is important to note that the authenticity of an electronic note 11 is determined by the validity of the digital signature of the Money Generator module 6, and the validity of the signatures of past payors (if present). Any inconsistencies in this information will cause the transfer of any electronic notes 11 to be aborted.
It is also important to note that as a security measure, a note 11 will be valid for a limited time, up to its expiration date. An expired note 11 cannot be transferred, it must be updated by transacting with a participating bank. To this end, whenever a Transaction money module 4 performs any transaction with a Teller money module 5, all of the electronic notes 11 stored in a Transaction money module 4 will be transferred to the Teller money module 5 so that the notes 11 may be replaced with updated ones before they expire. This security procedure also helps to keep offending notes 11 from being circulated broadly.
As will be understood, every time that a note 11 is transferred to another money module, a digitally signed transfer record indicating to whom it is transferred is appended. Thus, the recipient of an electronic note 11 will also receive a record of all of the past holders of the note 11.
For example, a $50 electronic note 11 may be generated, and withdrawn by a Transaction money module 4. Assuming it is transferred to other money modules in $10, $10, and $30 denominations, the recipient money modules will receive the note 11 with the transfer record identifying the first Transaction money module 4. When a recipient of the $10 note 11 transfers $5 of it to a third party, the third party receives the note 11 along with the record indicating the previous two holders. Assuming this $5 note 11 is then deposited, a record of it will be matched with other segments of the original $50 note 11 that find there way back into the banking system by the clearing and reconciliation processes of the present embodiment.
In accordance with the previous example, FIG. 51 shows how the subsequent transfer of an electronic representation of currency produces a tree-like structure of electronic representations of currency derived from the initial note produced by the money generator module. The money generator module 1003 having identifier "1" (module identifiers are contained in digitally signed certificates) produces the electronic representation of currency 1005 having a body group of data fields 1007 and a transfer group of data fields 1009. The signatures and certificates group of data fields is not shown for convenience.
The body group of data fields 1007 includes a note identifier 1011 (e.g., "12"), a money generator module identifier 1013 (e.g., "1"), an issuing bank identifier 1015 (e.g., X), a date-of-issue 1017 (e.g., 1:00:00), a date-of-expiration 1019 (e.g., 12:00:00), a note amount and a monetary unit identifier 1021 (e.g., $50). Other body group data fields such as type of note are not shown for convenience.
The transfer group of data fields 1009 includes a transfer record having a transferee identification number (e.g., "2"), a date-of-transfer (e.g., 1:00:00), and a transfer amount (e.g., $50). The transfer group data field indicating total number of transfers is not shown for convenience. The various date fields in the electronic notes are shown for illustrative purposes as being in the form day:hr:min. Other time monitoring forms (e.g., including seconds) are, of course, possible.
The electronic representation of currency 1005 from money generator module 1003 is stored in teller module 1023 having identifier "2". As part of the withdrawal of $50 by transaction module 1025 having identifier "3 |
