Login| Sign Up| Help| Contact|

Patent Searching and Data


Title:
OFF-LINE TRANSFER OF ELECTRONIC TOKENS BETWEEN PEER-DEVICES
Document Type and Number:
WIPO Patent Application WO/2012/123394
Kind Code:
A1
Abstract:
One of the various aspects of the invention is related to a method for transferring electronic tokens between two tamper-protected semiconductor modules, wherein the method is executing an off-line transaction protocol that is controlling the exchange of protocol messages between the two tamper- protected semiconductor modules including a transfer of electronic tokens (certificates) between the tamper-protected semiconductor modules via a peer-to-peer link. The off-line transaction protocol is enabling delayed-true fairness of the transaction.

Inventors:
KREFT, Heinz (Kirchenweg 28, Kiel, 24143, DE)
Application Number:
EP2012/054227
Publication Date:
September 20, 2012
Filing Date:
March 12, 2012
Export Citation:
Click for automatic bibliography generation   Help
Assignee:
KREFT, Heinz (Kirchenweg 28, Kiel, 24143, DE)
International Classes:
H04L29/06; G06F21/71; G06F21/73
Attorney, Agent or Firm:
HERMANN, Felix (Boehmert & Boehmert, Pettenkoferstraße 20-22, Munich, 80336, DE)
Download PDF:
Claims:
A method for transferring electronic tokens between two tamper-protected semiconductor modules, wherein the method is executing an off-line transaction protocol that is controlling the exchange of protocol messages between the two tamper-protected semiconductor modules including a transfer of electronic tokens between the tamper- protected semiconductor modules via a peer-to-peer link, and wherein the off-line transaction protocol enables delayed-true fairness.

The method according to claim 1 , wherein in case of an interruption of the off-line transaction protocol each tamper-protected semiconductor module autonomously terminates the off-line transaction protocol in either

- a fair state in which the transfer of the electronic tokens is either successfully completed or the initial state prior to starting the transfer of the electronic tokens is restored, or

- an unfair state for the respective tamper-protected semiconductor module in which one or more electronic tokens is/are irrevocably lost at the respective tamper-protected semiconductor module, and

wherein in case only a termination in an unfair state is possible in a respective tamper- protected semiconductor module, the off-line transaction protocol enables delayed-true fairness by providing a proof of loss of said one of more electronic tokens by the respective tamper-protected semiconductor module vis-a-vis an issuing authority that issued the lost one of more electronic tokens.

The method according to claim 1 or 2, further comprising the step of performing, after termination of the off-line transaction protocol, a separate on-line compensation procedure between the issuing authority and the re spective tamper-protected semiconductor module encountering the loss of the one or more electronic tokens, wherein the tamper-protected semiconductor module encountering the loss of the one or more electronic tokens proves its loss of one or more electronic tokens to the issuing authority using the proof of loss and receives a compensation of the lost one or more electronic tokens from the issuing authority.

The method according to claim 3, wherein the on-line compensation procedure is being based on generatability of electronic tokens by the issuing authority or on the ability to compensate in form of a fiat money account transfer. The method according to one of claims 1 to 4, wherein the off-line transaction protocol and the on-line compensation procedure in case of a termination of the off-line transaction protocol in an unfair state are executed by the tamper-protected semiconductor modules, respectively.

The method according to claim 5, wherein the proof of loss is signed by the tamper- protected semiconductor module using a signing key of the tamper-protected semiconductor module.

The method according to one of claims 1 to 6, wherein the off-line transfer protocol is of fail-stop type using timers to control timeliness of message exchange in the transaction protocol.

The method according to one of claims 1 to 7, wherein an interruption of the off-line transaction protocol and the resultant termination thereof is performed by the respective tamper-protected semiconductor module in response to a timeout.

The method according to one of claims 1 to 8, wherein in case the off-line transaction protocol is terminated after the tamper-protected semiconductor module having transferred its electronic tokens, but did not receive the expected response from the other tamper-protected semiconductor module:

- the tamper-protected semiconductor module that did not receive the expected response terminates the off-line transaction protocol immediately in a final but unfair state, in which the transferred electronic tokens are irrevocably destroyed and a proof of loss for the irrevocably destroyed electronic tokens is provided by the tamper-protected semiconductor module, and

- the other tamper-protected semiconductor module either:

- terminates the off-line transaction protocol immediately in a final and fair state, in case the other tamper-protected semiconductor module has not received the transferred electronic tokens, or

- in case the other tamper-protected semiconductor module has received the transferred electronic tokens, terminates the off-line transaction protocol after expiry of a lock timeout period in a final but unfair state, in which the other tamper-protected semiconductor module irrevocably destroys the received electronic tokens and provides a proof of loss for the irrevocably destroyed electronic tokens, in case the other tamper-protected semiconductor module has transferred change electronic tokens to the tamper-protected semiconductor module in response to receiving the electronic tokens the other tamper-protected semiconductor module.

10. The method according to one of claims 1 to 9, wherein in case the off-line transaction protocol is terminated after one of the tamper-protected semiconductor modules having transferred its electronic tokens to the other tamper-protected semiconductor module, the other tamper-protected semiconductor module successfully received the electronic tokens and returned a confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens, but the other the tamper-protected semiconductor module did not receive the expected response to its confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens:

- the tamper-protected semiconductor module having transferred its electronic tokens to the other tamper-protected semiconductor module either

- terminates the off-line transaction protocol immediately in a final but unfair state, in which its transferred electronic tokens are irrevocably destroyed and a proof of loss for the irrevocably destroyed electronic tokens is provided by the tamper- protected semiconductor module, in case it has not received the other tamper- protected semiconductor module's confirmation of receipt for the transferred electronic tokens and the optional change electronic tokens,

- terminates the off-line transaction protocol in a final and fair state or a final and unfair state, in case it has received the other tamper-protected semiconductor module's confirmation of receipt for the transferred electronic tokens and the optional change electronic tokens,

wherein the off-line transaction protocol is terminated in a final and fair state, in case the tamper-protected semiconductor modules re-contact each other and successfully finish the transaction within a lock timeout period, while otherwise the tamper-protected semiconductor module having transferred its electronic tokens to the other tamper-protected semiconductor module terminates the off-line transaction protocol in a final but unfair state after expiry of the lock timeout period, in which the tamper-protected semiconductor module produces a proof of loss for the value of the electronic tokens transferred to the other tamper- protected semiconductor module and irrevocably destroyed the change electronic tokens received from the other tamper-protected semiconductor module, and

- the other tamper-protected semiconductor module that did not receive the expected response to its confirmation of receipt for the transferred change electronic tokens either:

- terminates the off-line transaction protocol after expiry of a lock timeout period in a final but unfair state, in case the tamper-protected semiconductor modules do not re-contact each other within the lock timeout period, wherein the other tamper- protected semiconductor module irrevocably destroys the received electronic tokens and provides a proof of loss for the transferred change electronic tokens, in case the other tamper-protected semiconductor module has transferred change electronic tokens to the tamper-protected semiconductor module in response to receiving the electronic tokens from the other tamper-protected semiconductor module, or

- terminates the off-line transaction protocol in a final and fair state, in case the tamper-protected semiconductor modules re-contact each other and successfully finish the transaction within a lock timeout period.

11. The method according to one of claims 1 to 10, wherein in case the off-line transaction protocol is terminated after one of the tamper-protected semiconductor modules having transferred its electronic tokens to the other tamper-protected semiconductor module, received a confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens from the other tamper-protected semiconductor module, but the the tamper-protected semiconductor module did not receive the expected response to a further conformation message transmitted to the other tamper-protected semiconductor module for confirming the confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens:

- the tamper-protected semiconductor module having transferred its electronic tokens to the other tamper-protected semiconductor module either

- terminates the off-line transaction protocol in a final and fair state, in case the tamper-protected semiconductor modules re-contact each other and successfully finish the transaction within a lock timeout period, or

- terminates the off-line transaction protocol in a final but unfair state after expiry of the lock timeout period, in which the tamper-protected semiconductor module produces a proof of loss for the value of the electronic tokens transferred to the other tamper-protected semiconductor module and irrevocably destroyed the change electronic tokens received from the other tamper-protected semiconductor module, and

- the other tamper-protected semiconductor module either:

- terminates the off-line transaction protocol in a final and fair state or a final and unfair state, in case the other tamper-protected hardware module has not received the conformation message confirming the confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens, wherein the off-line transaction protocol is terminated in a final and fair state, in case the tamper-protected semiconductor modules re-contact each other and successfully finish the transaction within a lock timeout period, while otherwise the tamper-protected semiconductor module having transferred its electronic tokens to the other tamper-protected semiconductor module terminates the off-line transaction protocol in a final but unfair state after expiry of the lock timeout period, in which the tamper-protected semiconductor module produces a proof of loss for the value of the electronic tokens transferred to the other tamper- protected semiconductor module and irrevocably destroyed the change electronic tokens received from the other tamper-protected semiconductor module, and

- terminates the off-line transaction protocol in a final and fair state in which the transaction is considered sucessful, in case the other tamper-protected hardware module has received the confirmation message confirming the confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens,

12. The method according to one of claims 1 to 11, wherein in case one of the tamper- protected hardware modules considers the transaction successful, but the other tamper- protected hardware module terminates the off-line transaction protocol in a final but unfair state, in which the other tamper-protected semiconductor module produces a proof of loss for the main value of the electronic tokens transferred to the tamper-protected semiconductor module and irrevocably destroyed the change electronic tokens received from the tamper-protected semiconductor module, the other tamper-protected hardware module obtains a reimbursement of the the main value of the electronic tokens transferred to the tamper-protected semiconductor module from the issuing authority against the proof of loss and revealing, the identifiy of the user of the other tamper-protected hardware module

13. The method according to claim 12, further comprising the step of detecting a fraud by the issuing authority in case the main electronic tokens claimed to be lost by the the other tamper-protected hardware module are cleared with the issuing authority by another party.

14. The method according to one of claims 1 to 13, wherein the transaction protocol comprises a pairing phase for pairing the two tamper-protected semiconductor modules for a single execution of the off-line transaction protocol and comprising a mutual exchange of certificates, wherein a respective certificate identifies the respective tamper- protected semiconductor module, wherein a transaction protocol message transmitted by one of the tamper-protected semiconductor modules during the pairing phase comprises at least one of:

- a certificate identifying the respective tamper-protected semiconductor module, the certificate including the public key of the respective tamper-protected semiconductor module used by the off-line transaction protocol between the tamper-protected semiconductor modules,

- a device identifier and/or network identifier of a peer device comprising a respective one of the two tamper-protected semiconductor modules for addressing subsequent transaction protocol messages exchanged between the two tamper-protected semiconductor modules,

- one or more capability flag vectors which identifies the cryptographic schemes supported by the respective tamper-protected semiconductor module usable according to crypto -regulations applying to the transfer of the electronic tokens,

- a timestamp indicating the point in time of the generation or transmission of the respective transaction protocol message,

- a random number for establishing a transaction identifier during a secure connection establishment phase of the transaction protocol, and

- a signature to ensure integrity of the contents of the respective transaction protocol message, wherein the signature is obtained using a signing key of the respective tamper-protected semiconductor module transmitting the respective transaction protocol message.

15. The method according to claim 14, wherein the transaction protocol messages of the pairing phase are exchanged by the tamper-protected semiconductor modules using a first wired or wireless access technology, while the transaction protocol messages of the offline transaction protocol not part of the pairing phase are exchanged between the tamper- protected semiconductor modules using a second wired or wireless access technology differing from the first wired or wireless access technology.

16. The method according to one of claims 1 to 15 , wherein the tamper-protected semiconductor modules use a key establishment scheme to generate session keys for encryption of the transaction protocol messages.

17. The method according to one of claims 1 tol6, wherein transaction protocol messages exchanged in a secure connection establishment phase of the off-line transaction protocol comprise a transaction identifier determined based on random numbers exchanged between the tamper-protected semiconductor modules in a pairing phase of the off-line transaction protocol.

18. The method according to one of claim 1 to 17, wherein transaction protocol messages following a secure connection establishment phase of the off-line transaction protocol are encrypted by the tamper-protected semiconductor modules using session keys established for the given execution of the off-line transaction protocol.

19. The method according to one of claims 1 to 18, wherein the contents of the transaction protocol messages exchanged between the tamper-protected semiconductor modules in a pairing phase and a secure connection establishment phase of the off-line transaction protocol are signed by the respective tamper-protected semiconductor module using their respective signing key.

20. The method according to one of claims 1 to 19, wherein timestamps in the transaction protocol messages exchanged in a pairing phase and/or a secure connection establishment phase of the off-line transaction protocol are used by the respective tamper-protected semiconductor modules to determine channel characteristics of the peer-to-peer link, and wherein the tamper-protected semiconductor modules determine timer values of the timers controlling the timeliness of the off-line transaction protocol messages based on the channel characteristics.

21. The method according to one of claims 1 to 20, wherein the off-line transaction protocol comprises a negotiation phase in which the tamper-protected semiconductor modules exchange user certificates of the respective users of the respective peer device comprising a respective one of the two tamper-protected semiconductor modules and in which the tamper-protected semiconductor modules negotiate their ability to conduct the transfer of the electronic tokens.

22. The method according to one of claims 1 to 21 wherein in a negotiation phase of the offline transaction protocol the tamper-protected semiconductor modules exchange certificate revocation lists and update the respective certificate revocation list based on the certificate revocation list received from the respective other tamper-protected semiconductor module.

23. The method according to one of claims 1 to 20, wherein a negotiation phase of the offline transaction protocol comprises the steps of:

generating by a first of the two tamper-protected semiconductor modules a ranked suggestion list of favorite candidate combinations of atomic electronic tokens stored in the first tamper-protected semiconductor module and respective, optional change favorite candidate combinations of atomic electronic tokens that fulfill a receivable of the transaction,

transmitting the ranked suggestion list to the second, other tamper-protected semiconductor module in a transaction protocol message,

determining by the second tamper-protected semiconductor module whether one of the favorite candidate combinations of atomic electronic tokens and respective, optional change favorite candidate combinations of atomic electronic tokens out of the ranked suggestion list can be accepted in view of the atomic electronic tokens available at the second tamper-protected semiconductor module and,

if not or optionally, modifying the ranked suggestion list so as to include new favorite candidate combinations of atomic electronic tokens stored in the second tamper-protected semiconductor module and respective, optional change favorite candidate combinations of atomic electronic tokens that fulfill the receivable of the transaction, and transmitting a transaction protocol message comprising the optionally modified ranked suggestion list to the first tamper-protected semiconductor module,

selecting by the first tamper-protected semiconductor module one of the favorite candidate combinations of atomic electronic tokens and respective, optional change favorite candidate combinations of atomic electronic tokens out of the ranked suggestion list, and

transferring the atomic electronic tokens as indicated by the selected one candidate combination of atomic electronic tokens and respective, optional change combination of atomic electronic tokens out of the ranked suggestion list from the first tamper-protected semiconductor module to the second tamper-protected semiconductor module.

24. The method according to one of claims 1 to 22, wherein a negotiation phase of the offline transaction protocol comprises the steps of:

generating by a first of the two tamper-protected semiconductor modules a ranked suggestion list of candidate combinations of atomic electronic tokens stored in the first tamper-protected semiconductor module and optionally, respective change combinations of atomic electronic tokens that fulfill a receivable of the transaction,

transmitting the ranked sugge stion list to the second, other tamper-protected semiconductor module in a transaction protocol message,

selecting by the second tamper-protected semiconductor module one of the favorite candidate combinations of atomic electronic tokens and optional, respective change favorite candidate combinations of atomic electronic tokens out of the ranked suggestion list, and transferring the atomic electronic tokens as indicated by the selected candidate combination of atomic electronic tokens and optional, respective change combination of atomic electronic tokens out of the ranked suggestion list from the second tamper- protected semiconductor module to the first tamper-protected semiconductor module.

25. The method according to one of claims 1 to 24, wherein electronic tokens transferred between the tamper-protected semiconductor modules are identified by unique identifying descriptor items, and have been issued by one or more issuing authorities.

26. The method according to one of claims 1 to 25, wherein one of the tamper-protected semiconductor modules or both tamper-protected semiconductor modules check(s) online with the issuing authorities whether the one or more electronic tokens to be transferred by the respective other tamper-protected semiconductor module are black listed in a certificate revocation list of revoked electronic tokens prior to proceeding further with an electronic token transfer phase of the off-line transaction protocol.

27. The method according to one of claims 1 to 26, wherein tamper-protected semiconductor modules each use different key pairs for signing the contents of transaction protocol messages and encrypting the contents of transaction protocol messages prior to transmission to the respective other tamper-protected semiconductor module.

28. The method according to one of claims 1 to 27, wherein the transfer of electronic tokens from a first tamper-protected semiconductor module to the second, other tamper- protected semiconductor module comprises:

transmitting the transaction protocol message comprising the electronic tokens to the second tamper-protected semiconductor module, and

ensuring by the first tamper-protected semiconductor module that electronic tokens are irrevocably destroyed upon successful completion or termination of the off-line transaction protocol once having been transmitted to the second tamper-protected semiconductor module.

29. The method according to claim 28, wherein the transferred electronic tokens are part of the contents of transaction protocol messages and are separately encrypted by the respective tamper-protected semiconductor module prior to their inclusion to the transaction protocol messages

30. The method according to one of claims 1 to 29, wherein the transaction protocol messages exchanged by the tamper-protected semiconductor modules during a negotiation phase and an electronic token transfer phase of the off-line transaction protocol each comprise an electronic document that comprises information on the state of the transfer of the electronic tokens and which is part of the proof of loss provided in case only termination of the off-line transaction protocol in an unfair state is possible in a respective tamper-protected semiconductor module.

31. The method according to claim 30, wherein the electronic document comprises at least one of:

- an information on the transaction and tamper-protected semiconductor modules executing the transaction, the information being signed by a signing key of the tamper- protected semiconductor module initiating the transaction and/or counter-signed during the message exchange of the tamper-protected semiconductor modules,

- a weak deal lock delay value indicating the selected or negotiated value for a potentially later applied weak deal handling procedure,

- a first ranked suggestion list of favorite candidate combinations of atomic electronic token denominations stored in the first tamper-protected semiconductor module and respective, optional change favorite candidate combinations of atomic electronic token denominations that fulfill the receivable of the transaction,

- a second ranked suggestion list of favorite candidate combinations of atomic electronic token denominations stored in the second tamper-protected semiconductor module and respective, optional change favorite candidate combinations of atomic electronic token denominations that fulfill the receivable of the transaction,

- a selection of one of the favorite candidate combination of atomic electronic token denominations and respective, optional change favorite candidate combinations of atomic electronic token denominations selected from either the first or second ranked suggestion list,

- identifying descriptor items of the selected candidate combination of atomic electronic tokens stored in the first tamper-protected semiconductor module transferred to the second tamper-protected semiconductor module, wherein the identifying descriptor items of the selected candidate combination of atomic electronic tokens are signed by the signing key of the first tamper-protected semiconductor module,

- identifying descriptor items of the selected candidate change combination of atomic electronic tokens stored in the second tamper-protected semiconductor module transferred to the second tamper-protected semiconductor module, wherein the identifying descriptor items of the selected candidate change combination of atomic electronic tokens are signed by the signing key of the second tamper-protected semiconductor module, - a confirmation of receipt of electronic tokens signed by the signing key of either the first or the second tamper-protected semiconductor module, depending on whether the first or the second tamper-protected semiconductor module initiated the transaction, and

- a voucher in form of an affidavit usable for the compensation claim against the issuing authority.

32. The method according to claims 30 or 31, wherein a first version of the electronic document is generated within the negotiation phase of the electronic tokens to be transferred in the transaction and the electronic document is updated and exchanged by the tamper-protected semiconductor modules as part of the transaction protocol messages exchanged by the tamper-protected semiconductor modules in the negotiation phase and the electronic token transfer phase.

33. The method according to claim 32, wherein the tamper-protected semiconductor modules mutually sign and counter-sign information added to the electronic document as part of the update thereof.

34. The method according to one of claims 1 to 33, wherein at least one of the off-line transaction protocol messages exchanged between the tamper-protected semiconductor modules optionally comprises system update information for updating system parameters, data objects or software of the tamper-protected semiconductor modules of the tamper- protected semiconductor modules.

35. The method according to claim 34, wherein the system update information, data objects and firmware comprises at least one of:

- a certificate revocation list of revoked tamper-protected semiconductor module certificates,

- a certificate revocation list of revoked batch production certificates of electronic tokens,

- a certificate revocation list of revoked electronic tokens,

- a certificate revocation list of revoked certificates of issuing authorities of the electronic tokens,

- a certificate revocation list of revoked user certificates,

- a certificate revocation list of revoked certificate authority certificates, and

- firmware updates for updating the firmware of the tamper-protected semiconductor modules, and - policy rules updates for updating the policies of the tamper-protected semiconductor modules.

36. The method according to claim 34 or 35, wherein the system update information, data objects and firmware is comprised in off-line transaction protocol messages of a negotiation phase or an electronic token transfer phase of the off-line transaction protocol.

37. The method according to one of claims 1 to 36, wherein the electronic tokens are digitally signed by a respective issuing authority.

38. The method according to one of claims 1 to 37, wherein the electronic tokens are unconditionally identified, conditionally anonymous or unconditionally anonymous and the electronic tokens are atomic.

39. The method according to one of claims 1 to 38, wherein the a fail-stop of the off-line transaction protocol is caused by one of the tamper-protected semiconductor modules, if one of the following conditions is encountered:

- a storage capacity of a token memory in the respective tamper-protected semiconductor module is reaching its limit,

- the tamper-protected semiconductor modules cannot agree on a supported denomination distribution of electronic tokens for the transaction in the negotiation phase of the off-line transaction protocol,

- the electronic tokens stored in the respective tamper-protected hardware do not allow fulfilling a receivable of the transaction,

- the type of electronic tokens that is to be exchanged is incompatible within the intended transaction,

- authentication of one or more electronic tokens subject to the transfer fails at the respective tamper-protected semiconductor module,

- checking validity of a certificate by the respective tamper-protected semiconductor module fails due to the certificate being outdated or blacklisted in a certificate revocation list signed by a root certification authority, and

- an incompatibility in rules to be enforced by the tamper-protected semiconductor modules exists, wherein the incompatibility in the rules is an incompatibility between the ruled to be enforced as defined by the users, by capability flag vectors of the tamper-protected semiconductor modules, by a regulation authority, or a transaction limit of a the tamper-protected semiconductor module.

40. The method according to one of claims 1 to 39, wherein each transaction protocol message of the off-line transaction protocol comprises a header, wherein the header

- indicates the application of the off-line transaction protocol,

- identifies at least one of the contents of the respective transaction protocol message, the phase of the off-line transaction protocol to which the respective message belongs, and the respective transaction protocol message in the predetermined sequence of messages of the off-line transaction protocol, and

- identifies the version of the off-line transaction protocol executed by the respective tamper-protected semiconductor modules and the tamper-protected semiconductor modules agree on a compatible off-line transaction protocol version based on the indicated version in the header.

41. A tamper-protected semiconductor module for transferring electronic tokens between the tamper-protected semiconductor module and another tamper-protected semiconductor module comprised, wherein the tamper-protected semiconductor module is adapted to execute an off-line transaction protocol that is controlling the exchange of protocol messages between the two tamper-protected semiconductor modules including a transfer of electronic tokens between the tamper-protected semiconductor modules via a peer-to- peer link, and wherein the off-line transaction protocol enables delayed-true fairness.

42. The tamper-protected semiconductor module according to claim 41, wherein the tamper- protected semiconductor module is adapted to perform the steps of the method according to one of claims 1 to 61.

43. The tamper-protected semiconductor module according to claim 41 or 42, wherein wherein the tamper-protected semiconductor module is a tamper-protected die having a tamper-protected enclosure.

44. A device comprising a tamper-protected semiconductor module according to one of claims 41 to 43.

45. The device according to claim 44, further comprising a one or more wired and/or wireless interfaces and wherein the tamper-protected semiconductor module of the device is adapted to perform the off-line transaction protocol via wired and/or wireless peer-to-peer link using one of the device's wired and/or wireless interfaces.

46. The device according to claim 45, wherein the one or more wireless interfaces include at least one an radio -frequency identification (RFID) interface, a N e ar-Field- Communication interface (NFC), a Bluetooth interface, a WLAN interface (IEEE 802.11), a WiMAX interface (IEEE 802.16), a WIDI, WirelessHD or WiHD interface, a Wireless Gigabit Alliance (WiGig) interface, a Wireless Home Digital Interface (WHDI), a Wireless USB interface, and a mobile communications interface according to a 3GPP or 3GPP2 standard.

47. The device according to claim 45 or 46, wherein the one or more wired interfaces include at least one an USB interface, an Ethernet interface (IEEE 802.3), a PanelLink interface, a DisplayPort interface, a SATA interface, a Light Peak interface, a Thunderbold interface, a HomePlug interface, a PowerLAN interface, a Powerline Communication (PLC) interface and a Fire Wire interface (IEEE 1394).

Description:
Off-line Transfer of Electronic Tokens between Peer-Devices

1.1 TECHNICAL BACKGROUND

Since the late 1970s, a variety of schemes has been proposed to allow payments of services and goods to be effected across computer networks. The arrival of the Internet pushed these schemes by removing many obstacles helping to interconnect using the network of networks . Part of the evolvement results in relationships Business-to-Consumers (B2C). This is now part of the electronic commerce (eCommerce), meaning to sell goods and services to consumers. The success of electronic commerce is closely related to the success of electronic retail payment instruments suitable for transactions in cyberspace. Another part of this evolution process is the shift of Business-to-Business (B2B) relationships of trade companies to electronic on-line marketplaces.

The proliferation of digital networks, mobile phones, and handheld wireless devices is a boom referring to transactions carried out with the assistance of Internet Communication Technology (ICT) services. Smartphones, PDAs, or laptops can be used nowadays to access services available through the Internet. Any electronic payment system able to fulfill the needs of B2B and B2C conforming to mobile commerce (mCommerce) has the potential to become a very large payment technology. The evolution process has involved a move from the physical transfer of tangible, materialized tokens of value-like coins and bank notes to an exchange of information between parties. The recent availability of ultra-high -speed mobile networks has greatly enhanced the opportunity to use this infrastructure. Although the shift from physical to virtual payments and the broader availability of flat rates has brought enormous benefits to consumers and merchants; it increases the pressure on payment technology providers to invent user-friendly, secure, and robust Digital Cash based solutions. This is the point where most security payment protocol designs come into play, because (and that is not really surprising) digital information can easily be copied even in protected applications, if the attacker is able to find a way to capture the embedded secrets stored in hardware or transferred over a telecommunications channel (see for example D. Chaum and T. P. Pedersen, "Wallet Databases with Observers," Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, 1993; or I. Ray and I. Ray, "An Anonymous Fair Exchange E-commerce Protocol", Proceedings of the International Workshop on Internet Computing and ECommerce, ed: IEEE Computer Society, 2001, pp. 172-179). The use of a Hardware Security Module (HSM) in combination with an algorithmic secure transfer protocol limits this ability by combining physical security with strong cryptography. Integrating security from the very early beginning of the design- cycle is essential. Basic approaches follow maxims like: The design of payment systems should be done in a way that achieves a maximum of fairness, information from one compromised eWallet (an electronic device that consists at least of a secure money purse chip with integrated and external non-volatile storage. The integrated non-volatile storage is used to store the secret data, the external memory stores electronic Coins and other encrypted objects) shouldn't be useful in compromising other eWallets,

countermeasures to security threats should be treated like an insurance police,

grade of system security protection needs to be defined by the cost of breaking it versus the achievable profit and the resulting damage potential to the system itself.

1.1.1 Money and Cash Terminology

What is Digital Cash? Unfortunately, many of the schemes that the popular press frequently refers to as "Digital Cash" are actually not cash (for example see S. Brands, "Electronic cash on the Internet," presented at the Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95), 1995; D. Chaum, et al., "Untraceable Electronic Cash," in Advantages in Cryptology / Crypto '88, 1988, pp. 319-327; or J. Schmidt, et al., "1st elektronisches Bargeld realisierbar?", in VIS proceedings 1999, ed Braunschweig: DuD Fachbeitrage, 1999, pp. 1-18). A system providing only little more than yet another commercial transaction mechanism by adding a secure transmission capability for credit card numbers over the Internet which is not much of a financial innovation in comparison to Digital Cash. Most examples of electronic banking do not involve a different form of money, but instead simply represent a different way in accessing traditional financial (banking) services, extending the supply chain.

The terminological confusion found in many publications regarding matters related to Digital Cash, the field of ePayment (electronic payment) and eMoney (electronic money) should be explained. Most of them are using a vocabulary not rigidly defined, originated from the fact that these systems are being designed for execution by use of intelligent hardware like autonomous eWallets on one hand and software-only systems designed for electronic Internet transfers on the other. Such generalization tends to blur the distinction between Digital Cash and electronic banking in general. One can get easily confused in matters relating to word origins and actual meanings. The following table shows definitions as used in this document.

Electronic Money, Cash or eMoney These are generic definitions for all means of payment in the digital space.

Physical Money, pMoney or pCash They always mean physical coins and physical bills

functioning as legal tender.

Digital Cash or eCash These terms are a slight modification of eMoney mimicking the behavior of physical money. They are not legal tender, namely, money issued by the state and designated as legal tender for the payment of taxes and other debts, but technically they could declare them as eCurrency. Electronic Currency or eCurrency They always mean eCoins and eBills acting as legal tender legalized by a central bank, comparable to or serving as digital banknote. To date, such surrogate of pMoney is only theoretical fiction and does not exist in any country. The only thing to make this happen is for a central bank to officially adopt a Digital Cash scheme, so that digital tokens are going hand-in-hand with physical cash, both central bank-issued tokens.

Table 1 : Different modifications in definitions for money and cash.

1.1.2 Challenging Success Factors of Digital Cash

In literature of eCommerce and ePayment, special wording serving the specific needs, is often being used within the community. To clarify their importance and meaning some terms frequently used herein, inter alia include:

the electronic wallet (e Wallet),

the transfer of the electronic coins (eCoins),

aspects of the protocol,

privacy and confidentiality,

fairness,

possible ways to counterfeit electronic coins,

redemption and risk-management.

To state this in advance, it will be shown below that the system and methods for transferring electronic tokens, in particular when the electronic tokens are electronic coins, allows for using electronic coins in an anonymous way, and ensures that they are transferable free of repudiation to support the ability of sending and receiving money, and that the money exchange can be conducted in a safe way and with good rigidity against misuse. These factors also apply to traditional cash, which explains it's general acceptance. One of the manifold objectives of this invention, when applying it to the Digital Cash context, is showing how to make the transition to a highly sophisticated secure electronic form of Digital Cash, without sacrificing the unique qualities of physical cash.

1.1.3 Kinds of contactless Mobile Payment Models

Payments for goods or services initiated from an eWallet based mobile phone or smartphone, PDA or any other (mobile) device are termed mPayment. In consistency with the banking industry's public definition there are two kinds of mobile payments:

remote mobile payments and

proximity mobile payments.

Most mobile eWallets are currently expected to be used in combination with a smartphone. As they may be equipped with various types of communication interfaces, a flexible adaptation is desirable to utilize them as communication channel. Figure 1 depicts the available possibilities to set up such connections using different pairing constellations.

Short-range wireless or proximity mobile payments are defined as wireless payment operations ranging in a broadcast-domain ad -hoc topology. Most proximity mobile payments are expected to be made at both, attended Point-of-Sale (PoS) locations (such as stores), and unattended locations (such as vending machines), using an existing merchant's payment infrastructure, including local direct peer-to-peer connections between two gadgets with their attached eWallets. To pay, the user simply brings his mobile eWallet with the other user's eWallet or the contactless payment enabled PoS system to within a few inches, and the transaction occurs. The technical range of a proximity system is typically below 10 meters, the Near Field Communication (NFC) or Radio Frequency IDentification (RFID) named range typically less than 10 cm. This is the case if someone is shopping in a mall wanting to checkout with selected goods or services at a Point-of-Sale (PoS). Excluding the cases with nobody sitting at the cash desk or the customer being the only person waiting for service, the customer himself is in a queue standing with other customers waiting for the pay-up. In these situations, a single eWallet-to-e Wallet enabled payment will be sufficient. This payment model is a penurious one using queues: Multiple clients are trying to pay at a single cash desk by waiting in a queue condition.

Using a local ICT infrastructure, an underlying network needs to support multiple payers to connect to the eWallet operated access (gate/touch) point. A good representative of such situation is a payment gate where masses (even hundreds or more) of transactions have to be processed in a few seconds. In most cases this involves broadcast domain collisions in the cell of a LAN or Personal Area Network (PAN). According to the statistics one has to provide enough bandwidth within the collision domain and available eWallet (service) resources in standby state to satisfy the average demand of the requests and to prevent from deceiving the customers. Important design aspects are for example the speed of a payment transaction and the number of concurrent payment actions. The operating mode commonly is an ad-hoc network configuration (in contrast to an infrastructure-based one) to allow for rapid contacts between payment parties. Mostly, both contracting parties are sojourning in the same room or meeting within a distance of less than 50 meters. In most cases a range of 2 meters is sufficient. This prevents customers from moving away after having established a pairing and before the termination of the protocol-execution.

Long-range wireless or remote mobile payments are defined as wireless payment operations ranging in a single-cast environment by phone number and/or MAC/IP or other means of identification. Practical use cases for remote mobile payments may include physical good purchases from a web merchant or payments for digital goods (and/or (cloud) services). Remote mobile payments are ideal to be used in markets requiring person-to-person payments and for under-banked consumer and merchant environments. To transfer money, a user simply initiates a P2P Internet connection using his mobile gadget and the counterpart authorizes the transfer. In contrast to the previous local model, the scope of remote payments is a global one. This payment situation arises if both peers have to connect over long distance. The Internet, mobile radio services, or leased line based networks will be mostly used in such situations.

1.1.4 Anonymity

One distinguishing feature between account-based and pre-paid coin systems is the anonymity a token-based system can provide to its users. In contrast, account-based systems by design need to identify the system users and their transactions. As with identified eMoney, both, off-line and on-line, the bank always can reconstruct the path the cash has taken through the economy. Reasons for anonymity are manifold. Although anonymity is addressed by several payment mechanism schemes, nearly none of them provides this feature satisfactorily (see H. Neumann and B. Fay, "Anonymitat in digitalen Munzsystemen mit Wechselgeld," in GI Jahrestagung (Schwerpunkt "Sicherheit - Schutz und Zuverlassigkeit"), 2003, pp. 317-327).

Only off-line and anonymous eMoney has the ability to hide the transaction trail (if the eMoney is not multiply spent). In the (standard) case, the bank can neither determine the identity of the original spender, nor can it reconstruct the travel path. Most existing procedures to provide anonymity are based on digital blind signatures (see D. Chaum, "Blind signature systems," in Crypto 83, 1984, pp. 153-158; and US 4,759,063 to D. Chaum). They offer only conditional anonymity in order to reveal anonymity in case of multiple spending or other (fraud) cases and furthermore are lacking multi-hop ability, i.e. after one transfer of an electronic token the electronic token has to be cleared with the bank, thereby revealing the movement of the electronic token to the bank, hence removing anonymity. 1.2 SUMMARY OF THE INVENTION

One of the objects of this invention is to provide a method for transferring electronic tokens between peer-devices. Another object of the invention is to suggest the design of a transaction protocol that allows for a peer-to-peer transfer of electronic tokens between peer-devices. Furthermore, it is another object to suggest a transaction system/transaction protocol in which the electronic tokens can be transferred from device to device without increasing their size. An additional but optional object is to allow the parties of a transaction to stay (unconditionally) anonymous in the transaction protocol. Further objects of the invention are related to the design of a tamper-protected semiconductor module usable for transferring electronic tokens between peer-devices.

One of the various aspects of the invention is to suggest a protocol capable to transfer electronic tokens between two tamper-protected semiconductor modules using a peer-to-peer link. The protocol is designed to transfer the electronic tokens without requiring inter-action with a (trusted) third party. Hence, the transfer of the electronic tokens can always be regarded as an off-line transaction between two tamper-protected semiconductor modules, for which reason the protocol is also referred an offline transaction protocol. A variety of triggers/events may cause an interruption of the off-line transaction protocol, which will lead to a termination of the off-line transaction protocol in either a fair state for tamper-protected semiconductor modules (respectively their users) or rarely in an unfair state for the tamper-protected semiconductor modules. The tamper-protected semiconductor modules may be implemented in peer-devices for example.

In case of a successful transfer of the electronic tokens between the two peer-devices, i.e. terminating the off-line transaction protocol without interruption prior to the end of the protocol-run, the off-line transaction protocol is of course fair to both parties of the transaction. However, in case of an interruption prior to the expected end of the off-line transaction protocol's run (e.g. due to a channel break of the peer-to-peer link, incompatibility of the change electronic token type, expiry of certificates, or other sources of errors), the off-line transaction protocol may terminate in an unfair state, but still offers the possibility to prove the loss of electronic tokens in a later compensation procedure, thus establishing de-facto delayed fairness to both parties of the transaction. The compensation procedure may be performed on-line or off-line, respectively. The separation of the fairness reconstruction (by means of the compensation procedure) from the off-line transaction protocol for transferring the electronic tokens enables de-facto off-line transactions between two peer- devices via a peer-to-peer link, and ensures delayed fairness to the transaction by means of separate compensation procedures for an incidental dispute resolution.

Accordingly, one embodiment of the invention is related to a method for transferring electronic tokens between two tamper-protected semiconductor modules. The method executes an off-line transaction protocol that is controlling the exchange of protocol messages between the two tamper-protected semiconductor modules including a transfer of electronic tokens between the tamper-protected semiconductor modules via a peer-to-peer link, wherein the off-line transaction protocol further enables delayed-true fairness.

In a more detailed exemplary embodiment of the invention, in case of an interruption prior to the expected end of the protocol-run of the off-line transaction protocol, each tamper-protected semiconductor module autonomously terminates the off-line transaction protocol in either

a fair state in which the transfer of the electronic tokens is either successfully completed or the initial state prior to the transaction is restored, or

an unfair state for the respective tamper-protected semiconductor module in which one or more electronic tokens irrevocably lost at the respective tamper-protected semiconductor module.

In case a termination of the off-line protocol is possible only in an unfair state of a respective tamper- protected semiconductor module, the transaction protocol enables delayed-true fairness by providing a proof of loss of one or more electronic tokens by the respective tamper-protected semiconductor module vis-a-vis a third party. In one example, the third party is an issuing authority that issued the one or more electronic tokens that have been lost. As mentioned above, the off-line transaction protocol may terminate in an unfair state. For the reconstruction of fairness, it may therefore be advantageous, if the parties of the transaction (i.e. the tamper-protected semiconductor modules) use a mechanism that allows for proving the loss of any electronic token to a third party in a (later applied) fairness reconstruction process. According to one further aspect of the invention, this proof of loss is provided by means of a so-called electronic document (eDoc) which can be considered a non-repudiation token to ensure non-repudiability of the transaction. In one exemplary embodiment of the invention, the transaction protocol messages exchanged by the tamper-protected semiconductor modules during a so-called negotiation phase and a so-called electronic token transfer phase comprise an electronic document which includes information about the state of the transfer of the electronic tokens and which is part of the proof of loss provided in case the off-line transaction protocol terminates in an unfair state at a respective tamper-protected semiconductor module.

According to another exemplary embodiment, the first (initial) version of the electronic document is generated within the negotiation phase of the electronic tokens to be transferred in the transaction. The electronic document will be updated and exchanged by the tamper-protected semiconductor modules as part of the transaction protocol messages exchanged by the tamper-protected semiconductor modules in both, the negotiation phase, and the electronic token transfer phase. The tamper-protected semiconductor modules may e.g. mutually sign and counter-sign information added to the electronic document as part of the update thereof.

Another aspect of the invention is the provision of a tamper-protected hardware for use in the transaction system described herein As to the functionality of the tamper-protected hardware, same may be inter alia responsible for executing the off-line transaction protocol according to one of the various embodiments described herein in a tamper-protected environment, which is one important security aspect of the system. Optionally, also the error handling of the off-line transaction protocol (for termination in case of an interruption prior to the expected end of the protocol-run) and/or the fairness reconstruction procedure for dispute resolution may be functionality provided by the tamper- protected hardware. The respective functionality may be provided by the firmware, or may be provided in some dedicated hardware of the tamper-protected hardware.

In this description, it will be referred to (tamper-protected) semiconductor modules and/or (tamper- protected) hardware modules. A semiconductor module is denoting the packaged hardware module (chip). In one exemplary implementation, a semiconductor module is obtained by bonding a hardware module on a circuit carrier and packaging the bonded hardware module into a casing box. A hardware module could be, for example, implemented as a chip, a die or a multi-die. A tamper-protected semiconductor module may also be referred to as a Hardware Security Module (HSM).

Accordingly, another embodiment of the invention provides a tamper-protected semiconductor module for transferring electronic tokens between the tamper-protected semiconductor module and another tamper-protected semiconductor module. The tamper-protected semiconductor module is adapted to execute an off-line transaction protocol controlling the exchange of protocol messages between the two tamper-protected semiconductor modules and which includes transfers of electronic tokens between the tamper-protected semiconductor modules via a peer-to-peer link, and wherein the off-line transaction protocol enables delayed-true fairness.

In one exemplary embodiment, the tamper-protected semiconductor module is a tamper-protected chip, die or multi-die. In another exemplary embodiment of the invention, the tamper-protected module is implemented in a tamper-protected integrated circuit (IC). The tamper-protected IC may be implemented as a tamper-protected die having a tamper-protected enclosure.

Furthermore, another embodiment of the invention is also related to a hardware or device comprising a tamper-protected semiconductor module of a hardware module according to one of the various embodiments described herein. The device may optionally further comprise one or more wired and/or wireless interface(s) and wherein the tamper-protected semiconductor module of the device is adapted to perform the off-line transaction protocol via wired and/or wireless peer-to-peer link(s) using one of the device's wired and/or wireless interfaces, or using an external (mobile) device with Internet access to serve as Internet gateway or access point for other devices (such a mechanism is also referred to as tethering).

1.3 BRIEF DESCRIPTION OF THE FIGURES

In the following the invention is described in more detail in reference to the attached figures and drawings. Similar or corresponding detail in the figures is marked with the same reference numerals.

Figure 1 illustrates the options of pairing (proximity and remote pairing) of peer-devices, Figure 2 shows an exemplary PKI infrastructure for use in a transaction system according to an exemplary embodiment of the invention, the PKI infrastructure based on the standard ITU-T X509, version 3,

Figure 3 shows another simplified PKI infrastructure for use in a transaction system according to an exemplary embodiment of the invention,

Figure 4 shows an overview on the exchange of protocol messages between two peer-devices according to the off-line transaction protocol of an exemplary embodiment of the invention for protocol case [a],

Figure 5 shows the exchange of protocol messages between two peer-devices according to the off-line transaction protocol of an exemplary embodiment of the invention for protocol case [a], Figure 6 shows the exchange of protocol messages between two peer-devices according to the off-line transaction protocol of an exemplary embodiment of the invention for protocol case [b],

Figure 7 shows the flow of messages in the Pairing Phase of the proposed off-line transaction protocol according to an exemplary embodiment of the invention,

Figure 8 shows the flow of messages in the VPN/VPC Setup Phase of the proposed off-line transaction protocol according to an exemplary embodiment of the invention,

Figure 9 shows the flow of messages in the Negotiation Phase of the proposed off-line transaction protocol according to an exemplary embodiment of the invention,

Figure 10 shows the flow of messages in the Value Data Transfer Phase of the proposed off-line transaction protocol according to an exemplary embodiment of the invention,

Figure 11 shows the flow of messages in the Confirmation Phase of the proposed off-line transaction protocol according to an exemplary embodiment of the invention,

Figure 12 shows an exemplary state decision tree for the protocol case [a] of the proposed off-line transaction protocol according to an exemplary embodiment of the invention,

Figure 13 shows an exemplary state decision tree for the protocol case [b] of the proposed off-line transaction protocol according to an exemplary embodiment of the invention,

Figure 14 shows a table summarizing all possible protocol state pairs of the two transaction partners upon an interruption and in the success case of the proposed off-line transaction protocol for the protocol case [a] and the respective operations performed by the respective transaction partners,

Figure 15 shows a table summarizing all possible protocol state pairs of the two transaction partners upon an interruption and in the success case of the proposed off-line transaction protocol for the protocol case [b] and the respective operations preformed by the respective transaction partners,

Figure 16 exemplifies the state transitions of a CASTOR in form of a Mealy automat, executing the off-line transaction protocol according to an exemplary embodiment of the invention,

1.4 DETAILED DESCRIPTION

In the following different aspects of the invention will be described with respect to various exemplary embodiments that - to the largest extend - will refer to the Digital Cash/eCash context, i.e. the transfer of electronic coins between two peer-devices. However, it should be noted that the various aspects of the invention are not limited to a Digital Cash/eCash context, as it will become apparent from the following description. Furthermore, besides the definition of a protocol that allows the transfer of electronic tokens between two peer-devices (also referred to as "off-line transaction protocol" or "teleportation" herein) - which is of course one aspect of this invention - a further idea that may be subject to a separate invention is referred to as an "aspect of the invention" herein. Further aspects of the invention include design aspects of a tamper-protected hardware usable for transferring electronic tokens among two peer-devices, the provision of a special format of an electronic document comprising information on the transaction and its state of termination for the purpose of providing proofs, non-repudiation aspects, the grade of commitment and evidence etc. However, the aspects of the invention are not limited by this non-exhaustive list of aspects. Please note that for all cases where certain functionality is provided by some piece of hardware according to one of the various aspects of the invention herein, the invention also envisions protection for methods and systems making use of such piece of hardware.

1.4.1 Terminology

In the following paragraphs the meaning of some terms, frequently occurring in this document, will be defined before describing the various aspects of the invention in further detail.

1.4.1.1 Electronic Tokens

In this document, the term "electronic token" is used to denote an asset, liability, securitization of debt as a principle of an originate-to-distribute model, or secrets that are represented in a digital format, e.g. in form of a digital certificate. With respect to the different embodiments of the off-line transaction method discussed herein, being able to transfer any type of asset, liability, securitization of debt as a principle of an originate-to-distribute model, signature transfers or secrets represented in digital format, the following is only an non-limiting exemplary list of assets, liabilities, securitization of debt as a principle of an originate-to-distribute model or secrets representable by the electronic tokens.

It should be apparent that the "means of exchange" used so far in the described system are financial instruments like Euros (€), Dollars ($), or any other national currency. The invention is however not limited to exchange only electronic tokens of such format (eCoins). As mentioned previously, the electronic tokens may represent anything that can be represented electronically (e.g. in form of a certificate) in the physical or virtual world like provision of services, such as for example a digital representation of money (i.e. coins and bank notes of one or more arbitrary currencies (fiat money)), natural resources or goods e.g.

- metal (e.g. precious metal like platinum, gold, silver, copper), etc.,

- renewable raw materials (e.g. eggs, pigs, cows, field crops like corn, rice, wheat, vanilla, saffron, cocoa), etc.,

- biogas, not renewable resources like (raw) oil, diamonds, sapphires, rubies, crops, coals, fossil gases, etc., - properties (e.g. parts of accounted dependencies like forestry trees in south America, estates and landholding), supplies, provisions, inventories and deposits of petroleum, minerals, water, etc.,

- services (e.g. (the receipt of) natural gas, petrol, oil, water, electrical power and their disposal), etc.,

- properties already confirmed by documents (e.g. shares/stocks/pensions, or rights, tickets (cinema, public transport, train, bus or flight tickets, sport event, media libraries, eBooks)), etc.,

- licenses and cryptographic key exchanges (e.g. in form of license keys for software applications, decryption keys for streaming multimedia, digital content license for eBooks, music, videos), etc.,

- guarding medical records, soiling certificates (e.g. C0 2 ), or even as replacements for physical keys as used for doors, cars, office cupboards, etc,

- any kind of vouchers, etc.

Moreover, it is assumed that the electronic tokens are provided in form of certificates that are issued by an issuing authority. Please note that there may be multiple issuing authorities of electronic tokens in the system, and electronic tokens of different issuing authorities may be the receivable in a transaction. In essence, the asset, liability, securitization of debt as a principle of an originate-to- distribute model or secret subject to a respective electronic token (and the - optional - remaining contents of the electronic token), is signed by the issuing authority.

Each electronic token can be checked and tracked down the chain of trust against the root certificate (also called Type-VI certificate herein) of the Root Certification Authority (RCA) as provided in the underlying hierarchical Public Key Infrastructure (see for example IETF RFC 3280,„Internet X.509 Public Key Infrastructure, Certificate and Certificate Revocation List (CRL) Profile", available at http://www.ietf.org or ITU-T X.509, "Information technology - Open systems interconnection - The Directory: Public-key and attribute certificate frameworks", 2008 available at http://www.itu.int). As it will be outlined below, in one exemplary embodiment of the invention, the public key part of the signing key of the Root Certification Authority may be provided immune against counterfeit in the tamper-protected hardware module (e.g. in a ROM or EEPROM, "hardcoded" integrated circuit (IC) or other hardware structure thereof), so that even in case of attacks against the system, a manipulation can be detected by checking a certificate down the chain of trust to the root certificate. Depending on the application of the invention, the Root Certification Authority and the issuing authority may be or may not the same authority.

In one exemplary embodiment, the electronic tokens are unconditionally identified, conditionally anonymous or unconditionally anonymous. In another example, the electronic tokens are atomic.

In some embodiments of the invention, each electronic token has a validity period (i.e. a date and/or time when it will expire). In other embodiments of the invention, an electronic token has both, a validity period and a transferability period (indicated by the date and time of its expiry). The electronic tokens may be transferred freely from one device to any other device (i.e. there may be more than one transfer before an electronic token is cleared) within the transferability period, while expiry of the transferability period the electronic tokens need to be cleared directly with the issuing authority (eMint).

As it will become more apparent from the following, the different embodiments of the off-line transaction protocol described below are capable to transfer electronic tokens between two peer- devices (or more precisely, between two tamper-protected semiconductor modules comprised in the respective peer-devices/hardware or between one tamper-protected semiconductor module and a protected electronic minting/issuing service institution/authority).

1.4.1.2 Type of Transfer

Within this document, the definition of the terms "on-line" and "off-line" is tied to the model of how the transaction is done and not to the technical way of transmission. In brief, "off-line" means some given transactions can be performed between two peer-devices directly without requiring any interaction with a (trusted) third party. An "off-line" transaction of electronic tokens thus manages the whole transaction between two peer-devices as peer-to-peer (P2P) relationship process. This means a user of a peer-device can freely pass an/the electronic token(s) to another party (another peer-device) without involving a third party. Off-line transfers do not need an external service (e.g. provided by a (trusted) third party acting as a fairness arbiter) to execute the transaction protocol, but the electronic tokens are transferred between two peer-devices.

In contrast, the term "on-line" means the involvement of a (trusted) third party in a given transaction. An "on-line transaction" hence means: There is the need of a (trusted) third party as a service institution (which may be an intermediate clearer) in order to conduct the transaction. Some of the biggest obstacles of an on-line transfer of electronic tokens include the impossibility to transfer the electronic tokens, if the service is down or unreachable and, that an anonymous transfer of electronic tokens is impossible due to the case the service based on the ability to identify one or more transaction partners.

1.4.1.3 Non-repudiation

In general, non-repudiation is not an essential requirement for fair transaction protocols, offering payer and payee dispute-free message transmission. As will be explained in detail below, non-repudiation elements need to be a part of the off-line protocol and are part of the out-of-transaction protocol dispute-resolving-mechanism, that handles the occurrence or non-occurrence of claimed events or actions in order to enable the settlement of disputes after a failed transaction.

Both, the protocol originator, which receives its Non-Repudiation of Receipt (NRR) evidence, and the recipient, which receives his message together with the Non-Repudiation of Origin (NRO) evidence (this process is also called evidence collection during the protocol-run) have that at the end after a correct and complete exchange, or none of them receives any valid evidence. Non-repudiation is composed of four distinct phases: The evidence generation, the transfer and storage of its messages, their verification, and the disputes resolution. Following important non-repudiation services are distinguished (see ISO/IEC 13888-3, section Information technology - Security techniques - Non- repudiation - Part 3: Mechanisms using asymmetric techniques; edition 2.0, 2009, p. 14).

Consider for example the following paradigmatic scenario of a transaction between two users, referred to as Alice and Bob. Bob, the merchant, wishes to be able to prove that Alice authorized the electronic transaction in order to ensure Alice will not attempt to deny it later. Bob may also want an assurance that Alice has the funds to pay and an assurance that the money will be transferred to him. In some circumstances both, Alice and Bob may also wish to avoid revealing the fact of the transaction against third parties. Meanwhile, Alice wishes to ensure that unauthorized payments are impossible, so Bob cannot deny having received her payment, and that the fact of transaction is private.

To achieve this, every transaction needs to be permanent. This means no one is able to reverse the transaction and take the money back. Nobody will honor any request to undo the transaction performed by an authorized user. The only way of getting the money back: The recipient has to spend it back to the electronic wallet it originated from. If the payer is uncertain, whether the payee electronic wallet's identification he entered or selected is correct, a direct payee contact for confirmation of the correct electronic wallet identification is the only way. If there is any reason to doubt whether the payee will deliver the goods or services being promised, a trusted third party needs to be engaged to serve as an escrow agent (i.e. the dispute resolution is not part of the transaction protocol).

NRR and NRO capabilities prevent and/or protect the payee and payer against acting/suffering dishonest in a transaction against any false denial a particular event or action has taken place and provides trust to the transaction system. In general, NRR and NRO capabilities ensure that an agreed contract cannot be denied later on by any of the involved parties (payer or payee), once the payment has been given or granted from one party to the other. The payer (or the issuing authority) has no technical means to force the recipient to 'undo' the transaction. In the financial world such behavior is known as 'final payment'. It is a must to resolve as many conflicts as possible automatically within the exchange system itself, thus increasing the degree of fairness. This may be very easily achieved for face-to-face agreements; however, for remote transactions it is not. The challenging part of non- repudiation is to hinder one of the implied entities to cheat. To ensure this when Alice sends some information to Bob, neither Alice, nor Bob can deny having participated in partially or entirely in this communication; meaning it can be verified respectively, who the sender and who the recipient were (in fact the parties, which claimed to send or receive the message). In other words: NRO proves data has been sent, and NRR proves it has been received. Without guaranteeing a fair exchange of electronic tokens against a receipt within the transaction protocol, nobody would want to use that system. As it will become more apparent from the following, non-repudiation is supported in the transaction system proposed herein by, explicitly:

binding payer and payee with evidence objects (electronic document - eDoc) to the transaction, blocking potential fraud attempts by trying to repudiate the transaction,

- supporting the legal right system by creating evidence,

validating evidence referring to the transaction,

assuming a state of mutual distrust for both/all parties involved in a transaction,

resolving disputes about a transaction by generation of valid irrefutable provable evidence, realizing a fair exchange of electronic tokens by using an "electronic token for a receipt" paradigm.

1.4.1.4 Delayed-true Fairness and its Implication on Fairness Restoration

In non-electronic, traditional scenarios, fair exchange can be easily achieved by a physical exchange over the counter, or by fixing the terms in a contract, while settling arising disputes at court or real- world notaries. In the digital world, the transaction procedure needs to implement and guarantee fair exchange of electronic tokens.

Consider an exemplary case where Alice wants the transaction to be fully anonymous - not even Bob should know Alice's identity. In this case, however, Bob wants to ensure that Alice remains unable to disavow the obligation to pay. If the transaction is entirely electronic, each of the parties will need a mechanism to ensure the other party will pay what is required. In an ideal fair exchange world, both parties involved in the transaction for conducting a payment either receive each other's electronic tokens (i.e. at the end of the protocol-run both parties have what they want) or nothing (i.e. they are in the same state as before execution of the protocol). An off-line transaction protocol implementing an "electronic token payment for a receipt" -transfer ensures non-repudiability is therefore desirable.

As outlined below in further detail, according to one aspect of the invention, the dispute resolving mechanism (also referred to as fairness reconstruction procedure or mechanism) is not part of the offline transaction protocol for transferring the electronic tokens between the peer-devices, which in turn implies that the termination of the off-line transaction protocol in an unfair state to one or both parties (originator and recipient) of a transaction is possible. The non-repudiation property is important for the dispute resolving mechanism, which is independent from the off-line transaction protocol. The dispute resolving mechanism is an on-line or off-line procedure which "recreates" fairness to both parties of the transaction. As fairness for the parties to a transaction is established after termination of the offline transaction protocol between the peer-devices (i.e. upon the protocol-run of the off-line transaction protocol having ended), the delayed-true fairness is achieved. To ensure non-repudiation, the off-line transaction protocol provides the parties of the transaction with valid irrefutable evidence after completion of the protocol without giving a party an advantage over the other at any stage of the off-line transaction protocol-run.

Considering the exemplary case in which a recipient sent a reply to provide the originator of a transaction with sufficient evidence of receipt, there are two possible reasons such reply doesn't arrive at the originator:

the reply has been sent, however, hasn't been delivered for some reasons or

the peer-device of the recipient doesn't follow the given off-line transaction protocol intentionally or accidentally.

From the originator's perspective these two situations are indistinguishable. The recipient may repudiate the receipt of a message even if it was received by untruly claiming a communication channel failure.

The off-line transaction protocol (being one of the various aspects of the invention) discussed below in further detail acts optimistically in terms of allowing the exchange of electronic tokens without involving a (trusted) third party (as a fairness arbiter) unless one of the parties behaves unfairly (i.e. by interrupting the transaction protocol), or the communication channel breaks down (e.g. due to temporary system failure involving either process, network node, communication, etc.). Both cases may produce potentially an unfair situation upon termination of the off-line transaction protocol. The basic procedure is as follows:

1. Two parties, Alice (the originator) and Bob (the recipient), want to enter into a mutual transaction of electronic tokens. This involves the pairing of Alice's and Bob's peer-devices.

2. Both parties negotiate the terms for exchanging the electronic tokens using their peer-devices.

Once they agree on the negotiated terms, the exchange of the agreed electronic tokens takes place by transferring each electronic token through the established peer-to-peer link.

3. Evidence is collected during the execution of the off-line transaction protocol in form of an electronic document (also denoted eDoc herein). This eDoc is a message object of the off-line transaction protocol messages exchanged between Alice and Bob, and can be used to resolve postponed disputes. The electronic tokens are mutually exchanged (e.g. payment and change money), the payer gets his receipt as well as both receive their non-repudiation tokens to ensure non-repudiability of the transaction.

4. After each party has received the respective electronic tokens, they check for a match against the previous promises. 5. The off-line transaction protocol either ends successfully, i.e. the negotiated electronic tokens have been exchanged successfully or un-successfully, i . e . an interruption/failure of the off-line transaction protocol (e.g. due to a broken channel between the peer-devices) occurred.

6. In case of any interruption/failure occurs or any party misbehaves, fairness is restored as follows:

"No loss of fairness happened. Then there is no need for a fairness recreation procedure": An automatic local termination of the off-line transaction protocol is performed by the tamper- protected semiconductor module (executing the off-line transaction protocol and controlling the electronic tokens). In cases such evidence is available at the respective tamper-protected semiconductor module, it is sufficient to unambiguously allow both tamper-protected semiconductor modules to independently decide either "deal" or "no-deal", i.e. the transaction is regarded to be either successful or un-successful. In such case no third party will or has to be involved.

"Need for a fairness recreation procedure": In rare cases, the interruption/failure is not recoverable with the local evidence available to the two involved tamper-protected semiconductor modules. In these cases, according to the heuristic policy "no profit from any failure" the affected electronic tokens (subject to the transaction) will be "annihilated" at the tamper-protected semiconductor modules (where needed). For compensation, an acceptable proof (affidavit) for an external fairness arbiter is created, which may be used for (auto-) resolving the dispute on-line after termination of the off-line transaction protocol assuming there is (then) a reliable communication channel between the external arbiter and each party to the transaction available.

To emphasize the fact of separation once again, the potential dispute resolution is not a part of the offline transaction protocol. For this reason the overall transaction system proposed herein provides a "delayed" but "optimistic" fair exchange of electronic tokens.

1.4.1.5 Signing and Certificates

A digital cryptographic signature is based on a mathematical scheme to demonstrate and provide the authenticity of a digital message or document by a proof. A valid digital signature (digital signature schemes herein are based upon cryptographic principles) makes a recipient believe the message has been created by a known sender, and it hasn't altered during transition. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. They employ a type of asymmetric cryptography. For messages sent through a non-secure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some non-repudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless.

Digitally signed messages may contain anything representable by a bit-string: Examples include keys, electronic tokens, electronic mails, contracts, or messages sent by the presented off-line transaction protocol. A signature can be applied to a bit-string (representing the data record/message to be signed) by using a hash function to calculate a hash value of the bit-string and to encrypt the hash value using a private signing key of the signing party. The encrypted hash value forms the so-called signature of the bit-string. Authenticity of the bit-string can be verified by a party by freshly calculating the hash value of the bit-string using the same hash function as used in signing the bit-string, and comparing the freshly generated hash value with the decrypted hash value of the signature - if the hash values match each other, the bit-string has not been altered. For decryption of the encrypted hash value (i.e. the signature), the counterpart public key of the private signing key of the signing party is used. This public key may be for example provided by a public key certificate (see below).

In the simplest form, a message and its signature is also called a "certificate". An electronic token that is implemented as a certificate thus contains at minimum a data record of the electronic token and a signature applied on the data record by the issuing authority. In another embodiment, the electronic tokens are provided in form of ITU-T X.509-compliant (version 3) certificates. For example, considering an eCash system, an eCoin can be considered to comprise a data record containing at least the value of the eCoin and a serial number thereof, and optionally currency information. The eCoin is provided in form of a certificate, i.e. contains the data record signed by the issuing authority.

In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with a data record. In most cases this data record contains identity information such as the name of a person or an organization, their address, etc. These data records conclude not only information about a Root Certification Authority (RCA) and Certification Authorities (CAs) based on the ITU-T X.509 (version 3) PKI trust standard, but also about electronic mints (eMints), tamper-protected semiconductor modules (CASTORs / eWallets), electronic tokens (such as for example eCoins), acknowledge tickets, challenges and responses, eDocs and other system-related objects.

The public key certificate can be used to verify that a public key belongs to an entity (e.g. an individual, an organization or a tamper-protected semiconductor module). The digital signature(s) on a certificate are attestations by the certificate signer that the data record information and the public key belong together.

1.4.2 Summary of the Off-line Transaction Protocol - Teleportation

As mentioned above, one of the aspects of the invention is to suggest a protocol that is capable of transferring electronic tokens between two peer-devices using a peer-to-peer link. The transfer of the electronic tokens is thereby not requiring inter-action with a (trusted) third party as a fairness arbiter, so that this transfer is realized "off-line". Accordingly, this protocol is also referred to as off-line transaction protocol herein. As it will become apparent from the following more detailed description of the off-line transaction protocol, same is not necessarily establishing fairness of the transaction within the off-line protocol.

In case of a successful transfer of the electronic tokens between the two peer-devices, i.e. terminating the off-line transaction protocol without interruption or another error, the off-line transaction protocol is fair to both parties to the transaction. However, in case of an interruption of the off-line transaction protocol (e.g. due to a break of the channel of the peer-to-peer link, incompatibility of the change electronic token type, expiry of certificates, or other sources of errors), the off-line transaction protocol may be terminated in an unfair state with the possibility to prove the loss of electronic tokens in a later (on-line) compensation procedure establishing de-facto delayed fairness to the parties of the transaction.

It can be expected that the vast majority of the transactions using the off-line transaction protocol are terminated successfully and a third party is never required in these cases. As it will become also more apparent from the following, also in case of an interruption of the off-line transaction protocol the number of "states" in which the off-line transaction protocol is terminated in an unfair state can be minimized by smart protocol design. Hence, besides limiting the "need" for a third party only to a separate (on-line or off-line) fairness reconstruction procedure, also the frequency of the "need" of an on-line fairness arbiter (trusted third party) for dispute resolution is minimized. The separation of the fairness reconstruction from the transaction protocol for transferring the electronic tokens enables de- facto off-line transactions between two peer-devices via a peer-to-peer link, and allows ensuring delayed fairness to the transaction by means of a separate (on-line or off-line) fairness reconstruction procedure for dispute resolution.

Accordingly, one embodiment of the invention is related to method for transferring electronic tokens between two tamper-protected semiconductor modules (which may be part of respective peer-devices). The method executes an off-line transaction protocol that is controlling the exchange of protocol messages between the two tamper-protected semiconductor modules including a transfer of electronic tokens between the tamper-protected semiconductor modules via a peer-to-peer link, wherein the off- line transaction protocol further enables delayed-true fairness.

In a more detailed exemplary embodiment of the invention, in case of an interruption of the off-line transaction protocol, each tamper-protected semiconductor module autonomously terminates the offline transaction protocol in either

a fair state in which the transfer of the electronic tokens is either successfully completed or the initial state prior to starting the transaction is restored, or in an unfair state for the respective tamper-protected semiconductor module in which one or more electronic tokens is/are irrevocably lost at the respective tamper-protected semiconductor module.

In case the off-line transaction protocol terminates in an unfair state is possible in a respective tamper- protected semiconductor module, the transaction protocol enables delayed-true fairness by providing a proof of loss of the one of more electronic tokens by the respective tamper-protected semiconductor module vis-a-vis a third party. In one example, the third party is the issuing authority that issued the lost one of more electronic tokens.

As indicated above, after termination of the off-line transaction protocol, the tamper-protected semiconductor module(s) encountering a loss of electronic tokens may perform a separate on-line compensation procedure with a third party (e.g. an issuing authority). In this on-line compensation procedure, the tamper-protected semiconductor module encountering the loss of one or more electronic tokens can prove its loss of one or more electronic tokens to the third party (e.g. issuing authority) using the proof of loss and receives a compensation of the lost electronic token(s) from the issuing authority. Please note that the compensation procedure may also be performed off-line, depending on the target scenario where the invention is used.

In another exemplary embodiment of the invention, the compensation procedure is being based on generatability of electronic tokens by the issuing authority or on the ability to compensate in form of a fiat money account transfer (in case of financial compensation using bank accounts).

In a further embodiment of the invention, the off-line transaction protocol will be executed in the tamper-protected semiconductor modules, respectively. Moreover, the proof of loss may be signed by the tamper-protected semiconductor module using a signing key of the tamper-protected semiconductor module.

In another embodiment of the invention, the off-line transfer protocol is of fail-stop type. A protocol is of fail-stop type if, whenever a critical issue is detected, all causally follow-up messages in the next step or later are not sent, i.e. the protocol will be halted (interrupted) and terminated. This means that timers are used to control timeliness of message exchange in the off-line transaction protocol. In case one of the tamper-protected semiconductor modules does not receive the next protocol message within the time period prescribed by a timer, the tamper-protected semiconductor module interrupts the offline transaction protocol and terminates the off-line transaction protocol in a fair or unfair state as described above. Since the tamper-protected semiconductor module will thus not send any further protocol messages to the other tamper-protected semiconductor module during this session, the other tamper-protected semiconductor module will also time-out and terminate the off-line transaction protocol either in a fair or an unfair state as described above. Hence, termination of the transaction protocol may also be performed by the respective tamper-protected semiconductor module in response to a timeout. The following paragraphs will discuss some special cases for an interruption of the off-line transaction protocol, and their handling in a post-transaction protocol termination process in further detail. It should be noticed that electronic tokens successfully sent by a peer-device/ tamper-protected hardware module (but maybe not successfully received by the other peer-device/ tamper-protected hardware module) are automatically irrevocably destroyed by the transmitting peer device/tamper-protected hardware module. The procedure for handling interruptions that results in situations where the respective local knowledge of the tamper-protected semiconductor modules on the transaction is insufficient to allow both tamper-protected semiconductor modules to conclude on the success or failure of the transaction (in a manner that both tamper-protected semiconductor modules come to the same result) exemplarily referred to as a "weak deal" phase of the off-line transaction protocol (i.e. the "weak deal" phase is also off-line). All other situations where the local knowledge is sufficient to allow both tamper-protected semiconductor modules to conclude on the success or failure of the transaction can arise may lead to an immediate termination of the off-line transaction protocol without any "weak deal" phase being executed.

As will become apparent from the following exemplary situations that may arise and that are handled on the "weak deal" phase of the off-line transaction protocol, the "weak deal" phase of the off-line transaction protocol mainly consists of the two tamper-protected semiconductor modules trying to re- contact each other in a (configurable or negotiable) lock timeout period in order to come to either a successful termination of the transaction ("weak-deal" "deal") or unsuccessful termination of the transaction ("weak-deal" "no deal"). According to whether there is a deal or no deal for the respective tamper-protected semiconductor modules the take respective actions to avoid misuse of the transaction system, such as for example destroying electronic tokens, generating a proof of loss where applicable, etc.

In one exemplary situation (as exemplified, for example, in states IDs 07a, 08a, 06b, 07b in Figure 14 and Figure 15, respectively), the off-line transaction protocol is terminated after one of the tamper protected semiconductor modules ("payer") has transferred its electronic tokens without having received the expected response from the other tamper protected hardware module ("payee"). In this situation, the tamper-protected semiconductor module ("payer") lacking the expected response, terminates the off-line transaction protocol immediately in a final, but however unfair state, in which the transferred electronic tokens are irrevocably destroyed and provides a proof of loss for the irrevocably destroyed electronic tokens.

The other tamper-protected semiconductor module ("payee") terminates the off-line transaction protocol immediately in a final and fair state, in case the other tamper-protected semiconductor module ("payee") has not received the transferred electronic tokens.

Otherwise, i.e. in case the other tamper-protected semiconductor module ("payee") has successfully received the transferred electronic tokens (and nothing else thereafter), it terminates the off-line transaction protocol after expiry of a previously defined lock timeout period in a final but unfair state in which the other tamper-protected semiconductor module ("payee") has irrevocably destroyed the received electronic tokens and provides a proof of loss, in case the other tamper-protected semiconductor module ("payee") has transferred change electronic tokens to the tamper-protected semiconductor module ("payer") in response to its reception of the other tamper-protected semiconductor module's ("payee's") electronic tokens.

Another exemplary special situation (see, for example, states IDs 08a, 09a, 07b and 08b in Figure 14 and Figure 15, respectively) is a situation where the off-line transaction protocol is terminated after one of the tamper-protected semiconductor modules ("payer") has transferred its electronic tokens to the other tamper-protected semiconductor module ("payee"). It is further assumed that the other tamper-protected semiconductor module ("payee") successfully received the electronic tokens and returned a confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens, but the other tamper-protected semiconductor module ("payee") did not receive the expected response to its confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens form the tamper-protected semiconductor modules ("payer"), as exemplified, for example, in states IDs 07b and 08a in Figure 14 and Figure 15, respectively.

In this situation, the tamper-protected semiconductor module ("payer") terminates the off-line transaction protocol immediately in a final but unfair state, in which its transferred electronic tokens are irrevocably destroyed, and a proof of loss for the irrevocably destroyed electronic tokens is provided by the tamper protected hardware module ("payer"), in case it has not received the other tamper-protected semiconductor module's ("payee's") confirmation of receipt for the transferred electronic tokens and the optional change electronic tokens.

Otherwise, as exemplified, for example, in states IDs 09a and 08b in Figure 14 and Figure 15, respectively in case the tamper-protected semiconductor module ("payer") has received the other tamper-protected semiconductor module's ("payee's") confirmation of receipt for the transferred electronic tokens and the optional change electronic tokens, the tamper protected hardware module ("payer") terminates the off-line transaction protocol in a final and fair state or in a final and unfair state. The off-line transaction protocol is terminated in a final and fair state in case both tamper- protected semiconductor modules re-contact each other and finish the transaction within a previously defined lock timeout period successfully. Otherwise, the tamper-protected semiconductor module ("payer"), which has transferred its electronic tokens to the other tamper-protected semiconductor module ("payee"), terminates the off-line transaction protocol in a final but unfair state after expiry of the previously defined lock timeout period, in which the tamper-protected semiconductor module ("payer") produces a proof of loss for the value of the electronic tokens already transferred to the other tamper-protected semiconductor module ("payee") and irrevocably destroys the electronic change tokens received from the other tamper-protected semiconductor module ("payee"). The other tamper-protected semiconductor module ("payee"), which did not receive the expected response to its confirmation of receipt for the transferred change electronic tokens terminates the offline transaction protocol after expiry of a previously defined lock timeout period in a final but unfair state, in case the tamper-protected semiconductor modules fail to re-contact each other within the previously defined lock timeout period successfully: The other tamper-protected semiconductor module ("payee") irrevocably destroys the previously received electronic tokens and provides a proof of loss for the previously sent change electronic tokens, in case the other tamper-protected semiconductor module ("payee") has transferred change electronic tokens to the tamper-protected semiconductor module ("payer") in response to having received the electronic tokens from the tamper- protected semiconductor module ("payer").

In case the tamper-protected semiconductor modules are able to re-contact each other and finish the transaction within a previously defined lock timeout period successfully, the other tamper-protected semiconductor module ("payee") terminates the off-line transaction protocol in a final and fair state.

A further exemplary special situation (see, for example, states IDs 09a, 10a, 08b and 09b in Figure 14 and Figure 15, respectively) is a situation where the off-line transaction protocol is terminated after one of the tamper-protected semiconductor modules ("payer") having transferred its electronic tokens to the other tamper-protected semiconductor module ("payee"). Further the tamper-protected semiconductor module ("payer") received a confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens from the other tamper-protected semiconductor module ("payee"), but the the tamper-protected semiconductor module ("payee") did not receive the expected response to a further confirmation message transmitted from the the tamper-protected semiconductor module ("payer") to the other tamper-protected semiconductor module ("payee") for confirming the confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens.

In this situation, the tamper-protected semiconductor module ("payer") having transferred its electronic tokens to the other tamper-protected semiconductor module ("payee") terminates the offline transaction protocol in a final and fair state, in case the tamper-protected semiconductor modules re-contact each other and successfully finish the transaction within a lock timeout period. Otherwise, the the tamper-protected semiconductor module ("payer") terminates the off-line transaction protocol in a final but unfair state after expiry of the lock timeout period, in which the tamper-protected semiconductor module produces a proof of loss for the value of the electronic tokens transferred to the other tamper-protected semiconductor module and irrevocably destroyed the change electronic tokens received from the other tamper-protected semiconductor module.

The other tamper-protected semiconductor module ("payee") terminates the off-line transaction protocol in a final and fair state or a final and unfair state, in case the other tamper-protected hardware module has not received the conformation message confirming the confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens. The off-line transaction protocol is terminated by the other tamper-protected semiconductor module ("payee") in a final and fair state, in case the tamper-protected semiconductor modules re-contact each other and successfully finish the transaction within a lock timeout period. Otherwise other tamper-protected semiconductor module ("payee") terminates the off-line transaction protocol in a final but unfair state after expiry of the lock timeout period, in which the other tamper-protected semiconductor module ("payee") produces a proof of loss for the value of the change electronic tokens (if any) and irrevocably destroys the electronic tokens received from the tamper-protected semiconductor module ("payer").

In case the other tamper-protected hardware module ("payee") has received the conformation message confirming the confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens, the other tamper-protected hardware module ("payee") terminates the off-line transaction protocol in a final and fair state in which the transaction is considered successful by the other tamper-protected hardware module ("payee").

For the case that the other tamper-protected hardware module ("payee") considers the transaction successful, but the tamper-protected hardware module ("payer") terminates the off-line transaction protocol in a final but unfair state after expiry of the lock timeout period, in which the tamper- protected semiconductor module produces a proof of loss for the value of the electronic tokens transferred to the other tamper-protected semiconductor module and irrevocably destroyed the change electronic tokens received from the other tamper-protected semiconductor module, the tamper- protected hardware module ("payer") may obtain a reimbursement of the value of the electronic tokens transferred to the other tamper-protected semiconductor module ("payee") from the issuing authority against the proof of loss and revealing the user's identity (i.e. the identify of the user of the tamper- protected hardware module ("payer")). This reimbursement of "lost" electronic tokens against a proof of loss may be for example follow the principle "in dubio mitius". Furthermore, in a more detailed exemplary embodiment, a fraud can be detected by the issuing authority recognizing that the electronic tokens claimed to be lost by the tamper-protected hardware module ("payer") - and having been reimbursed - are cleared by another party, e.g. the other tamper-protected semiconductor module ("payee") or another tamper-protected semiconductor module.

The following enumeration exemplary lists conditions in which - besides timeouts - a fail-stop of the off-line transaction protocol is caused by one of the tamper-protected semiconductor modules:

The storage capacity of a token memory in the respective tamper-protected semiconductor module has reached its limit (no more free space),

the tamper-protected semiconductor modules cannot agree on any supported denomination distribution of electronic tokens for the transaction in the Negotiation Phase of the off-line transaction protocol, the electronic tokens stored in the respective tamper-protected hardware do not allow for fulfilling a receivable of the transaction (no more transferability),

the type(s) of electronic token(s) to be exchanged is incompatible within the intended transaction, authentication of one or more electronic token(s) subject to the transfer fails at the respective tamper-protected semiconductor module,

checking validity of a certificate by the respective tamper-protected semiconductor module fails due to the certificate being unauthenticated, outdated, or blacklisted in a Certificate Revocation List (CRL) signed by a Root Certification Authority, and

an incompatibility in rules to be enforced by the tamper-protected semiconductor modules exists, wherein the incompatibility in the rules consists of an incompatibility between the rules to be enforced as defined by the users, by Capability Flag Vectors (CFVs) of the tamper-protected semiconductor modules, by a regulation authority, or a transaction limit of a the tamper-protected semiconductor module.

Furthermore, in one exemplary embodiment, one of the tamper-protected semiconductor modules is owned by the electronic tokens issuing authority. This may be e.g. advantageous in cases where the electronic tokens represent electronic coins (eCash). In this scenario the tamper-protected semiconductor modules may also be owned by a bank (in which the user can be a customer). In this context, the off-line transaction protocol may be used to withdraw or deposit electronic coins from/at the bank/issuing authority. As the bank/issuing authority has to deal with a huge number of concurrent withdrawals and deposits simultaneously (i.e. there is a high number of parallel executions of the offline transaction protocol, concurrency criteria) it may be advantageous to implement (parts of) the tamper-protected semiconductor module of the bank/issuing authority in software.

1.4.2.1 Summary of the Pairing Phase

Exemplarily, the off-line transaction protocol may be considered to consist of different protocol phases. Please note that the invention is not limited to the following description of protocol phases. Nevertheless they are merely exemplarily used to explain the structure of the off-line transaction protocol.

For example, the off-line transaction protocol may start with a Pairing Phase to pair the two tamper- protected semiconductor modules for a single execution of the off-line transaction protocol. The Pairing Phase may comprise a mutual exchange of certificates, which respectively identify the tamper- protected semiconductor module. The certificates exchanged may, for example, comprise a respective public key of the respective tamper-protected semiconductor module's public key -pair.

Each tamper-protected semiconductor module confirms the validity of the respective other tamper- protected semiconductor module's certificate. If the validity is not confirmed it will interrupt the transaction protocol prior to the transfer of any electronic token. Please note that it is assumed that all certificates are checked by traversing the chain of trust down to the root certificate of the Root Certification Authority, and that the validity will not be confirmed if one single check within the chain of trust is not affirmative.

In one exemplary embodiment, checking the validity of the certificate of the respective other tamper- protected semiconductor module also comprises checking whether an identifying descriptor item of the certificate is contained in a Certificate Revocation List of revoked certificates of tamper-protected semiconductor modules. If yes, the transaction protocol is interrupted prior to the transfer of any electronic tokens. The descriptor item of the certificate may be for example a unique identification of the respective tamper-protected semiconductor module, such as a serial number or a public key specific to the tamper-protected semiconductor module comprised in the certificate.

During the Pairing Phase the tamper-protected semiconductor modules "detect" the respective other transaction partner. This may include the exchange of a set of transaction protocol messages as prescribed by the off-line transaction protocol. One of the transaction protocol message transmitted by a respective one of the tamper-protected semiconductor modules during the Pairing Phase comprises at least one of:

a certificate identifying the respective tamper-protected semiconductor module, the certificate including the public key of the respective tamper-protected semiconductor module used by the offline transaction protocol between the tamper-protected semiconductor modules,

a device identifier and/or network identifier of a peer-device describing a particular one of the two tamper-protected semiconductor modules for addressing subsequent transaction protocol messages to be exchanged between the two tamper-protected semiconductor modules,

one or more Capability Flag Vectors (CFVs) which identifies the cryptographic schemes supported by the respective tamper-protected semiconductor module, usable according to crypto- regulations and user definable restrictions (e.g. a lowermost mandatory minimum security level) applying to the transfer of the electronic tokens,

a timestamp indicating the point in time of the generation or transmission of the respective transaction protocol message,

a random number for establishing a transaction identifier during a Secure Connection Setup Phase of the transaction protocol,

- a signature to ensure integrity of the contents of the respective transaction protocol message, wherein the signature is obtained using a signing key of the respective tamper-protected semiconductor module transmitting the respective transaction protocol message, and

a voucher in form of an affidavit usable for the compensation claim against the issuing authority. In one exemplary embodiment of the invention, there may be multiple Capability Flag Vectors of the respective tamper-protected semiconductor module that describe for example the (crypto-) capabilities of the hardware of the respective tamper-protected semiconductor module, the (crypto-) capabilities supported by the firmware running on the respective tamper-protected semiconductor module. The (crypto-) capabilities reflect whether the user will allow or deny negotiated facts of the off-line transaction running on the respective tamper-protected semiconductor module (i.e. preventing off-line transactions under a defined minimum of (crypto-) protection strength), and (crypto-) capabilities allowed to be used the by local regulation (i.e. crypto-regulations applying to the transfer of the electronic tokens).

Advantageously, each respective tamper-protected semiconductor module compiles a Capability Flag Vector based on a combination (e.g. by applying a simple AND function to the bitwise fact mattering encoded vectors) of its Capability Flag Vectors and sends the result to the respective other tamper- protected semiconductor module. Based on the local Capability Flag Vectors and the one received from the respective other tamper-protected semiconductor module, each tamper-protected semiconductor module can determine the effective (crypto-) capabilities to be applied to the transaction by combining (e.g. applying a simple AND function to the vectors) of the Capability Flag Vectors. In one exemplary implementation the Capability Flag Vector (CFV) indicating the (crypto-) capabilities of the hardware of the respective tamper-protected semiconductor module may be comprised in the root certificate (Type-VI) of the Root Certification Authority.

Please note that in case the exchanged Capability Flag Vectors indicate a non-resolvable incompatibility between the tamper-protected semiconductor modules, no electronic tokens may be transferred and the off-line transaction protocol is terminated by the tamper-protected semiconductor module. A termination at this early stage of the off-line transaction protocol will typically resolve into a fair state, as none of the tamper-protected semiconductor module has transferred any electronic token yet.

Furthermore, in another exemplary embodiment of the invention, the transaction protocol messages of the Pairing Phase are exchanged by the tamper-protected semiconductor modules using an initial wired or wireless access technology, while the transaction protocol messages of the off-line transaction protocol not being part of the Pairing Phase are exchanged between the tamper-protected semiconductor modules using another (second) wired or wireless access technology. This may be for example advantageous in cases where the initial wired or wireless access technology is offering advantages for the physical pairing process, but is providing an undesirably low or insufficient bandwidth for the payload transfer. The second access technology may differ from the first access technology and may advantageously provide a higher (sufficient) bandwidth for payload transfer. Hence, it may be possible to pair the peer-devices (comprising the tamper-protected semiconductor modules) using an initial first access technology (e.g. Radio Frequency IDentification (RFID) or another Near Field Communication (NFC) technology), while the remaining phases of the off-line transaction protocol will be executed through another channel, i.e. using a different access technology, e.g. Bluetooth, WLAN, cellular radio, etc.

1.4.2.2 Summary of the Secure Connection Establishment Phase (also: VPN/VPC Setup)

Following the Pairing Phase, the off-line transaction protocol could further comprise a Secure Connection Establishment Phase. In this phase the tamper-protected semiconductor modules may establish a secure tunnel/channel through the peer-to-peer link. For example, this phase may set up a virtual private network/channel (VPN, VPC) between the two tamper-protected semiconductor modules. Please note that the Secure Connection Establishment Phase is optional, and there may be applications of the invention, in which no secure connection for transferring the electronic tokens is required, desired, or allowed by regulation. The Secure Connection Establishment Phase may be used to establish cryptographic parameters in the tamper-protected semiconductor modules to encrypt and sign the (further) transaction protocol messages to be exchanged between the two tamper-protected semiconductor modules.

To encrypt and sign the transaction protocol messages, the tamper-protected semiconductor modules may use different session keys. A key establishment scheme may be used to generate (different) session keys for encryption and signing of the transaction protocol messages in the Secure Connection Establishment Phase. Optionally, session keys used solely for encrypting the electronic tokens exchanged between the tamper-protected semiconductor modules may be generated in this course as well.

In one embodiment of the invention, the validity of the session keys is limited to one session. Hence, the session keys may be generated by the tamper-protected semiconductor module for each execution of the off-line transaction protocol. The transaction protocol messages, following the Secure Connection Establishment Phase, may thus be encrypted and signed by the tamper-protected semiconductor modules using the session keys established for the given execution of the off-line transaction protocol.

In one embodiment of the invention, the encryption function VPN/VPC may be disabled, for example manually by the user or due to regulations. In case the encryption function of the VPN/VPC is disabled, the protocol messages exchanged between the tamper-protected semiconductor modules are still signed by the sending tamper-protected semiconductor module to allow the other tamper- protected semiconductor module to verify integrity of the message contents. The tamper-protected semiconductor modules may use respective session keys to sign the messages.

Furthermore, the tamper-protected semiconductor modules may each use different key-pairs for signing (firstly) the contents of transaction protocol messages and encrypting (secondly) the contents of transaction protocol messages prior to transmission to the respective other tamper-protected semiconductor module. Session keys may be symmetric, but asymmetric keys could be used also as session keys. Furthermore, session keys may be for example generated by local instances (i.e. by the tamper-protected semiconductor modules) end-to-end and not externally (as for example in SKYPE or EC/Credit Cards due to penurious local resources or due to other reasons). This way, privacy of the transaction partners may be achieved. In another exemplary embodiment, the session keys are always generated within a key generation process that is part of the off-line transaction protocol.

The session keys may for example be generated by using mechanisms like discrete logarithm cryptography (DLC)- based key establishment schemes as, for example, the full unified modified Diffie-Hellman hybrid scheme (as used within the Elliptic Curve Diffie-Hellman, ECDH or Elliptic Curve Signature Algorithm, ECDSA) with two ephemeral keys and two static keys which are using Elliptic Curve Cryptography (ECC) and a Cofactor Diffie-Hellman (CDH) primitive, or as the full unified (Cofactor) Menezes-Qu-Vanstone hybrid scheme (as used within the Elliptic Curve Menezes- Qu-Vanstone, ECMQV) with two ephemeral keys and two static keys which are using Elliptic Curve Cryptography (ECC) and a Menezes-Qu-Vanstone (MQV) primitive. In one exemplary embodiment, the parameters of the session key generation mechanism are provided in a tamper-protected semiconductor module -specific certificate (e.g. the Type-VI certificate outlined below) so that so- called "Man In The Middle Attacks" (MITMA) can be ruled out.

Moreover, in case one of the tamper-protected semiconductor modules determines upon confirming validity of the certificate of the respective other tamper-protected semiconductor module the identifying descriptor item of the certificate is contained in a Certificate Revocation List (CRL) of revoked certificates of tamper-protected semiconductor modules, the tamper-protected semiconductor module informs the respective other tamper-protected semiconductor module its certificate having been revoked within a transaction protocol message. The respective other tamper-protected semiconductor module disables itself in response to the reception of the transaction protocol message which indicates the respective other tamper-protected semiconductor module's certificate is revoked. Revocation of certificates in the transaction system may be implemented by a (e.g. viral) distribution of Certificate Revocation Lists (CRLs).

Disabling the tamper-protected semiconductor module means the module is making itself unavailable permanently or temporarily for any further transactions. For example, this could mean that the tamper- protected semiconductor module is destroying (e.g. burning) some die area or circuit path(s) so it becomes permanently dysfunctional or clear stored secrets required for functionality. Alternatively, the firmware of the tamper-protected semiconductor module could prevent any further transactions being executed temporarily until the tamper-protected semiconductor module is unlocked again, either in an on-line procedure with a trusted party (e.g. the Root Certification Authority) or the tamper- protected semiconductor module (respectively, the device containing same) may be unlocked (physically) directly at a trusted party (e.g. the Root Certification Authority). Please note there may be manifold possibilities how to permanently or temporarily (by firmware) disable the tamper-protected semiconductor module, and also manifold mechanisms may be employed to enable the tamper- protected semiconductor module for transactions again, after the firmware temporarily disabling same.

In a further exemplary embodiment, the firmware of the tamper-protected semiconductor module may not immediately interrupt execution of the off-line transaction protocol upon determining the other tamper-protected semiconductor module is listed in a Certificate Revocation List, but the off-line transaction protocol is continued until the end of a Negotiation Phase of the off-line transaction protocol, and thereupon the off-line transaction protocol is interrupted. This may be particularly useful in implementations in which - as part of the Negotiation Phase - the tamper-protected semiconductor modules exchange their Certificate Revocation Lists. By continuing the off-line transaction protocol the "corrupted" tamper-protected semiconductor module may be updated by the other tamper- protected semiconductor module with the Certificate Revocation List of revoked certificates of tamper-protected semiconductor modules (including the "corrupted" tamper-protected semiconductor module) and may thereby learn its tamper-protected semiconductor module certificate has been revoked or the revocation has been resolved. Accordingly, the update of the Certificate Revocation List will then cause the "corrupted" tamper-protected semiconductor module to disable (or (re)enable) itself, as outlined above.

According to another embodiment of the invention, the first transaction protocol message of the Secure Connection Establishment Phase comprises a running message counter incremented in each subsequent message of the off-line transaction protocol exchanged between the tamper-protected semiconductor modules. Moreover, a tamper-protected semiconductor module interrupts the off-line transaction protocol's execution in response to the detection of an incorrect increment of the running message counter in a received transaction protocol message. The utilization of a running message counter may be one of the measures to immunize the off-line transaction protocol against replay attacks.

Moreover, according to a further embodiment of the invention, the transaction protocol messages exchanged in the Secure Connection Establishment Phase comprise a transaction identifier determined based on random numbers exchanged between the tamper-protected semiconductor modules during the Pairing Phase. This transaction identifier is uniquely identifying the transaction.

Generally, the contents of the transaction protocol messages exchanged between the tamper-protected semiconductor modules in the Pairing Phase and the Secure Connection Establishment Phase may be signed by the respective tamper-protected semiconductor module using their respective signing key. The public key used for verifying the signature by the respective other tamper-protected semiconductor module may be comprised in the certificate received from the other tamper-protected semiconductor module during the Pairing Phase.

Furthermore, timestamps may exist in the transaction protocol messages exchanged in the Pairing Phase and/or Secure Connection Establishment Phase. For example, these timestamps may be used by the respective tamper-protected semiconductor modules to determine channel characteristics of the peer-to-peer link, and the tamper-protected semiconductor modules determine timer values of the timers controlling the timeliness of the off-line transaction protocol messages based on the channel characteristics. This may be especially useful in case the off-line transaction protocol is of fail-stop type: The timers controlling the timeliness of protocol messages may thus be determined on the individual channel characteristics, which is another measure to further immunize the off-line transaction protocol against replay attacks.

1.4.2.3 Summary of the Negotiation Phase

Moreover, the off-line transaction protocol may also comprise a Negotiation Phase. As its name suggests, the Negotiation Phase is inter alia used to negotiate the transaction, e.g. the type and/or number of electronic tokens to be exchanged. Please note the Negotiation Phase may not necessarily negotiate the receivable of the transaction itself, but rather how (e.g. under which conditions) the receivable of the transaction is transferred between the two tamper-protected semiconductor modules. As part of the Negotiation Phase the tamper-protected semiconductor modules may further exchange user certificates of the users of the respective peer-devices comprising a respective one of the two tamper-protected semiconductor modules. Further, as part of the transaction's negotiation the tamper- protected semiconductor modules also negotiate their ability to conduct the transfer of the electronic tokens.

According to another embodiment of the invention, each tamper-protected semiconductor module confirms the user certificate's validity of the other respective tamper-protected semiconductor module and interrupts the transaction protocol prior to the transfer of any electronic tokens if the validity is not confirmed. The confirmation of the user certificate's validity of the respective other tamper-protected semiconductor module may e.g. comprise of checking whether a certificate's identifying descriptor item is contained in a user Certificate Revocation List of revoked user certificates. If this is true the transaction protocol will be interrupted prior to the transfer of any electronic tokens.

In case the tamper-protected semiconductor module determines, upon confirming validity of the user certificate of the respective other tamper-protected semiconductor module, the identifying descriptor item of the user certificate is contained in the user Certificate Revocation List, the tamper-protected semiconductor module may advise the respective other tamper-protected semiconductor module of the user certificate's revocation within a transaction protocol message, whereupon the respective other tamper-protected semiconductor module will disable itself in response to the reception of the transaction protocol message indicating user certificate's revocation. In a more detailed exemplary implementation, in case one of the user certificates has been invalidated (i.e. in the Certificate Revocation List of user certificates), the tamper-protected semiconductor modules may continue to execute the off-line transaction protocol until the end of the Negotiation Phase of the off-line transaction protocol and thereupon interrupt the off-line transaction protocol. Essentially, these steps are similar to the checking of the respective tamper-protected semiconductor module's certificate as described in the Summary of the Secure Connection Establishment Phase (also: VPN/VPC Setup).

As mentioned also earlier and according to another embodiment of the invention the tamper-protected semiconductor modules exchange Certificate Revocation Lists (e.g. revocation lists of tamper- protected semiconductor module certificates, user certificates, electronic token certificates, issuing authority certificates etc.) and update the respective Certificate Revocation List(s) in the Negotiation Phase based on the Certificate Revocation List received from the respective other tamper-protected semiconductor module.

In an exemplary implementation of a Negotiation Phase of the off-line transaction protocol according to an embodiment of the invention, a first of the two tamper-protected semiconductor modules generates a„Ranked Suggestion List (RSL)" of preferred candidate combinations of atomic electronic tokens stored in the first tamper-protected semiconductor module and respective, optional change preferred candidate combinations of atomic electronic tokens that fulfill a receivable of the transaction, and transmits the„Ranked Suggestion List (RSL)" to the second, other tamper-protected semiconductor module in a transaction protocol message (e.g. as part of the eDoc). Further, the second tamper-protected semiconductor module determines whether one of the preferred candidate combinations of atomic electronic tokens and respective, optional change preferred candidate combinations of atomic electronic tokens out of the„Ranked Suggestion List" can be accepted in view of the atomic electronic tokens available at the second tamper-protected semiconductor module.

If this is the case (or simply optionally) the second tamper-protected semiconductor module may modify or add a counter proposal to the„Ranked Suggestion List", which e.g. contains new preferred candidate combinations of atomic electronic tokens stored in the second tamper-protected semiconductor module, and optional change preferred candidate combinations of atomic electronic tokens that fulfill the receivable of the transaction, respectively. The second tamper-protected semiconductor module transmits a transaction protocol message comprising the optionally modified or counter proposed„Ranked Suggestion List" (e.g. as part of the eDoc) to the first tamper-protected semiconductor module, which in turn selects one of the preferred candidate combinations of atomic electronic tokens and respective, optional change preferred candidate combinations of atomic electronic tokens out of the „Ranked Suggestion List" and informs the other tamper-protected semiconductor module about its selection.

The first tamper-protected semiconductor module then transfers the atomic electronic tokens as indicated by the selected one candidate combination of atomic electronic tokens and respective, optional change combinations of atomic electronic tokens out of the„Ranked Suggestion List" from the first tamper-protected semiconductor module to the second tamper-protected semiconductor module. Please note that the transfer step may be formally considered part of the Electronic Token Transfer Phase of the off-line transaction protocol, as will be discussed in further detail below. In an alternative exemplary implementation, the first of the two tamper-protected semiconductor modules generates a„Ranked Suggestion List" of candidate combinations of atomic electronic tokens stored in the first tamper-protected semiconductor module and optional, respective change combinations of atomic electronic tokens that fulfill a receivable of the transaction, and transmits the „Ranked Suggestion List" to the second, other tamper-protected semiconductor module in a transaction protocol message.

The second tamper-protected semiconductor module selects one of the preferred candidate combinations of atomic electronic tokens and optional, respective change preferred candidate combinations of atomic electronic tokens out of the„Ranked Suggestion List", informs its partner tamper-protected semiconductor module about its selection and transfers the atomic electronic tokens as indicated by the selected candidate combination of atomic electronic tokens and optional, respective change combination of atomic electronic tokens out of the„Ranked Suggestion List" from the second tamper-protected semiconductor module to the first tamper-protected semiconductor module. Please note that the transfer step may be formally considered part of the Electronic Token Transfer Phase of the off-line transaction protocol, as will be discussed in further detail below.

1.4.2.4 Summary of the Electronic Token Transfer Phase (also: Value Data Transfer)

The off-line transaction protocol could further comprise an Electronic Token Transfer Phase following the Negotiation Phase. In this Electronic Token Transfer Phase, the tamper-protected semiconductor modules transfer the electronic tokens as negotiated in the Negotiation Phase.

The transfer of electronic tokens from a first tamper-protected semiconductor module to the second, other tamper-protected semiconductor module may be for example realized by transmitting the transaction protocol message comprising the electronic tokens to the second tamper-protected semiconductor module, and ensuring by the first tamper-protected semiconductor module that electronic tokens are irrevocably destroyed upon successful completion or termination (even in unsuccessful cases) of the off-line transaction protocol once it has been transmitted to the second tamper-protected semiconductor module. This combination of transmission and assured controlled destruction of the electronic tokens once they have been transmitted is also referred to as "teleportation" herein.

Hence, the off-line transaction protocol ensures (or to be more precise, the firmware of the tamper- protected semiconductor modules implementing the off-line transaction protocol) that once an electronic token has been transmitted by a tamper-protected semiconductor module, the electronic token is irrevocably destroyed. This irrevocable destruction of electronic tokens may result in an unfair termination of the off-line transaction protocol in case same is interrupted. However, the controlled irrevocable destruction may be desirable as it is one effective measure to prevent multi- spending of electronic tokens by any party of the transaction, justifying the occasional unfair termination of the off-line transaction protocol and the necessity of a postponed (on-line) compensation procedure with a trusted authority (e.g. the issuing authority).

In an exemplary implementation, the transferred electronic tokens are part of the transaction protocol messages' content (i.e. part of the payload) and are separately encrypted by the respective tamper- protected semiconductor module prior to their inclusion in the transaction protocol messages. Hence, even in case no secure connection is used (e.g. since there is no Secure Connection Establishment Phase by design of the off-line transaction protocol or crypto-regulation do not allow for use of an encryption), the electronic tokens may nevertheless be encrypted prior to their transmission. In other words: The encryption of the electronic tokens may be a feature independent from the use of a secure connection on the peer-to-peer link between the tamper-protected semiconductor modules. Optionally, the electronic tokens to be transmitted in a respective transaction protocol message may also be compressed prior to their encryption. For encryption purposes, special session keys generated by the tamper-protected semiconductor modules may be used. Alternatively, the tamper-protected semiconductor modules could also use the respective other tamper-protected semiconductor module's public key portion contained in the certificate of the respective other tamper-protected semiconductor module or the public key portion of the other user certificate of the user of the respective other tamper- protected semiconductor module . Furthermore, the encryption of the electronic tokens may be independent from the settings in the Capability Flag Vectors of the tamper-protected semiconductor modules.

In one exemplary embodiment, the electronic tokens transferred between the tamper-protected semiconductor modules are identified by uniquely identifying descriptor items (e.g. a bit sequence and/or a serial number). The inclusion of a descriptor item to the electronic tokens may for example be used in a verification of the electronic tokens received by a tamper-protected semiconductor module with respect to their validity and/or their compliance with the negotiated receivable of the transaction. As mentioned earlier, the tamper-protected semiconductor modules may indicate the descriptor items (e.g. bit sequence and/or serial numbers) of the electronic tokens to be transferred in the Negotiation Phase and either one or both of the tamper-protected semiconductor modules could check, whether the descriptor items contained in the electronic tokens received from the respective other the tamper- protected semiconductor module matches the descriptor items of the electronic tokens negotiated in the Negotiation Phase.

Optionally and according to a further embodiment of the invention, one of the tamper-protected semiconductor modules or both tamper-protected semiconductor modules could check whether the one or more electronic tokens to be transferred by the respective other tamper-protected semiconductor module are blacklisted in a Certificate Revocation List of revoked electronic tokens prior to proceeding further with an Electronic Token Transfer Phase of the off-line transaction protocol. Depending on the target application in which the invention is employed, this check for revocation (which may be considered part of a validity check) may be off-line if the Certificate Revocation List is locally available, or on-line with one of more issuing authorities that maintain respective Certificate Revocation List(s) of their issued electronic tokens.

Checking the electronic tokens to be transferred for revocation (or validity in general) could be for example particularly suitable in applications, in which one of the tamper-protected semiconductor modules (is included in a device that) is located at some location having permanent on-line access. For example, a tamper-protected semiconductor module provided at a Point of Sale (PoS) could check the revocation/validity of the electronic tokens to be received from the respective other tamper-protected semiconductor module against a Certificate Revocation List of electronic tokens.

Although this check may be part of the Electronic Token Transfer Phase of the off-line transaction protocol, this check of the electronic tokens could also be realized as part of the Negotiation Phase. However, there may not yet be sufficient information available upon negotiation to check the validity of the electronic tokens, but just enough information to check the revocation of the electronic tokens. For example, if the descriptor items (e.g. bit sequences and/or serial numbers) of the electronic tokens to be transferred in the transaction are exchanged in the Negotiation Phase, they could be checked for revocation against a Certificate Revocation List of electronic tokens.

For a full respectively a complete validity check, however, the electronic token may need to be received first. As part of a validity check of the electronic tokens, either one or both of the tamper- protected semiconductor modules check, whether the respective electronic tokens received from the respective other the tamper-protected semiconductor module match with the promises previously made as part of the Negotiation Phase and have not expired.

1.4.2.5 Summary of the Acknowledgement Phase (also: Confirmation)

Further, the off-line transaction protocol may comprise an Acknowledgement Phase following the Electronic Token Transfer Phase, in which the tamper-protected semiconductor modules acknowledge receipts of the electronic tokens transferred in the Electronic Token Transfer Phase . The acknowledgements may be further used for non-repudiation, proof generation, and other things, in particular in case a fairness reconstruction is necessary due to termination of the off-line transaction protocol in an unfair state.

In one exemplary embodiment, the tamper-protected semiconductor module receiving the last transaction protocol message of the Electronic Token Transfer Phase comprising electronic tokens, transmits a first acknowledgement message to the other tamper-protected semiconductor module to thereby acknowledge the successful reception of all electronic tokens as agreed on in the Negotiation Phase. Thereupon, the other tamper-protected semiconductor module responds by sending a second acknowledgement message to thereby acknowledge the receipt of the first acknowledgement message. Upon successful reception of the first and second acknowledgement messages at the tamper-protected semiconductor modules respectively, the off-line transaction protocol is always ended by both tamper- protected semiconductor modules successfully in a fair state, i.e. even an interruption of the off-line transaction protocol will now result in the successful termination of the off-line transaction protocol. Basically, the two first acknowledgement messages thus represent a proof of non-repudiation.

Optionally, the tamper-protected semiconductor module receiving the second acknowledgement message transmits a third acknowledgement message to the other tamper-protected semiconductor module to thereby indicate to the other tamper-protected hardware that the transaction of the electronic tokens has been terminated successfully in a fair state. From a protocol-perspective, this "last" acknowledgement is strictly speaking not necessary, but it may be desirable as it enriches the other tamper-protected semiconductor module's (meta) knowledge about the transaction. The other tamper- protected semiconductor module could, based on the reception of the third acknowledgement message, prove the tamper-protected semiconductor module from which the third acknowledgement has been received has successfully terminated the off-line transaction protocol (without interruption).

1.4.2.6 Summary of the Meaning of Time

Dealing with certificates always raises the question of a trustable time (source). Knowing the correct date & time is a basic need to decide about the validity of any certificate. This puts a focus on the demand for an authentic and trustable date & time as formative parameter for a just-in-time validation decision during any transaction operation for every CASTOR (or eWallet).

Due to reasons like an uncertain period of current-flow-free shelf-life, every CASTOR/e Wallet starts its live cycle without knowing the correct system time. This means that an CASTOR/e Wallet should be able to assure that it is obtaining a correct system time, which may be for example realized by the CASTOR/e Wallet contacting an authority with the official reference date & time (see also chapter: "Reliable Date & Time under Assumption of at least one unaltered partner eWallet"). For example, this contact for time synchronization could be realized through the Internet. When operating the CASTOR/eWallet in a PKI-Infrastructure, the Root Certificate Authority (RCA) and Certificate Authoritys (CAs) may be candidates to release and distribute such a reliable date & time information. In the transcaction system for electronic tokens, the eMint authorities could additionally or exclusively responsible for releasing and distributing such reliable date & time information. The distribution of the time reference to the CASTOR/e Wallets may use the global UTC-worldtime format and could for example be realized by the "Network Time Protocol" (NTP), (see Mills et al., "Network Time Protocol Version 4: Protocol and Algorithms Specification", IETF RFC 5095, 2010, available at http://www.ietf.org). In principle, also other time formats and/or distribution mechanisms could be used. Specifically, as will be outlined below, when using the the transcaction system for electronic tokens (teleportation protocol) described herein, the availability of a official reference date & time is important, but its falsification due to an attack does not provide real advantages to the attacker. Optionally, a protocol for the distribution of the official reference date & time could also include cryptographic extensions/mechansisms to secure information against unintentional or aimed changes, so that the source authenticity can be proved and the resistence against manipulations is enhanced. For example, the NTP protocol of RFC 5905 could be extended by adding such cryptographic extensions.

1.4.3 Summary of Functionality & Design of the Tamper-Protected Hardware

Another aspect of the invention is the provision of tamper-protected hardware to be used in the transaction system described herein. In this respect, aspects of the invention focus on the functionality of the tamper-protected hardware (as for example provided by its firmware), and on the design of the tamper-protected hardware so as to avoid misuse of the tamper-protected hardware and its transaction system. It will become apparent from the following that there also often is synergy between functionality and design concepts, which, in combination, improve the robustness of the transaction system. Furthermore, it should be noted that the different designs improve the tamper-resistance on the chip level and/or on the semiconductor module level and so far on the device level. The tamper- protected hardware can be for example realized as de scribed in the PCT application PCT/EP201 1/001219 by the same applicant or as described in the PCT application with the title "Tamper-Protected Hardware and Methods for using same" filed by the same applicant on 12.03.2012. However, also other designs of tamper-protected hardware can be used that is capable of providing the desired functionality of the transaction system described herein.

As to the functionality of the tamper-protected hardware, same may be inter alia responsible for executing the off-line transaction protocol according to one of the various embodiments described herein in a tamper-protected environment, which is one important security aspect of the system. Optionally, also the error handling of the off-line transaction protocol (for termination in case of an interruption prior to a successful ending of the protocol-run as foreseen by the off-line transaction protocol) and/or the compensation procedure for dispute resolution may be functionality provided by the tamper-protected semiconductor module. The respective functionality may be provided by the firmware (e.g. by means of TRUSTLET(s) - see PCT/EP2011/001219) or may be provided in some dedicated hardware of the tamper-protected hardware.

A tamper-protected hardware module (as part of a tamper-protected semiconductor module) could be for example a tamper-protected die or provided as a tamper-protected IC. The tamper-protected IC may be for example implemented as a tamper-protected die or multi-die having a tamper-protected enclosure as will be outlined below in more detail.

Furthermore, for enabling communication between the two tamper-protected semiconductor modules via a peer-to-peer link, some communication interface needs to be accessible and usable by a tamper- protected semiconductor module. Depending on the implementation, a tamper-protected semiconductor module may be provided with one or more wired and/or wireless communication interfaces directly, or one or more wired and/or wireless communication interfaces may be implemented internally in the device housing or externally to the device housing accessible to the tamper-protected semiconductor module via an (internal and/or external) I/O-interface (I/O-port) thereof. For example, the tamper-protected semiconductor module and the communication interface(s) could be provided in a host device, which could be - depending on the application - a PDA, mobile (smart) phone, or other portable device, a cash system provided at a Point of Sale, Access Control System (e .g. in a subway, in an airport, at train state, in an aircraft, fair ground, sports stadium, cinema, etc.), just to name a few.

A device comprising a tamper-protected semiconductor module could thus be provided with one or more wired and/or wireless interfaces and the tamper-protected semiconductor module of the device enabled to perform the off-line transaction protocol via wired and/or wireless peer-to-peer link utilizing one of the device's wired and/or wireless interfaces. The wireless interfaces could include at least one of a Radio Frequency IDentification (RFID) interface, a Near Field Communication interface (NFC), a Bluetooth interface (BTI), a WLAN interface (IEEE 802.1 1), a WiMAX interface (IEEE 802.16), a WIDI, WirelessHD or WiHD interface, a Wireless Gigabit Alliance (WiGig) interface, a Wireless Home Digital Interface (WHDI), a Wireless USB interface, and a mobile communications interface according to a 3GPP or 3GPP2 standard. The wired interfaces could for example include at least one choice of either an USB interface, an Ethernet interface (IEEE 802.3), a PanelLink interface, a DisplayPort interface, a SATA interface, a Light Peak interface, a Thunderbold interface, a HomePlug interface, a PowerLAN interface, a Powerline Communication (PLC) interface (IEEE 1901) and a Fire Wire interface (IEEE 1394).

Generally, one could also consider combining tamper-protected semiconductor modules with additional hardware elements, such as memory (volatile memory and/or non-volatile memory), communication interface(s), etc. within the same die and/or another enclosure, e.g. a separate shared housing, which may be referred to as an electronic wallet (eWallet) or as single IC. This electronic wallet may then in turn be integrated into the respective devices.

1.4.4 Exemplary Off-line Transaction Protocol for an eCash System

As indicated above, one aspect of the invention is the provision of an off-line transaction protocol that is capable of transferring electronic tokens (of arbitrary contents) between two tamper-protected semiconductor modules, which may be for example part of respective peer-devices. The parties of the transaction, respectively the tamper-protected semiconductor modules or devices they use respectively, will be referred to as "Alice" and "Bob". The off-line transaction protocol controls the exchange of protocol messages between the two tamper-protected semiconductor modules, which includes messages for transferring electronic tokens between the two tamper-protected semiconductor modules via a peer-to-peer link. The off-line transaction protocol further is a delayed-true fair protocol. In case of an interruption of the off-line transaction protocol, each tamper-protected semiconductor module can autonomously terminate the off-line transaction protocol in either a fair state in which the transfer of the electronic tokens is either successfully completed or the initial state prior to starting the transaction is, o r in an unfair state for the respective tamper-protected semiconductor module in which one or more electronic tokens is/are irrevocably lost at the respective tamper-protected semiconductor module.

As will become more apparent from the example off-line transaction protocol discussed below in the following sections, the states in which the protocol ends "fair" are the states denoted by IDs O la, 02a, 03a, 04a, 05a, 06a, 11a and 12a shown in Figure 14, and IDs 01b, 02b, 03b, 04b, 05b, 10b and l ib shown in Figure 15. The states in which the protocol terminates in an unfair state for the respective tamper-protected semiconductor module in which one or more electronic tokens is/are irrevocably lost at the respective tamper-protected semiconductor module are the states denoted the with IDs 07a, 08a, 09a and 10a shown in Figure 14, and IDs 06b, 07b, 08b and 09b shown in Figure 15.

From an abstract point of view, the off-line transaction protocol goes through a "phase-change" transition during its run:

- The off-line transaction protocol starts collecting information about the deal Alice and Bob want to negotiate. Either initial assumption about the deal state is "no deal". Then - during the protocol-run - both parties "learn" about each other more and more by adding non-repudiation objects to their local deal basket. If the off-line transfer protocol fails in this phase, the protocol terminates in one of the states referenced within the case IDs Ola, 02a, 03a, 04a, 05a or 06a as shown in Figure 14, or IDs 01b, 02b, 03b, 04b or 05b as shown in Figure 15.

- Starting with ID 07a (see Figure 14) and ID 06b (see Figure 15), the off-line transaction protocol enters a position where a failure results into an immediate termination (both parties "no deal") of the off-line transaction protocol with the "price" in which one or more electronic token(s) is/are irrevocably lost at the respective tamper-protected semiconductor module (in case ID 07a for Alice and in case ID 06b for Bob).

- The cases with the IDs 08a, 09a, 10a (as shown in Figure 14) and IDs 07b, 08b 09b (as shown in Figure 15) can result into a so called "weak deal" as mentioned and explained in detail later for one or even both transacting entities.

- The successful cases as represented with the IDs 1 la, 12a (as shown in Figure 14) and IDs 10b, 1 lb (as shown in Figure 15) transfer both parties Alice and Bob into a successful "deal" state.

In the following passages exemplary embodiments of the invention will be described that provide an overview of the off-line transaction protocol for use in an eCash system and the format and contents of the messages exchanged at a protocol-run of the off-line transaction protocol. In this example, the electronic tokens can be considered to represent eCoins, i.e. an electronic representation of coins and bank notes. It should be noted that the off-line transaction protocol discussed below with respect to an eCash system is not limited to such use, as indicated previously. The off-line transaction protocol described below may be used for transferring electronic tokens in general, not just eCoins. 1.4.4.1 Protocol Definitions

The wording of basic notation and the off-line transaction protocol discussed is following below symbology and notations, optimized for the eCoin exchange, but not limited to such application.

Symbol Interpretation

A Principal 'Alice', the protocol message originator.

B Principal 'Bob', the protocol message recipient.

TTP Principal 'TTP'. This can for example be the issuing authority of the

(Trusted Third electronic tokens (i.e. the so-called eMint of the eCoins in the eCash

Party) system)

NodelD(X) Uniquely distinguished physical node identity of entity 'X'. The physical node identity may identify a peer-device 'X' containing a tamper-protected semiconductor module (only) in the Pairing Phase during possible out-band negotiations (e.g. using RFIDs/NFCs). Should be 128-bit sized.

NetlD(X) Uniquely distinguishing logical network identity of entity 'X'. This may for example be a network header-based ID addressing for in-band network operations, i.e. the same channel can be used for pairing and the subsequent protocol steps. Should be 128-bit sized.

TID X Transaction identification 'TID X ' (not necessarily globally unique) used

between Alice and Bob to maintain context between them. 'X' is the issuing principal. The TID may be a 32-bit unsigned integer.

TSID Transaction and session identification, a n-bit nonce (e.g. at least 32-bit) valid for a single protocol-run only. The TSID may for example be obtained by the following exemplary concatenation:

'TSID = X((TID A xor TID B ) || DTC A || DTC B || NetlD(A) || NetlD(B) || NodelD(A) NodelD(B))'.

H(m) Hash 'Η' based on a collision & 2 nd pre-image resistant one-way iterated cryptographic function of 'm' .

C(m) Hash 'C based on a collision and 2 nd pre-image resistant symmetric block cipher function of 'm'.

X(m) e {H(m), Denotes either keyed HMAC 'H(m)' (e.g. HMAC-SHA-512) or block C(m)} cipher CMAC 'C(m)' (e.g. CMAC-AES-256) of the message 'm'. s x := {X(m)} K 's x ' is a digital signature of data (message) 'm' . 'K' is a private key, 'X' is the principal. The result of signature verification is TRUE, if the signature is valid and FALSE otherwise.

DTC X Date Time Code used to find outdated elements. 'X' is the principal.

TimeStamp x Time measurement for current transmission channel properties of party 'X'.

TimeStamp x is for example 32-bit in size (UTC at start plus increment since then).

A B:m Principal 'Alice' transmits message 'm' to 'Bob' (no guarantee of delivery).

A «- B:m Principal 'Alice' fetches message 'm' from 'Bob' (no guarantee of receipt). mi II m 2 Concatenation of items 'mi' and 'm 2 ' in that order.

M When 'x' is a set, then denotes the number of elements of 'x' else

Round(log 2 (x) + 0,5).

|m| The bit length of the message 'm' . xor or Θ Bitwise logical 'exclusive-or' . rand() True physical random generator, usable for cryptographic purposes.

{Msg.Elem.} This is an optional message element, can be omitted in case of no need, e.g.

the change secret or for the viral inducted spreading of updates (CRL et al.).

Ψ Unsigned integer nonce 'ψ' generated by the rand function. Should be 32- bit sized or greater.

SALT x Nonce 'SALT X ' used in the generation process of the premaster-secret. 'X' is the principal. Should be 32-byte sized or greater.

#(x) Variable 'x' is generated afresh.

A(x) Restrict the validity of the variable 'x' in time being usable only temporary.

/App,Phase,Cmd,Count A flag indicating the purpose of a message using specific construction

logic.

App Bit pattern identifier serving as Start-of-Message delimiter for the protocol.

For example, 96-bit sized. For messages [01-04] : could be defined as App := 'Tb II Ver || Rev' Tb (Teleportation Identifier to flag the first four messages, For example, 64-bit sized.

Beam)

Ver Version number of the off-line transfer protocol. For example, 16-bit sized.

Rev Revision number of the off-line transfer protocol. For example, 16-bit sized.

Phase Protocol phase stage (Pairing, VPN/VPC, Exchange, Commit). For

example, 8-bit sized.

Cmd Protocol message type (Req, ACK, Value, Info). For example, 8-bit sized.

Count Number of protocol phase stage message (1, ... , 255). For example, 16-bit sized.

Table 2: Symbols usee in an Off-line Transaction Protocol for an eCash System and their meaning.

It is defined and assumed for exemplary purposes only that

- Alice is always the off-line transaction protocol initiator and that Bob is always the off-line transaction protocol responder.

- Alice can be the source or the sink of the main secret (or value). Bob is than acting in the opposite role, the sink or the source for the main secret (or value), respectively.

- The change secret (or value) is always supplied by the party acting in the role of the sink of the main secret (or value).

- In case of an eCoin system, the party acting in the role of the source of the main secret (or value) is denoted to be a payer. The other entity in the role of the source of the change secret (or value) is denoted to be a payee, respectively.

Complex objects exchanged or referenced by the exemplary off-line transaction protocol are listed and explained in the Table 3 below.

Object Description

CASTOR Tamper-protected semiconductor module as a tamper-protected encasement guarding secrets. CASTOR is short for CAsk for Storage and Transport Of access Restricted value data.

Cert x [Type-VI] .obj X.509 version 3 inspired PKI certificate for the trusted CASTOR product

(i.e. tamper-protected semiconductor module).

Cert x [Type-I/II] .obj X.509 version 3 inspired PKI certificate for system users, can be

anonymously or identified granted and applied.

CFV X Calculated effective Capability-Flag-Vector for crypto-regulations and/or coordinating user presets. eDoc[I].obj 1 st incarnation (initial) of the eDoc container object, carrying meta data. eDoc[II].obj 2 nd incarnation (main) of the eDoc container object, carrying meta data. eDoc[III].obj 3 rd incarnation (completed) of the eDoc container object, carrying meta data.

∑Token[ Secrets] .obj All token-based secrets (main/change) are concatenated to a single object.

Ctrl[Challenge] .obj 1 st Ctrl object for a viral -distribution carrier of updateable system

information.

Ctrl[Response_l] .obj 2 nd Ctrl object for a viral -distribution carrier of updateable system

information.

Ctrl[Response_2] .obj 3 rd Ctrl object for a viral-distribution carrier of updateable system

information.

Ticket[ACKl] .obj Confirmation and acknowledge message for the receipt of the value transfer.

Ticket[ACK2] .obj Confirmation and acknowledge message for the ACK1 -ticket.

Ticket[ACK3].obj Optional confirmation and acknowledge message for the ACK2-ticket.

Table 3: Objects exchanged or referenced by the exemplary teleportation protocol and their meaning.

1.4.4.2 Protocol Cases

As will be outlined below once again the protocol may have two different protocol cases, depending on whether Alice or Bob is acting as the payer (being the electronic token source providing the "main secret" of the transaction) and who is the payee (being the electronic token sink receiving the "main secret" of the transaction and optionally providing their "change secret") in combination of being the protocol initiator or responder.

Please note, the electronic token source and electronic token sink is defined by the electronic token's value: A "main secret" should be of comparatively of greater value than the change secret in the eCash system, or in other words, the monetary value of the eCoins to be provided from the electronic token source is higher than the monetary value of the change eCoins to be provided by the electronic token sink.

In protocol case [a], Alice sends the electronic tokens (eCoins) in her role as payer while Bob receives the electronic tokens in his role as payee. The first message after the establishment of the VPN/VPC in the Negotiation Phase can be used for a protocol flow inversion passing the initiative over to Bob. It is possible to reduce the electronic token exchange only to transfer of electronic tokens from Alice to Bob, without any "change electronic token" in return. Please note, even if there is no "change electronic token" returned by Bob, Bob provides an electronic receipt (eReceipt) as acquittance for the transfer of the electronic token(s) (i.e. the payment in the eCash context) to Alice. Figure 5 shows the message flow of the Electronic Token Transfer Phase (Value Data Transfer Phase) and the Acknowledgement Phase (Confirmation Phase) of the exemplary off-line transaction protocol for the protocol case [a] .

In protocol case [b], Bob is the payer and Alice receives the electronic tokens in her role as payee. The rest of the protocol-execution is again identical to the first sub case [a], exchanging the position of Alice and Bob. Figure 6 shows the message flow of the Electronic Token Transfer Phase (Value Data Transfer Phase) and the Acknowledgement Phase (Confirmation Phase) of the exemplary off-line transaction protocol for the protocol case [b].

It is assumed for exemplary purposes, Alice is always in the role of a protocol initiator and Bob dedicated to the role of a responder. If the opposite is needed, the roles between Alice and Bob are simply reversed. The adaptation to the electronic token source role (secret source) or electronic token sink role (secret sink) introduces slight changes to the protocol: In protocol case [a] Alice is the source of the "main secret" (payer), which reverses - see Figure 5 - to the electronic token sink role (payee) in case [b] - see Figure 6.

1.4.4.3 Message Format of the Transaction Protocol Messages

In an exemplary embodiment of the invention, each transaction protocol message of the off-line transaction protocol comprises a header wherein the header indicates (and differentiates) the application of the off-line transaction protocol (from other applications) and contains also a bit pattern identifier for "start-of-message" delimiter purposes. The header further may identify for example at least one of the contents of the respective transaction protocol message, the phase of the off-line transaction protocol to which the respective message belongs, and the respective transaction protocol message in the predetermined sequence of messages of the off-line transaction protocol.

Optionally, the header could further identify the version of the off-line transaction protocol executed by the respective tamper-protected semiconductor modules, and the tamper-protected semiconductor modules agree on a compatible off-line transaction protocol version based on the indicated version in the header. This may be useful for example if there are different versions of the off-line transaction protocol provided in the transaction systems, where newer protocol versions may be designed backward compatible to earlier versions. In case the version of the off-line transaction protocol running at the respective tamper-protected semiconductor module is identified by the message headers, the two tamper-protected semiconductor modules performing the transaction can conclude on a protocol version executable by both tamper-protected semiconductor modules to enable the transaction. Further advantageous features of the message formats of the respective transaction protocol messages will become more apparent from the more detailed description below.

1.4.4.4 Design of the Off-line Transaction Protocol

As shown in Figure 4, and has also been indicated in the protocol summary above, the exemplary off- line transaction protocol may be divided into five phases, arranged in top-down order, following an ascending timeline of interactions for the payer (i.e. first CASTOR/tamper-protected semiconductor module) and the payee (i.e. second CASTOR/tamper-protected semiconductor module). A general survey of the protocol steps of the CASTORs involved in the transaction depending on being an initiator or a responder, in combination with spending or receiving eCoins (or in more general, transmitting or receiving electronic tokens) is presented in Figure 4: The message flow relates to the case, where the initiator of the protocol is the payer (protocol case [a]).

In this protocol case [a], Alice starts the Pairing Phase by transmitting an invitation request to Bob (e.g. message [01], as discussed below), so Alice can be regarded as the initiator of the transaction. Please note that the names Alice and Bob are only used for exemplary purposes and do indeed denote two users, respectively, their respective tamper-protected semiconductor module executing the off-line transaction protocol. If Bob answers Alice's invitation request with the correct response (e.g. message [02], as discussed below), both tamper-protected semiconductor modules are paired for an off-line transaction protocol-run.

Following the Pairing Phase, Alice and Bob exchange two messages (e.g. messages [03] and [04], as discussed below) in the VPN/VPC Setup Phase displayed in Figure 4 (or the Secure Connection Establishment Phase). If these two messages are exchanged successfully, an application-based VPN/VPC will be established and activated to transport every protocol communication beginning with the next message until the last message (in a protected form).

Please note that Figure 4 only shows the simplified transaction workflow which is limited to the executing of the off-line transaction protocol. Figure 4 shows the message flow for the initiator on the left and for the responder on the right. As a first action for the transaction - and not shown in Figure 4

- it may be assumed that the originator (Alice) collects all information needed to conduct the transaction and thus pushing the off-line transaction protocol for transferring the electronic tokens.

This collection of information on the transaction is done before entering the Pairing Phase. Consequently the recipient (Bob) has to provide all requisite information for the transaction including his authorization of the transaction before the Pairing Phase of the off-line transaction protocol can be acknowledged. It is possible to make this anticipatory available.

This pre-negotiation of the transaction in advance of the actual transfer of the electronic tokens subject to the transaction by means of the off-line transaction protocol may be performed in various fashions. Upon the two parties to the transaction having exchanged all necessary information for the transaction and have authorized same, the relevant information of the transaction may be provided to the CASTOR / eWallet (i.e. the tamper-protected semiconductor module) via an I/O-port thereof and the execution run of the off-line transaction protocol is triggered.

Following this application-based VPN/VPC Alice and Bob enter the Negotiation Phase . The Negotiation Phase is inter alia used to negotiate the transaction, e.g. the electronic tokens to be exchanged. For example, in the eCash context, this phase of the off-line transaction protocol is used to allow Alice and Bob to determine the denomination of eCoins and change eCoins (please note that the eCoins are atomic), that need to be exchanged to fulfill the receivable of the transaction.

The Negotiation Phase may not necessarily negotiate the receivable of the transaction itself. This may be done beforehand, i.e. before executing the off-line transaction protocol, as outlined above. Rather the Negotiation Phase is used to negotiate how the receivable of the transaction is transferred between the two tamper-protected semiconductor modules. The Negotiation Phase may be further used to exchange the user certificates of Alice and Bob and/or to negotiate the ability to conduct the transfer of the electronic tokens between Alice and Bob using the Capability Flag Vectors (CFVs) as will be outlined below in further detail.

As indicated in Figure 4, Figure 5 and Figure 6, the negotiation of the transaction details may use a special container format, the so-called eDoc already mentioned earlier herein. Basically, the eDoc defines a flexible container format to exchange the necessary information (e.g. CFVs, denomination of eCoins and change eCoins, etc.) for allowing the CASTORs of Alice and Bob to conclude on how to conduct the electronic token transfer. In one exemplary embodiment, the Negotiation Phase exchanges the messages [05] and [06] which may be slightly different for protocol cases [a] and [b] as will be outlined below and as indicated in Figure 5 and Figure 6.

Once the CASTORs of Alice and Bob could successfully agree on how to conduct the actual transfer of the electronic tokens (eCoins), they enter the so-called Electronic Token Transfer Phase (Value Data Transfer Phase) in which the electronic tokens agreed on in the Negotiation Phase are exchanged. As indicated in Figure 4, Alice and Bob may also process the respective received electronic tokens (eCoins), for example to confirm that the correct denomination of electronic tokens agreed has been transferred, to confirm that the transferred electronic tokens have the correct identifying descriptor item and/or to confirm that the transferred electronic tokens have not been revoked or are not expired yet. As further indicated in Figure 4, Figure 5 and Figure 6, the eDoc is continuously updated to document the state of the transaction and is exchanged by Alice and Bob (on a ping-pong base). The two messages for exchanging the electronic tokens (i.e. the eCoins of payer and the optional change eCoins of the payee) may be implemented as exemplified by messages [07] and [08] the contents of which may again depend on the protocol case as shown in Figure 5 and Figure 6.

After having transferred the electronic tokens (eCoins), the off-line transaction protocol enters into the Acknowledgement Phase (Confirmation Phase) in which Alice and Bob confirm the successful transfer of the electronic tokens/receipt of messages by sending acknowledgements. In the exemplary embodiments shown in Figure 4, Figure 5 and Figure 6, three acknowledgment messages are exchanged between Alice and Bob . These acknowledgment messages may be for example implemented as messages [09], [10], and [11] discussed below.

In the following the individual five phases of the exemplary off-line transaction protocol will be described in further details. Please also note, in the following it is assumed in one exemplary embodiment of the invention that (successful) reception of a message does not only mean, the party receiving the message has received the message through the communication channel successfully, but also that the message passed an integrity check successfully. This message's integrity check may for example include checking for the correct setting of the message type flag, the correct setting of the running message counter Ψ, and the correct TSID in the message. Furthermore, where signatures or certificates are involved, e.g. when signing (complete) messages or message objects (e.g. eCoins, eDoc sections, etc.) the integrity check may further include a verification of the signature's and certificate's validity respectively. The validation of certificates may also include checking them against a Certificate Revocation List.

If the integrity check is not successful, the respective party may for example cause a fail-stop of the off-line transaction protocol, i.e. it does not send any further message so the respective other party will also time out and interrupt the off-line transaction protocol-run, too.

1.4.4.5 Pairing Phase In general, the Pairing Phase may be considered a procedure where two mutual unknown and idle peers (CASTORs) indicate their pairing-requests (i.e. messages [01] and [02]) by mutually exchanging their CASTOR root certificates (also known as RCA certificates or Type-VI certificates) in combination with their node-ID (e.g. from the transceiving node interface used to exchange (only) the pairing messages; could be a MAC address used on the network interface, a Mobile Directory Number (MDN) etc.) and network-IDs (e.g. an IP address) with an Evidence of Origin (EoO) proof done by adding a signature s A and s B to all unencrypted messages sent. This signature prevents a possibly successful Man-In-The-Middle-Attack (MITMA). All signatures and certificates are protected by an architecture inspired by PKI X.509, version 3. The CASTOR certificates are also referred to as Type- VI certificates, RCA certificate or CASTOR root certificate, and an exemplary implementation thereof will be described below in further detail.

Additionally, the CASTORs may further exchange their timestamps and a SALT for a logical time bind of the protocol-run in combination of a unique transaction session ID (build from both SALTed TIDs). The timestamps at the end of messages [01] to [04] are used to gather statistical information about channel throughput. Furthermore, messages [01] and [02] comprise the CFV A and CFV B objects of Alice and Bob, respectively. These are the effective Capability-Flag-Vectors mutual exchanged, and are used at the respective other CASTOR to calculate the greatest common regulated crypto- strength allowed by both CASTORs for the installation of the VPN/VPC in the subsequent VPN/VPC Setup Phase.

Using her CASTOR, Alice starts this process to enter the payment transaction by collecting and selecting all necessary information. Then her CASTOR tries to connect to the targeted CASTOR of Bob by using available kinds of contactless mobile models like the remote or the proximity mobile payment communication methods (e.g. RFID/NFC, WLAN, etc.) or wired non-portable infrastructure model based methods (e.g. Ethernet, Powerline, etc.). In more detail, Alice sends the first "invitation" message [01] marked with the flag '/Ap P ,Pairing,Req,i \ indicating her intention to pair the two CASTORs followed by a the CASTOR root certificate of her CASTOR and her effective Capability-Flag -Vector CFV A . Alice's CASTOR root certificate (Cert A [Type-VI] .obj) certifies the identity of her product platform (e.g. an CASTOR or the eWallet comprising the CASTOR). If her product platform is found being involved in inappropriate activities, same product platform's certificate will be entered in a blacklist (Certificate Revocation List, CRL) maintained by the TTP (RCA). The CRL may be distributed in the eCash system by passing on system update information (as will be described below in further detail - see section "Negotiation Phase").

Accordingly, Bob may check whether Alice's CASTOR root certificate is blacklisted and, if yes, may interrupt the off-line transaction protocol immediately. In an alternative implementation, Bob may proceed running the off-line transaction protocol, until he is able to provide Alice with the CRL blacklisting Alice's CASTOR root certificate as part of the system object update and may then interrupt the off-line transaction protocol.

The CFV A may be a calculated parameter needed to handle worldwide region-depending crypto- regulations. This allows support and enforcement of different local legislation in case of cross-border connections by setting the connecting VPN/VPC 's cryptographic strength to the highest common denominator. Please note, it may also be possible to inhibit VPN/VPC protection for the exchange of the transaction protocol messages, e.g. by the creation of a special CFV Party set in the user certificates of Alice and Bob. Irrespective of whether a VPN/VPC protection is used, it may be possible to protect the electronic tokens (eCoins), respectively; the transfer may use a separate cryptographic protection method: All electronic tokens to be transferred may be encrypted prior to their inclusion to the respective transaction protocol message transferring same.

Within the initial pairing message [01] two identifiers indicate Alice's (her CASTOR's) (physical) identity:

The NodelD address refers to the physical part of a network-addressing scheme. It can be the Ethernet-MAC address taken from Alice transceiver on her Network Interface Card (NIC) of the device housing of the CASTOR, her physical Bluetooth ID, or even a Mobile Directory Number (MDN) and

the NetID address referring a statically or dynamically assigned IP/DNS network address. This information is sufficient for a simple Point-to -Point (P2P) association during this early transaction phase. An in-depth user-certification-based pairing may be implemented later in the VPN/VPC-protected transaction part. Table 4 exemplifies the initial pairing message [01] sent by Alice.

Table 4: Pairing step 1.

Bob answers Alice's pairing message [01] with the pairing acknowledge message [02], which is indicated by the flag '/Ap P ,Pairing,ACK,2 ' as shown in Table 5 below and Bob approves the pairing request (reasons for not approving may be implementation and policy dependent). The structure of this message is similar to the previous one. The signature 's B ' servers again as EoO proof to prevent MITMA. Table 5 exemplifies the pairing message [02] returned by Bob to Alice.

Table 5: Pairing step 2. After Alice's platform has successfully received message two, and if Bob's CASTOR root certificate is not blacklisted in the CRL pool, both entities are capable

to mutually verify their tamper-protected semiconductor modules (CASTORs) by providing a proof of authenticity,

- to detect any MITMA until the end of the protocol,

to adapt to local crypto laws and regulations.

If Bob's CASTOR root certificate is blacklisted, Alice's CASTOR may interrupt the off-line transaction protocol's run immediately. In an alternative implementation, Alice may proceed with the off-line transaction protocol until she has provided the CRL that is blacklisting Bob's CASTOR root certificate to Bob's CASTOR as part of the system object update, and may then interrupt the off-line transaction protocol.

If the Pairing Phase is successful, initiator Alice and responder Bob are mutually connected and trust each other's CASTOR. If a CASTOR has been successfully paired and is thus connected to another CASTOR, the already connected CASTORs may ignore any further pairing request during the current run of the off-line transaction protocol.

The exemplary pairing-mechanism described above allows two CASTORs to enter an out-of-band pairing process e.g. introduced by RFIDs/NFCs before they switch connection over to an in-band communication to improve range and bandwidth. In other words, pairing of two CASTORs (respectively their housing eWallets/de vices) may be done using one communication technology (e.g. RFID/NFC) while the exchange of all transaction protocol messages following the Pairing Phase may be established using an different communication technology (e.g. WLAN, Bluetooth, etc.).

Additionally, the indication of two IDs (NodelD and NetID) in the pairing messages may be used to prevent from the vast majority of spoofing attacks during connection requests. DTC A contains the current date and time for the generation of message [01] and can thus be used to prevent replay attacks. Further, the freshly generated unique transaction session identifier TID A can be used later as a premaster-secret in the session key generation algorithm. It may also be used to compute the transaction session identification number TSID in the common secrets exchange step.

The last element in this message [01] can be considered to provide an EoO proof. By adding the signature s A over all unencrypted message elements of message [01] by Alice, a protective measure to prevent a Man-In-The-Middle-Attack (MITMA) is provided. This signature is constructed using a cryptographic hash 'X' in combination with the private signing key part 'K S: C A S T O R :S UDI,PIV ' of Alice's CASTOR. This fresh generated signature allows Bob's CASTOR to verify, that this message is really sent from Alice's CASTOR. Figure 7 exemplifies the Pairing Phase distingusihing between actions to be taken by Alice and Bob (the users), their CASTORs (e Wallets), and their NetNodes (i.e. the devices housing the CASTORs of Alice and Bob):

1. Alice collects all information to conduct a payment and initiates it. All of this information is transferred to the CASTOR of Alice ahead of the teleportation protocol invocation to prepare the execution of the off-line transaction protocol. In one exemplary implementation, the information collected by Alice includes at least one of NodelD(B) and NetlD(B) so that the CASTOR can autonomously contact the CASTOR of Bob and forward the receivable of the transaction (i.e. the amount of money to be payable by Alice for protocol case [a], respectively Bob for protocol case [b]).

2. Alice's CASTOR receives all information and uses (a part of) it to create a pairing request message [01] .

3. The pairing request message [01] is transferred through a network to the target's NetNode (i.e. the device of Bob housing the CASTOR (eWallet)). Please note that proper routing of the pairing request message [01] to Bob may be based on the available information, e.g. in case at least one of NodelD(B) and NetlD(B) is known to Alice.

4. Bob's CASTOR (eWallet) receives and processes the pairing request message [01] . This may for example include checking Alice's CASTOR root certificate against a blacklist of revoked CASTOR root certificates.

5. The target CASTOR of Bob requests Bob (e.g. using a display and input means) to authorize the transaction and waits for an authorization or timeout. It is possible for Bob to pre-authorize transactions (according to user-specific rules) - see enumeration point 6 below.

6. If Bob accepts the pairing request by Alice (respectively, the transaction), Bob supplies further required data for the transaction (if any) and his authorization of the payment. Please note that it may be possible to automate the authorization for certain applications (steps 5 and 6), respectively for pre-defined CASTORs: For example, it may be possible to configure a CASTOR to accept by default transaction requests of one or more pre-determined CASTORs (e.g. identified by means of their CASTOR root certificate) without interacting with the user, i.e. can pre-authorize transactions for certain applications (e.g. daily usage of public transportation) and/or CASTORs (e.g. known PoS). The user may for example be also allowed to set limits to the maximum amount of money transferred (per time frame) to achieve some control on the amount of eCoins transferred (e.g. a user could pre-authorize the CASTOR of the local underground transport system to charge a fare for transportation up to a specific amount of money per time period (day/week/month)) . 7. Bob's CASTOR replies sending a pairing message [02] to the CASTOR of Alice (which may contain additional data for the transaction and an (implicit) authorization of the transaction).

8. The pairing message [02] is transferred through the network to Alice's NetNode.

9. Alice's CASTOR receives and processes the pairing message [02]. If successful, the connection between Alice and Bob is established. Please note, strictly speaking the next message [03] allows

Bob to confirm pairing has been successful.

The presented pairing mechanism is an example of how to connect and bind two CASTORs for a single off-line transaction protocol's run. There are in principle many (unlimited) ways to perform the pairing of the CASTORs, and the invention is not limited to the presented pairing mechanism. The pairing mechanism above is advantageous as it offers the technical edge of being effective (just two messages) and secure (exchange of a certificate in combination with signed - and later possibly encrypted - messages) while ruling out MITMAs.

It should be noted, the exemplary implementation of the Pairing Phase as discussed above is not limited to the use of the off-line transaction protocol in an eCash system, however the off-line transaction protocol's Pairing Phase is usable in any application.

1.4.4.6 Secure Connection Establishment Phase (also: VPN /VP C Setup)

The purpose of the optional VPN/VPC Setup Phase is to establish an application based bidirectional VPN/VPC between Alice and Bob allowing them to communicate securely, where third parties (MITMA) are not able to intercept and decode messages exchanged between them. Protocol messages sent via the VPC/VPN are encrypted and/or signed by the CASTOR sending the protocol message by means of session keys, the generation of which is based on the information exchanged in the VPN/VPC Setup Phase.

Alice assembles message [03] by starting with the '/ APP ,vPN,Req ,3 ' flag, indicating the VPN/VPC setup request, followed by a transaction session ID 'TSID'.

Using the rand function Alice creates a fresh ping-pong running message counter 'ψ' . The running message counter 'ψ' is used to identify the correct order of all subsequent messages belonging to this off-line transaction protocol's run. The running message counter 'ψ' is incremented (modulo 2 2 -l, according to the 32 bit size) with every message exchanged between the two peers during the protocol's run. The use of the running message counter 'ψ' may be regarded as another measure to prevent replay attacks.

Alice's public key part 'K QC -C A S T O R ' of the freshly generated ephemeral key-pair is added to the VPN/VPC setup message [03] . The freshly generated 'SALT A ' object is used as part of the premaster secret to generate keying material needed for the secure channel between Alice and Bob. The ephemeral key-pairs, the static key-pairs, and the 'SALT A ' object are used by Alice and Bob to generate the session keys for the VPC/VPN. A imeStamp A ' identifies the moment of starting the signature generation of this message. The freshly computed signature s A is also added to the payload of VPN/VPC setup message [03] . Table 6 below shows an exemplary implementation of VPN/VPC setup message [03].

Table 6: VPN/VPC setup step 1.

Bob completes the pairing by creating a VPN/VPC acknowledge message [04], which is essentially similar to message [03] from Alice. Table 7 shows an exemplary implementation of a VPN/VPC acknowledge-message [04] . Please note, Bob's ephemeral key-pair, his static key-pair, and 'SALT B ' object are used by Alice and Bob to generate the session keys for the VPC/VPN.

Msg. Transfer Elements Comments

Flag indication "VPN/VPC

/App,VPN,ACK,4 acknowledge".

Transaction Session ID, e.g. 32-bit,

TSID TSID := TID A Θ TID B .

Ping-pong running-message-number, incremented here.

B A Bob's public key part of ephemeral

04

[in clear] #(KQe:CASTOR) key-pair, e.g. max. 572*2-bit.

Nonce, used in the premaster secret,

#(SALT B )

e.g. 32*8 byte.

Identifying the moment of signature

Time Stamps

generation, e.g. 32-bit.

Signature of Hash(Msg. 04) for all

S B := A({X(Msg. 04)}K S:C ASTOR:SUDI,prv)

elements, except 's B '. Table 7: VPN/VPC setup step 2.

With the exchange of messages [03] and [04], the session key generation algorithm will be able to generate all secret session keys needed to establish the VPN/VPC. The introduction of timestamps enables the tamper-protected semiconductor module (e Wallet) to make an (implicit) realistic assumption of the channel throughput. After Alice has successfully received message [04] from Bob, both parties obtain

the corresponding party's public static PK DLC key part within the corresponding party's CASTOR root certificate (Type-VI),

the other party's freshly generated public ephemeral DLC key part (K Qe CASTO R),

- the ability to generate the secret VPN/VPC session keys, as outlined below.

Both parties are now able to

process the key agreement scheme,

generate the shared secrets (cryptographic session keys),

switch over from a clear to a safe VPN/VPC encrypted and authenticated communication mode. After completing the off-line transaction protocol's pairing part, an application based VPN/VPC will be established between Alice and Bob. In this example, the VPN/VPC will use four different session keys, two session keys for encrypting the messages in each direction (A→B and B→A) and another two different session keys for message authentication.

After having established the VPN/VPC, the off-line transaction protocol differentiates slightly between the two protocol cases [a] and [b] .

Protocol case [a] is executed only in the case the protocol initiator is the source (provider) of the "main secret" (eCoins).

Protocol case [b] is executed only in the case the protocol initiator is the sink (receiver) of the "main secret" (eCoins).

Please note, the VPN/VPC Setup Phase ends with message [04] from Bob to Alice, because Alice, per definition, is always the protocol initiator. That means, Alice also has to issue the next message after the message [04] . For protocol case [b] this is already the appropriate message order. However, for protocol case [a] it is required that Bob issues the next message. To solve this case to avoid the construction of a contradiction for protocol case [a], Alice passes over the flow initiative to Bob. This flow reversion is done with message [05a] (discussed below), which has no logical counterpart in protocol case [b] .

As already indicated above, the two CASTORs of Alice and Bob use a key generation mechanism to generate the session keys for the off-line transaction protocol's run. The CASTORs may for example support the following different primitives and methods for a Discrete Logarithm Cryptography (DLC)- based key establishment scheme:

C(2,2,ECC,CDH): This classifies a full unified modified Diffie-Hellman hybrid scheme (as used within the Elliptic Curve Diffie-Hellman, ECDH or Elliptic Curve Digital Signature Algorithm, ECDSA) with two ephemeral keys and two static keys which use Elliptic Curve Cryptography

(ECC) and a Cofactor Diffie-Hellman (CDH) primitive.

C(2,2,ECC,MQV): This classifies the full unified (Cofactor) Menezes-Qu-Vanstone hybrid scheme (as used within the Elliptic Curve Menezes-Qu-Vanstone, ECMQV) with two ephemeral keys and two static keys which use Elliptic Curve Cryptography (ECC) and a Menezes-Qu- Vanstone (MQV) primitive.

ECC makes use of elliptic curves. There are several proposed sets of elliptic curves with relevance to cryptographic applications with highest security demands. One exemplary option for such a set (but not limited thereto) is the use of "ECC Brainpool Standard Curves". Their generation and their accompanying domain parameters (over finite prime fields GF(p)) are described in Lochter et al. "Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation", IETF RFC 5639, 2010, available at http://www.ietf.org.

Furthermore, in case a session key for the encryption of the eCoins is needed, a DLC-based key establishment scheme may also be used to generate symmetric session keys for encrypting the eCoins to be transferred prior to their inclusion with the respective protocol messages. Alternatively, a CASTOR may encrypt the eCoins prior to their inclusion to a protocol message using the respective other CASTOR's root certificate public key parts or the public protocol partner's user certificate key part.

Session keys for encrypting the eCoins may be symmetric session keys of an AES symmetrical encryption scheme.

Please note, the parameters for the DLC-based key establishment scheme utilize public/private ephemeral key-pairs (their public parts (see key class of Κρ ε:χχχ ) that are exchanged by Alice and Bob in messages [03] and [04]), and public/private static key-pairs (their public parts (see key class of K QS ; XXX ) that are exchanged by Alice and Bob in messages [01] and [02]), contained in the CASTOR Root certificate Type-VI in combination with co-factor parameters (ECCDomainParamTable), also contained in the respective Type-VI certificates. Both are to be exchanged between Alice and Bob in a safe manner, e.g. both as certified parts of one certificate. The nonce generation and exchange as premaster secret (SALTs) by Alice and Bob in messages [03] and [04] collateralize the key generation process. This way MITMA can be prevented.

Please note, different session key generation mechanisms may be supported or used to generate the session keys for the VPN/VPC, too. Figure 8 exemplifies the VPN/VPC Setup Phase distingusihing between actions to be taken by Alice and Bob (the users), their CASTORs (eWallets), and their NetNodes (i.e. the devices housing the CASTORs of Alice and Bob):

1. Alice's CASTOR (eWallet) sends a VPN/VPC setup message [03] to Bob's CASTOR (eWallet) and waits for an acknowledgment or timeout.

2. The VPN/VPC setup message [03] is transferred through a network to Bob's node.

3. Bob's CASTOR (eWallet) receives and processes the VPN/VPC setup message [03].

4. Bob's CASTOR replies with an VPN/VPC acknowledge message [04] to Alice.

5. The VPN/VPC acknowledge message [04] is transferred through the network to Alice's node.

6. Alice's CASTOR receives and processes the VPN/VPC acknowledge message [04], the VPN/VPC for Alice is established. Please note, the next message [05] from Alice to Bob will confirm the VPN/VPC establishment for Bob.

1.4.4.7 Negotiation Phase

After the Pairing Phase and the VPN/VPC Setup Phase, if executed, Alice's CASTOR executing the off-line transaction protocol collects the information available to negotiate the transfer details for electronic tokens. In the eCash context, this details may for example contain information about the goods or services, the currency of the payment (in a multi-currency eCash system), and the price. The information on the price (and currency) allows Alice to determine the denomination(s) of the atomic eCoins available to her CASTOR (and change eCoins to be returned by Bob) that could be transferred to execute the payment.

The so-called lock timeout period (also known as "WeakDealLockDelay" or WDLD) is another parameter that may be negotiated in the Negotiation Phase. This parameter defines a period in time in which the CASTORs need to re-contact each other to resolve weak deal states in case of an interruption of the off-line transaction protocol. This re-contacting to resolve the unfinished transaction in case of a weak deal is not part of the off-line transaction protocol. So to speak, the lock timeout period defines the period of time in which Alice and Bob can resolve potential unfair terminations of the off-line transaction protocol in case of an interruption on a peer-to-peer basis, i.e. before fairness reconstruction via a fairness arbiter (trusted third party, e.g. the issuing authority of the eCoins (eMint)) becomes necessary to reconstruct the fairness. If the lock timeout period is not a predetermined value, Alice and Bob have to agree to this value in advance before entering into the Value Data Transfer Phase. The lock timeout period is negotiated using the exchange mechanism of the eDoc objects in its pre-flow incarnations (see messages [05] and [06], Table 71, Table 72 and Table 73). Alternatively, the lock timeout period may also be negotiated by other means prior to the off-line transaction protocol's execution and may be provided to the CASTORs as a restricted parameter for the transaction.

Please note, although the Pairing Phase and the VPN/VPC Setup Phase may have been executed successfully, the further transaction steps and the general possibility of exchange of electronic tokens are not guaranteed. Reasons for not being able to conduct the transaction can be manifold and include for example:

the token memory's storage capacity in the CASTOR or eWallet/device housing is reaching its limit (no more free space),

a denomination distribution of eCoins is unfavorable for which reason the payment cannot be conducted,

the CASTOR/e Wallet simply does not contain enough value (eCoins),

the types of eCoins within the intended transaction are incompatible (e.g.€ vs. US-$),

Alice and Bob cannot agree on the so-called lock timeout period (also "WeakDealLockDelay", WDLD),

a notified eCoin cannot be authenticated, e.g.

1. due to a missing or invalid batch production certificate (CRL) of the issuing authority (Type-VII certificate),

2. due to counterfeited money (CRL of Type-VIII), or

3. due to a blacklisted issuing-authority/eMint (CRL of Type-IV).

some policy would be violated if this transfer is allowed to be performed, etc.

The problem of finding the correct denomination of eCoins is also known in literature as exact payment, k-payment or n-spendable eCoins. In general, the solution of this problem is on the one hand depending on the algorithm deciding on the denomination of the eCoins upon withdrawal from the user's "bank" - this case is outside the scope of this invention. On the other hand, the solution to this problem is depending on the eCoin dispensing algorithm within the CASTOR when spending the eCoins. Regarding this latter dispensing algorithm, in one exemplary embodiment of the invention, the exact payment problem is solved following certain policies or transfer-rules:

find fitting combinations of eCoins allowing to conduct the exchange (payment),

compile a list of suitable combinations, ranking from the best to the worst solution („Ranked Suggestion List" (RSL)),

bind the exchange process of these lists equal to not more than three iterations,

minimize the eCoins' exchange for the transaction (no change, whenever possible), use as much„higher value" eCoins as possible in order not to run out of "low value" eCoins, allow over-spending and under-charging as a transaction enabling rescue method, and

avoid combinations lowering the possibility for being able to conduct a subsequent payment.

The creator of the initial eDoc (so-called eDoc[I] object) has all necessary information to compile a first RSL of eCoin combinations for "paying". The RSL may be determined based on the policies outlined above. The initial RSL includes possible eCoin sets to achieve the eCoin exchange, taking only into account the own local CASTOR database (i.e. the locally available eCoins).

It is further to be noted, that it makes no difference if the creator of the initial incarnation eDoc (eDoc[I]) containing the initial RSL is the source or the sink CASTOR for the eCoins. To make such mechanism better understandable an example is considered, where eCoins of the well-known€- (Euro- ) denomination are used for payment. Without loss of generality, it is further assumed Alice was the creator of the initial eDoc (eDoc[I] object) and wanted to transfer the amount of e.g. 286,57€ to Bob. She has the choice to differentiate between "exact payment" and "all other" solutions. If Alice is able to make an exact payment, her CASTOR/e Wallet compiles only a single "selection" of her [(Main Secret),(Change Secret)] combination in the following way with an empty change secret:

Selection Alice := [(200, 50, 20, 10, 5, 1, 0.5, 0.05, 0.02),()]

In this case the RSL has only one entry. Of course exact payment may not always be possible so that Alice has to compile an RSL (with more entries) of supported denominations of eCoins for the payment. Table 8 below shows an RSL that exemplifies denominations of eCoins for the payment of 286.57€ in this example. Please note, the RSL may be limited to cover only up to a predefined system limit, e.g. fifty different entries (Pos).

Pos Main Secret Change Secret

1 200, 50, 20, 10, 5, 1, 0.5, 0.1 0.02, 0.01

2 200, 50, 20, 10, 5, 2 2x0.2, 0.02, 0.01

42 200, 100 10, 2, 1, 0.2, 0.2, 0.02, 0.01

43 200, 100 10, 3x1, 0.2, 0.2, 0.02, 0.01

44 200, 100 2x5, 3x1, 0.2, 0.2, 0.02, 0.01

45 200, 100 1x5, 2x2, 4x1, 0.2, 0.2, 0.02, 0.01

46 200, 100 1x5, 1x2, 6x1, 0.2, 0.2, 0.02, 0.01

47 200, 100 1x5, 8x1, 0.2, 0.2, 0.02, 0.01

48 200, 100 2x2, 9x1, 0.2, 0.2, 0.02, 0.01

49 200, 100 1x2, 11x1, 0.2, 0.2, 0.02, 0.01 50 200, 100 13x1, 0.2, 0.2, 0.02, 0.01

Table 8:„Ranked Suggestion List" (RSL) of how to conduct the eCoin exchange.

Assuming Alice can make an exact payment, Bob (has to) accept(s) this proposal because Alice is the payer and she is able to make an exact payment - no further cooperation will be required, Alice's CASTOR, so-to-speak, takes this decision on its own. In all other cases, Alice's CASTOR needs to contact Bob's CASTOR for an agreement on one of the denominations of eCoins for payment. In this case, Alice's CASTOR generates an RSL (as exemplified above) and sends it to Bob's CASTOR as part of the eDoc[I] object in the message [05a] in protocol case [a] or message [06b] in protocol case [b].

In the protocol case [a], as shown in Figure 5, Bob is able to make a counterproposal (optionally using partial knowledge from the previous proposal: Bob „learns", which eCoins Alice has in her CASTOR/eWallet by studying the denominations of her RSL) and sends his own RSL of denominations of eCoins for the payment, which Alice has then to choose from. Please note, in case Alice and Bob do not find a common denomination of eCoins supported by both, the transaction fails and the off-line transaction protocol is interrupted.

In protocol case [b], as shown in Figure 6, Bob cannot make a counterproposal and has to pick a denomination of eCoins from Alice's RSL. Otherwise the transfer is not successful and the off-line transaction protocol is interrupted. Please note, in protocol case [b] the Negotiation Phase only consists of sending message [06b] from Alice to Bob, which contains the eDoc with Alice's RSL. In case of receiving a single selection for the eCoin distribution (i.e. an RSL with one entry only) with change eCoins, Bob's CASTOR checks if it can provide the presented denominated change eCoin set and, if so, Bob's CASTOR can accept the proposal by sending the next protocol message [07b]. Otherwise, the transaction fails and the off-line transaction protocol is interrupted.

Please note, the off-line transaction protocol may not only be used to make payments between users or a PoS and a user, respectively, but may likewise be used to withdraw or deposit money from a user's bank. For depositing or withdrawing eCoins, the user and the user's bank may first determine the amount of money (eCoins) to be deposited/withdrawn. This may be for example implemented by means of a known online-banking portal which allows the user to make an eCash remittance to his CASTOR or user account (identified by a user certificate (Type-I/II certificate). The bank would then transfer the dedicated amount from the user's checking account and make it available through a "cash machine/ATM" (having a hardware and/or software implementation of a CASTOR, i.e. the bank's CASTOR). A push or poll mechanism triggered by the bank's "cash machine/ATM" or by the user's eWallet/device comprising his CASTOR could then be used to execute a run of the off-line transaction protocol between the user's CASTOR and the bank's CASTOR to "withdraw" the eCoins. A similar mechanism could be used to deposit (i.e. to clear) eCoins at the user's giro account as his/her bank. In all other cases, the CASTOR of Bob processes the RSL of Alice - starting with the first (best) eCoin denomination indicated therein. In protocol case [a], if Bob's CASTOR is able to use one of the suggested eCoin denominations, it selects the first (highest ranked) eCoin denomination supported. Bob's CASTOR signals its selection by appending information on the selected eCoin denomination into the updated eDoc in form of a selection Bob entry.

In case of no match Bob has to make a decision. If he is already at the protocol stage where he needs to send a value message containing eCoins, he has to generate a new selection Bob entry on his own and to signal his vote to Alice within the eDoc object. Or Bob interrupts the protocol and does not send any further message to Alice to cause a timeout at her end (fail-stop). He uses this selection for the combination of secrets he sends within the same message. If Bob is not in that need (being in the [a] protocol case) he can supply a RSL by his own. It can be helpful if Bob optionally used partial knowledge from the previous proposal (Alice's RSL) by„learning", which eCoins Alice has in her CASTOR/e Wallet by "studying" the presented denomination set proposals from the RSL he already received from Alice within his generation process. If Alice notices Bob uses an eCoin-distribution set she is unable to supply, she has to interrupt protocol-execution, what drives her into the 'transaction not possible' fail-stop behavior, documented before.

As indicated above, in protocol case [a] shown in Figure 5, Alice inverts the message flow by sending a message [05a] ('a' to denote the protocol case [a]) to Bob). This message [05a] does not only pass the initiative to Bob, but also provides additional information to negotiate the details of the electronic token transfer as discussed above.

Sending message [05a] from Alice's CASTOR to Bob's CASTOR is an adaptive step imperatively necessary only in case [a] to prevent the generation of more different protocol trees. Message [05a] comprises the user certificate of Alice (Cert A [Type-I/II].obj), which is also referred to as a Type-I or Type-II certificate and is specific to the user (here: Alice). Please note, the CASTOR may be bound to be used together with only one Type-I/II certificate, i.e. may be bound to be exclusively used by a single person or institution only (not both at the same time). The user certificate of Alice enables Bob (respectively Bob's CASTOR) to identify and confirm the person or organization "Alice", who/which is requesting the transaction.

If the validation of the Alice's and Bob's user certificates by Bob's CASTOR, respectively by Alice's CASTOR fails, the respective CASTOR may immediately interrupt the off-line transaction protocol's run. In an alternative implementation, the respective CASTOR continues execution of the off-line transaction protocol until the CRL, blacklisting the user certificate of Alice, respectively Bob, has been provided to the other party's CASTOR as part of the system object update, and then an interrupt of the off-line transaction protocol is caused.

The inclusion of TSID to message [05a] makes the whole off-line transaction protocol-execution's run unique and the incrementing (modulo 2 2 -l) ping-pong number ψ assures the correct ordering of the messages. The (optional) control object of the type "Challenge" contains internal data for the viral- distribution carrier of updateable system information. The viral distribution may be optionally subject to an ageing process with respect to time and/or the number of hops by which the system update information is distributed onwards, in order to achieve a controlled cascading effect. This ageing may inhibit the development of an "uncontrollable chain reaction" in the viral distribution of the system update information.

Message [05 a] can also be used to carry the initial version of the eDoc generated by Alice (eDoc[Ii a ] object). This initial eDoc contains the details about the nature of transfer of eCoins, as for example the nature of the request (e.g. invoice, withdrawal, deposit, remittance), the type of currency to be used, the amount of value (in eCoins) to be transferred, and the RSL table of eCoin denomination(s) (entries) suggested by Alice to transfer the value . The eDoc may optionally comprise further information e.g. details of the CASTOR of Alice, the TSID, transaction date and time, etc. All this information is signed by Alice using the private part corresponding to a public key supplied in the user certificate Type-I or Type-II. The signature may not include the RSL since, in protocol case [a], Bob is able to make a counterproposal and may change the RSL in a way the final selected eCoin denomination is not yet known. Table 9 shows the exemplary message [05a] according to the exemplary embodiment described above.

Table 9: Payload Negotiations step 1.

Compared to message [06b] for protocol case [b] sent by Bob, the initial eDoc included by Alice with message [05a] contains only a part of the complete information due to Alice protocol role . The information about the transaction will be completed by Bob in the message [06a] as will be outlined below.

Bob's CASTOR receives message [05a] and checks the contents thereof, e.g. by verifying the validity of Alice ' s user certificate (Cert A [Type-I/II] .obj), and also checks for the correct TSID and the incrementing message counter. Furthermore, as outlined above, Bob's CASTOR has to determine whether one (or more) of the eCoin denominations in the RSL is acceptable, i.e. if it can be supported or if it cannot. Since Bob can make a counterproposal in this protocol case [a] even if no eCoin denomination of Alice is acceptable, Bob ' s CA STOR may compile a new RSL of e Coin denominations Bob would support . Of course , if Bob supports one or more of the e Coin denominations, those will be included in the RSL to be sent by Bob in message [06a] . If Alice proposes her exact payment, Bob (has to) accept(s) this proposal by including Alice ' s eCoin denomination for the exact payment to the RSL to be sent by Bob in message [06a] . The RSL is included in an updated version of the eDoc (eDoc[Ii a ] .obj) received from Alice. This updated version of the eDoc is referred to as eDoc[I 2a ] .obj .

The message content of message [06a] is quite similar to the content of message [05a] . The message starts with a message tag '/Ap P ,Exchange,info,6' to identify this message as message [06a] . Further, it includes user Bob's certificate (Cert B [Type-I/II] .obj) to enable Alice to identify and confirm the person or organization "Bob" . The inclusion of TSID makes the whole protocol-execution-run unique, while the incrementing ping-pong number ψ assures the correct message ordering in the transaction protocol message sequence.

The (optional) control object of the type "Response 1" contains internal data for a viral-distribution carrier of updateable system information.

Furthermore, Bob' s CASTOR includes the updated version of the eDoc received from Alice, the eDoc[I 2a ] object, to message [06a] . This updated eDoc contains the RSL generated by Bob's CASTOR and further updated information about the transaction protocol-run and current protocol-state. Bob may sign all information recently added to the updated eDoc (optionally except for his RSL with the eCoin denominations). Moreover, Bob' s CASTOR may optionally countersign the information contained in the eDoc received from Alice. Table 9 shows an exemplary message [06a] according to the exemplary embodiment described above.

Table 10: Payload Negotiations step 2.

For protocol case [b] the Negotiation Phase only consists of one message [06b] sent from Bob to Alice. Structurally, this message is quite similar to message [05a] and is exemplified in Table 1 1. In protocol case [b] Bob must select an eCoin denomination from the RSL proposed by Alice in message [06b] otherwise no transfer of eCoins is possible. Furthermore, the provision of Bob's user certificate to Alice is postponed to the actual Value Data Transfer Phase (see message [07b] below), where Bob's user certificate is provided with the main secret of the transaction.

Table 1 1 : Payload Negotiations step 1.

Note, there is no explicit cryptographic checksum or signature of messages [05a], [06a] and [06b] to protect the messages, because the messages will be sent through the established VPN/VPC (which can be reduced to only provide signature protection). The transmission of messages [05a], [06a], [06b] and the rest of the protocol messages (through the VPN/VPC if present) between Alice to Bob may also be considered a mechanism to allow Alice and Bob to verify integrity of the received message even in the case no VPN/VPC is effective. It should be also noted; in case a VPN/VPC is used its encryption function may be disabled. In this case, the messages are still signed by using the session keys for signing generated in the VPN/VPC Setup Phase so at least some integrity protection to the message contents (which is sent in clear) is provided.

Figure 9 exemplifies the exchange of messages [05a] and [06a] for protocol case [a] .

1. Alice's CASTOR (e Wallet) creates and sends the initial eDoc object (including the RSL of eCoin denominations) to Bob' s CASTOR in message [05a] . This message may further comprise additional information about the transaction and state thereof.

2. Message [05a] is transferred from Alice through a network to the Bob's node. The message may be sent through the previously established VPN/VPC.

3. Bob' s CASTOR (eWallet) receives and processes the message . Please note, the reception of message [05a] may be considered as confirmation of the establishment of the VPN/VPC for Bob.

4. Bob's CASTOR (eWallet) replies to the received message by adding information about the transaction and state thereof by updating the eDoc received from Alice and adds the updated eDoc to a message [06a] . This message further comprises an updated RSL of eCoin denominations. 5. Message [06a] is transferred through the network to the Alice's node. The message may be sent through the previously established VPN/VPC.

6. Alice's CASTOR (e Wallet) receives and processes message [06a] .

Further as mentioned above, the control (Ctrl) objects sent in the Negotiation Phase (and Value Data Transfer Phase) are responsible for a viral diffusion of system update information on a peer-to-peer basis. All the three possible incarnations (Challenge, Response_l, and Response_2) of the control objects can be used to distribute and update one or more of the following (non-limiting and non- conclusive) enumeration:

- a Certificate Revocation List of revoked CASTOR root certificates (Type-V) in order to allow the exception of individual CASTORs from the transaction system,

- a Certificate Revocation List of revoked batch production certificates of eCoins (Type-VII) to allow the exclusion of a complete eCoin batch production from the transaction system,

- a Certificate Revocation List of revoked eCoins (Type-VIII) in order to allow the exception of individual eCoins from the transaction system,

- a Certificate Revocation List of revoked certificates of issuing authorities of eCoins (Type-IV) in order to allow the exception of individual issuing authorities (e.g. eMints) from the transaction system,

- a Certificate Revocation List of revoked user certificates (Type-I/II) in order to allow the exception of individual users from the transaction system,

- a Certificate Revocation List of revoked Certification Authority certificates (Type-Ill) in order to allow the exception of individual Certification Authorities from the transaction system,

- firmware updates for updating the firmware of the CASTORs, and

- policy rules updates for updating the policies (e.g. new crypto-regulations in a country, changed eMoney regulations (e.g. due to money laundering), flexible responses to potential phishing and/or spoofing, new or changed operation behavior of the I/O -interface, etc.) of the CASTORs.

In case the VPN/VPC is in use, only encrypted information travels between Alice and Bob using the (symmetrical) secret key encryption scheme which has been previously negotiated in the VPN/VPC Setup Phase. Both peers thus exchange their user-certificates, challenge- and response -objects for system update and the eDoc messages under VPN/VPC-protection.

It should be further noted, the actual selection of the eCoin denomination for the transfer (given Alice and Bob agree on one) is performed prior to sending the next protocol message and is implicit to the eCoins (main secret of the transaction) to be sent in this next protocol message. Therefore, the selection of the eCoin denomination for the transfer of eCoins may be considered part of the Value Data Transfer Phase discussed below (however, this is matter of definition).

Furthermore it should be apparent; that the provision of an RSL of eCoin denominations for the payment is specific to the eCash context. In case the transaction allows no choice of electronic tokens to be transferred, i.e. the electronic tokens to be transferred are known from the pre-negotiations before the run of the off-line transaction protocol, no "negotiation" on the transfer details is needed, so the RSL may not be included to the eDoc(s) exchanged. The remaining message contents of messages [05a], [06a], and [06b] may however stay unchanged also in other applications of the off-line transaction protocol as the eDoc contents may be part of the evidence for a later fairness reconstruction after the off-line transaction protocol's termination.

As indicated above, the update of system objects may be realized by a challenge-response mechanism. In one exemplary embodiment, the challenge and their respective responses are using a sort of ping- pong mechanism:

1. The Challenge message (being the ping) contains the respective version number and a date/time stamp of its generation for each updatable system object. This is enough information for the recipient of the challenge ("receiver") to generate a first response (being a pong). The CASTOR ("sender") sending message [05a], respectively message [06b], amends the Challenge control object (Ctrl[Challenge] .obj) by information on the sender's status of the updatable system objects, e.g. firmware, policy rules and CRLs, for example by indicating their last update (timestamp including date) and/or their version number.

2. The first response (Ctrl[Response_l] .obj) contains a status field and a data field for each previously requested updateable system object from the challenge message. Possible status values are [Null, Object, Request]. "Null" indicates that no update is needed; in this case the respective data field is empty or without any meaning. "Object" indicates that a newer system object (referenced by position in respect to the previously sent version number and date/time stamp) is contained within the data field representing an update for the challenge issuing party ("sender"). "Request" indicates that the recipient of the challenge ("receiver") identified an older system object at the receiver based on the version/date/time information in the challenge and now requests an update from the challenging party ("sender"). In this case the respective data field is empty or without any meaning. The challenge receiving CASTOR ("receiver") receives message [05a], respectively message [06b], can check:

a. Whether the receiver has an outdated version of one or more of the indicated system objects, and if so, the receiver includes a "Request" signal for every outdated/requested object to the Response_l control object (Ctrl[Response_l] .obj) in message [06a] or, message [07b], respectively. b. Whether the receiver has a newer version of one or more of the indicated system objects, respectively more up-to-date system objects, and if so, the receiver includes an "Object" signal for every more up-to-date object together with the more up-to-date system objects to the Response_l control object (Ctrl[Response_l] .obj) in message [06a] or message [07b], respectively.

c. Whether the receiver has same version of one or more the indicated system objects, and if so the receiver includes a "Null" signal for every same object to the Response_l control object (Ctrl[Response_l].obj) in message [06a] or message [07b], respectively.

3. The sender of the initial challenge receives the first response (Ctrl[Response_l] .obj). The sender prepares, as a consecutive step, a second response message (Ctrl[Response_2].obj) containing a status and a data field for each previously requested object (from the first response message). Possible status values are [Null, Object] . A "Null" indicates that no update is to be done; in this case the data field is empty or without any meaning. An "Object" indicates that a (requested) newer object (referenced by position in respect to the previously sent version number and date/time stamp) is contained within the data field representing an update for the receiver. Upon reception of the first response message (Ctrl[Response_l].obj) by the sender, it updates its system objects based on the contents of the control object of the first response message and finally checks whether the first response control object requests the transmission of system objects indicated by a "Request" signal, respectively. If so, the sender includes the more up-to-date system objects to the last response message's control object (Ctrl[Response_2].obj) and sends this updated control object to the receiver in message [07a] or message [08b], respectively. Thereupon the receiver updates its system objects based on the content of the second response message's control object (Ctrl[Response_2] .obj).

This is one exemplary implementation according to achieve an efficient distribution supported by a "viral" mechanism to distribute system update information (like firmware or other data objects) among the tamper-protected semiconductor modules in the system.

Furthermore, in one exemplary implementation according to another embodiment of the invention, in case any CRL is updated in a CASTOR, this CASTOR checks (as part of the off-line transaction protocol or after its termination) whether any of the locally available certificates is listed in an updated CRL and "locks" the respective listed certificates. If the blacklisted certificate is the CASTOR root certificate or the user certificate (assuming that one user is bound to the CASTOR), the CASTOR may temporarily or permanently disable the respective CASTOR so no further transactions can be executed. A temporary disablement could allow the user of the CASTOR to re-enable the CASTOR, for example, by requesting the Root Certification Authority to reinitialize the CASTOR, or to un-list the CASTOR or user from the respective CRL. Such operations could be conducted by using any standard transfer protocol, e.g. email for the transport of the respective updated system objects and a local terminal based I/O-operation for the provisioning of the updated system objects to the disabled CASTOR.

Alternatively, it is also possible that each CASTOR provides the respective other CASTOR with its (complete) set of system objects and lets the other CASTOR decide which system objects are to be updated. However, this approach appears less favorable, since it introduces additional overhead to the transferred payload, because system objects are sent without checking whether they are more up-to- date than the system objects available at the other CASTOR.

In case one of the CASTORs recognizes that the other CASTOR's root Type-VI certificate or user certificate Type-I/II is on a respective CRL in an earlier protocol phase, this CASTOR may optionally not fail-stop immediately but may proceed the off-line transaction protocol until having provided the CRL listing to the other CASTOR as part of the system object update procedure. After sending the message with the CRL listing (and the updated objects, respectively) to the other CASTOR, the sending CASTOR is then interrupting the off-line transaction protocol, triggering a timeout at the other CASTOR. Assuming, a CASTOR had the ability to disable itself if its CASTOR root certificate or its user's user certificate were blacklisted, this mechanism would be advantageous as it would not only avoid the transaction to be performed but would further provide the blacklisted CASTOR (i.e. the CASTOR of which the user certificate of its user or its CASTOR root certificate is blacklisted) with the respective CRL "through the back-door" to disable (or to re-enable) the blacklisted CASTOR and to prevent the blacklisted CASTOR from initiating any further run of the off-line transaction protocol. A CASTOR may be optionally enabled to decide upon detection of a blacklisted CASTOR root certificate or user certificate whether to interrupt the off-line transaction protocol immediately or to proceed up to the Negotiation Phase to push the CRL with the other party's blacklisted CASTOR root certificate or user certificate to the other party's CASTOR.

For example, this decision may depend on the role of the respective CASTOR in the protocol-run, i.e. the protocol case: If the push of the CRL with the other party's blacklisted CASTOR root certificate or user certificate to the other CASTOR was part of the Response_2 control obj ect, i.e . part of message [07a] or [08b], it may not be desirable to proceed since this implies that the respective CASTOR has to send the eCoins of the change secret.

Furthermore in another, alternative implementation, the CASTOR detecting the other transaction partner's CASTOR root certificate or user certificate to be blacklisted could always proceed with the protocol-run. In case the CASTOR needs to send the CRL blacklisting the other transaction partner's CASTOR root certificate or user certificate in a message together with electronic tokens the CASTOR could simply not include any electronic tokens to the respective message . A CASTOR can be configured to perform a system update also in cases the message is erroneous (here: electronic tokens would be missing in the message). If this procedure means the CASTOR detecting the other transaction partner's CASTOR root certificate or user certificate is blacklisted it receives the electronic tokens of the main secret before providing the system update with the CRL blacklisting the other transaction partner's CASTOR root certificate or user certificate to the other transaction partner's CASTOR. Then the CASTOR should not allow its user to dispose of the electronic tokens of the main secret.

Furthermore in another embodiment of the invention, the challenge-response update mechanic may be also used to re-enable a previously disabled/locked CASTOR; for example in case the previous reason(s) is/are for disabling same do no longer exists (e.g. the locked CASTOR is detached from a previous CRL by a newer (updated) one). In this embodiment, a CASTOR is configured to perform/allow a system update also in cases where the CASTOR itself is locked. The system update could be for example performed on-line with a trusted party, such as the RCA or as part of a "incomplete" run of the off-line transaction protocol. In the latter case the restriction for the locked CASTOR of not being allowed to execute the off-line transaction protocol will be lowered/reduced to of not being allowed to exchange (transmit or receive) electronic tokens, so that even in the lock case, a CASTOR is still able to start an off-line transfer protocol (which will be - of cause - later in the protocol steps always not successful, ending with a (fair) interrupt).

1.4.4.8 Electronic Token Transfer Phase (also: Value Data Transfer)

The successful entry into this protocol phase documents the ability of both CASTORs now to exchange the previously negotiated electronic tokens (eCoins). This phase of the off-line transaction protocol is fairly simple as it just exchanges two messages between Alice and Bob (messages [07] and [08]) which contain the eCoins of the main secret and the eCoins of the change secret (if needed). However as will be outlined below in further detail, the Value Data Transfer and the first two acknowledgment messages [09] and [ 10] are crucial with respect to the rollback in case of an interruption of the off-line transaction protocol and a possible subsequent fairness reconstruction, because an interruption of the off-line transaction protocol could lead to termination of the off-line transaction protocol in an unfair state.

Generally it should be noted, the respective CASTORs may check all eCoins to be transferred after their reception to assure their validity. Optionally, the transmitting CASTOR may check the transferred eCoins (again) prior to their transmission, too. These checks enable the detection of counterfeit eCoins (counterfeit eCoins are blocked and not transferred) and the validity of all involved digital signatures and certificates. In case of any irregularity a CASTOR detecting same will fail-stop and thereby cause the interruption of the off-line transaction protocol.

Although the protocol is designed to be operable off-line it may be possible that one of or both CASTOR(s) of Alice (and Bob) check the validity of the eCoins on-line by obtaining the latest CRL of eCoins to check the serial numbers of the eCoins against this CRL. This may for example be applicable in cases where one of the CASTORs has access to a permanent on-line connection (e.g. Internet connection), e.g. a CASTOR at a PoS. This on-line access for the validation of the eCoins is of course only optional and may be for example subject to user configuration. Even in case an on-line connection is used to check the validity of the eCoins with a third party, anonymity of the payment may be guaranteed as the third party providing the up-to-date CRL does not gain any information on the payment as such (i.e. is not acting as a fairness arbiter for the transaction). Of course, the update of CRLs (e.g. for the eCoins) may not necessarily be part of the off-line transaction protocol. For example, prior to starting the run of the off-line transaction protocol to transfer the electronic tokens, the CASTORs (as far as an on-line connection is available) could update the CRL(s), the CRL(s) could be updated in predetermined intervals, or the update of the CRL(s) could be triggered by an online connection becoming available. The update of CRLs outside the off-line transaction protocol may be advantageous, since it allows transferring the electronic tokens truly off-line in the sense that no online connection is employed for the transfer.

In another alternative embodiment the on-line check of the eCoins may be combined with a subsequent on-line clearing of the eCoins at the user's bank (e.g. eMint). A CASTOR could be receiving eCoins within an off-line transaction protocol and may simultaneously have an on-line connection to the eMint. The CASTOR contemporary tries to first verify the validity of the eCoins and then clears the received eCoins immediately with the eMint in a combined off-line transaction protocol session with the other (customer) CASTOR and an on-line session with the bank's CASTOR.

For example, the CASTOR can pass the identifying descriptor items (e.g. a serial numbers) of the eCoins to be received within the off-line transaction protocol-run on-line to the eMint before the eCoins are exchanged off-line. The clearing of the eCoins is technically - of course - only possible after the respective eCoins are "unlocked" by the off-line transaction protocol-run and become disposable for the other (parallel) on-line protocol with the eMint.

Checking the eCoins on-line for their validity may be advantageous as the risk of accepting counterfeit eCoins can be minimized. This is especially true in case where the eCoins are checked for their validity using the information of the Negotiation Phase (prior to the eCoin exchange) of the off-line transaction protocol (e.g. based on their identifying descriptor item (e.g. a serial number)). If this check is successful, the CASTOR can "accept" the eCoins and can optionally clear them afterwards. Otherwise, in case the eCoins are blacklisted, this event may cause a fail-stop of the off-line transaction protocol.

Besides the transfer of the eCoins, messages [07] and [08] represent final ping-pong exchanges of the eDoc objects. If these two messages are successfully delivered, the off-line transaction protocol enters into its termination sequence, the Confirmation Phase. After having successfully finished the transfer of message [08], both parties have successfully exchanged eCoins against an electronic receipt in return.

It should be also noted, that the CASTORs of Alice and Bob are configured to delete all electronic tokens (eCoins) at the respective CASTOR once they have been included into protocol messages [07] and [08], respectively, independent of the successful ending of the protocol. Hence, in case of an interruption of the off-line transaction protocol, this annihilation of transferred eCoins may cause a termination of the protocol's run in an unfair state but this is - with regard to protocol and system design - desirable in order to prevent multi-spending of eCoins.

Exchange and contents of the protocol messages [07] and [08] for the protocol cases [a] and [b] will be outlined in further detail below.

Considering protocol case [a] as exemplified in Figure 12, Alice approved her connection to the correct peering partner based on the user certificate she received from Bob with message [06a], she transfers the negotiated eCoins to Bob . The eCoins (∑Token[Secrets].obj) are included in message [07a] . Alice ' s CASTOR creates and transmits this message to Bob's CASTOR. Message [07a] is identified by its tag '/Ap P ,Exchange,vaiue,7' - The viral distribution of system object updates keeps the management and security information within this transfer system accurate: The (optional) control object type "Response_2" carries system information used to keep operating CASTORs 'up- to-date'. Due to bandwidth considerations (to minimize the traffic overhead occupied for system update purposes) it is possible to restrict the update process to objects with relevance to the concrete transaction run at hand.

Message [07a] further comprises the next updated version of the eDoc, the so-called eDoc[II a ] object to which Alice adds the serial number of the eCoins transferred in this message as the "main secret" of the transaction and signs this information block inside the eDoc object using her signing private key (e.g. Ks : user:Type-wi , prv)- An exemplary message [07a] is shown in Table 12. Once message [07a] has been sent by Alice her CASTOR ensures the eCoins are irrevocably destroyed - the only thing Alice may obtain in case of a protocol interruption is a proof of loss ("credit note" or "affidavit") for the "lost" eCoins.

Table 12: Valuable Data Transfer step 1. Upon reception of message [07a] Bob's CASTOR checks the contents of this message which includes for example checking the validity of the transferred eCoins (e.g. with respect to their expiry, the eCoins being blacklisted in a CRL of revoked eCoins, checking the correct TSID or the increment of the message counter ψ, etc.). If Bob's CASTOR successfully checked message [07a] from Alice, and in case he confirmed he is connected to the appropriate peering partner (based upon the user certificate he received with message [05a]), he finally approves the transfer. Bob's CASTOR creates and transmits message [08a] in which he transfers his change eCoins (∑Token[ Secrets]. obj) - if any - and which confirms the successfully receipt of message [07a] and Alice's eCoins. The message sent by Bob is identified by a tag 7A P p,Exchan g e,vaiue,8' -

Further, Bob's CASTOR once again updates the eDoc exchanged in the protocol messages by adding the serial numbers of the change eCoins transferred in the same message and signs this information block inside the eDoc object using his signing private key (e.g. K S: user:Type-i/ii,piv) to the eDoc. Optionally, Bob's CASTOR could also countersign the serial number block previously inserted and transferred by Alice in order to indicate their safe reception and to lock this information block against any changes. The resulting eDoc is referred to as eDoc[III a ] object.

An exemplary message [08a] is shown in Table 13. Once Bob has sent message [08a] his CASTOR ensures the change eCoins are irrevocably destroyed - the only thing Bob may obtain in case of a protocol interruption is a proof of loss ("credit note" or "affidavit") for the "lost" eCoins.

Table 13: Value Data Transfer step 2. Upon reception of message [08a] Alice's CASTOR checks the content of message [08a] received from Bob, which includes for example checking the validity of the transferred eCoins (e.g. with respect to their expiry, the eCoins being blacklisted in a CRL of revoked eCoins, checking the correct TSID or the increment of the message counter ψ, etc.). If Alice's CASTOR successfully checked message [08a] from Bob, both parties achieved

- negotiated eCoins have been exchanged against an electronic receipt (element part of the eDoc object) and - all steps required for the option updates of system level objects are done.

Note, there is no separate explicit cryptographic checksum or signature of messages [07a] and [08a] to protect them because these messages will be sent through the established VPN/VPC tunnel. The transmission of messages [07a] and [08a] through the VPN/VPC tunnel between Alice to Bob may also be considered a mechanism to allow Alice and Bob to verify integrity of the received message. It should be also noted, in case a VPN/VPC is used, its encryption function may be disabled. In this case, the messages are still signed by using the session keys for signing generated in the VPN/VPC Setup Phase so at least some integrity protection to the message contents (which is sent in clear) is provided.

Figure 10 exemplifies the Value Data Transfer Phase according to an exemplary embodiment of the invention.

1. Alice's CASTOR (eWallet) sends a messages [07a] containing the mid-flow eDoc object (eDoc[II a ].obj), and the main secret (here eCoins) of the transaction. Optionally, other objects as system update information may be included to the message.

2. Message [07a] is transferred through a network to the Bob's node.

3. Bob's CASTOR (e Wallet) receives and processes messages [07a] received from Alice.

4. Bob's CASTOR (eWallet) replies to messages [07a] by sending message [08a] which contains optional the change secret (eCoins) and a post-flow eDoc object (eDoc[III a ].obj).

5. Message [08a] is transferred through the network to the Alice's node.

6. Alice's CASTOR (eWallet) receives and processes the message [08a] .

The protocol case [b] is essentially similar to the protocol case [a], except for the inversed message flow (message [07b] is sent by Bob, message [08b] by Alice) and some minor changes to the protocol messages as will be shown below (see Figure 13).

Message [07b] is exemplified in Table 14. The main difference between message [07a] and message [07b] regarding their content is the inclusion of Bob's user certificate (Cert B [Type-I/II].obj) to message [07b] which enables Alice to identify and confirm the person or organization "Bob". In protocol case [b] where the Negotiation Phase essentially only comprises message [06b] message [07b] is used to transfer the Bob's user certificate to Alice. Accordingly, Alice may check Bob's user certificate the first time upon receipt of message [07b] . Moreover, the (optional) control- object-type changes from a "Response_2" to a "Response_l" in view of the protocol flow change in protocol case [b]. As described above, once message [07b] has been sent by Bob, his CASTOR ensures that the eCoins are irrevocably destroyed - all Bob may obtain in case of a protocol interruption is a proof of loss ("credit note" or "affidavit") for the "lost" eCoins.

Msg. Transfer Elements Comments

07b B -» A /App,Exchange,Value,7 Flag indication "Valuable data transfer". [in clear or Bob's personal or commercial user

Cert B [Type-I/II] .obj

via certificate.

VPN/VPC

if in use] Transaction Session ID, e.g. 32-bit,

TSID TSID := TID A S TID B

Ping-pong running-message-number, incremented here.

Bob sends, if any, newer objects & own

{ Ctrl [Response l] .obj }

update requests.

eDoc[II b ].obj eDoc (mid-flow) object.

Binary block of eCoins (main secrets) used

∑Token[ Secrets] .obj

for payment.

Table 14: Valuable Data Transfer step 1.

Also message [08b] of protocol case [b] as shown in Table 15 is similar to message [08a] in protocol case [a] . The only difference is an (optional) control object of "Response_2" type in order to complete the system information update. Please further note, once message [08b] has been sent by Alice her CASTOR ensures the eCoins are irrevocably destroyed - a proof of loss ("credit note" or "affidavit") for the "lost" eCoins is the only thing Alice may obtain in case of a protocol interruption.

Table 15: Valuable Data Transfer step 2.

In one further exemplary embodiment, irrespective of whether or not the encryption function of the VPN/VPC is in use between Alice and Bob to protect the contents of the protocol messages, the eCoins comprised in the respective messages [07] and [08] for both protocol cases [a] and [b] may be included to the messages in encrypted form. One of many motivations to do so is to avoid any third party is able to intercept the eCoins in clear and usable form.

The CASTOR sending its eCoins may for example encrypt the eCoins using a session key dedicated for this purpose. This session key may have been generated already in the VPN/VPC Setup Phase. Another alternative implementation may be Alice's and Bob's CASTORs, respectively, encrypt the eCoins of the main secret and the optional change secret by means of using a private/public key-pair (encrypting with the public key part and decrypting with the respective private key part). For example, Alice could use the public key part of the public key-pair of Bob's CASTOR or alternatively Bob's user public key-pair, the public key part which is included in the CASTOR root certificate, respectively Bob's user certificate. Similarly, Bob could use a respective public key of Alice to encrypt the eCoins prior to inclusion thereof to the protocol message.

Please note, the Value Data Transfer Phase could be designed also for applications other than an eCash system as described above . The messages may however be adapted to the respective application. For example, in case the off-line transaction protocol was used to a purchase software license the purchasing party should transfer the main secret (payment of the software license (eCoins)) while the licensor could provide the software license key as part of the message transferring the optional change secret (eCoins). The software license could be included as an additional message object or as part of the eDoc (e.g. as part of or being the electronic receipt). The license key may be signed by the licensor's private signing key part of a key-pair (where the public verification key part is provided within the user certificate of a Type-I/II of the licensor).

It should be apparent that the "means of exchange" used so far in the described system are financial instruments like Euros (€), Dollars ($), or any other national currency. The invention is however not limited to exchange only electronic tokens of such format (eCoins). As mentioned previously, the electronic tokens may represent anything that can be represented electronically (e.g. in form of a certificate) in the physical or virtual world like provision of services, such as for example a digital representation of money (i.e. coins and bank notes of one or more arbitrary currencies (fiat money)), natural resources or goods e.g.

- metal (e.g. precious metal like platinum, gold, silver, copper), etc.,

- renewable raw materials (e.g. eggs, pigs, cows, field crops like corn, rice, wheat, vanilla, saffron, cocoa), etc.,

- biogas, not renewable resources like (raw) oil, diamonds, sapphires, rubies, crops, coals, fossil gases, etc.,

- properties (e.g. parts of accounted dependencies like forestry trees in south America, estates and landholding), supplies, provisions, inventories and deposits of petroleum, minerals, water, etc., - services (e.g. (the receipt of) natural gas, petrol, oil, water, electrical power and their disposal), etc.,

- properties already confirmed by documents (e.g. shares/stocks/pensions, or rights, tickets (cinema, public transport, train, bus or flight tickets, sport event, media libraries, eBooks)), etc.,

- licenses and cryptographic key exchanges (e.g. in form of license keys for software applications, decryption keys for streaming multimedia, digital content license for eBooks, music, videos), etc., - guarding medical records, soiling certificates (e.g. C0 2 ), or even as replacements for physical keys as used for doors, cars, office cupboards, etc,

- any kind of vouchers, etc.

Similarly in other applications, where no eMoney/e Value is transferred, no eCoins may need to be transferred, but the type and definition of electronic tokens to be included in the protocol messages may depend on the application type.

1.4.4.9 Acknowledgment Phase (also: Confirmation)

The Confirmation Phase is the off-line transaction protocol's last phase and is used to commit the transfer of the electronic tokens in the Value Data Transfer Phase outlined above. The Confirmation Phase renders the transfer repudiation-free.

In protocol case [a] the ACK1-, ACK2- and ACK3-tickets (referred to as messages [09a], [10a], and [1 la] below) are exchanged as security tokens after the successful delivery of message [08a] from Bob to Alice. Message [09a] acknowledges Alice's reception of the previous message [08a] from Bob. If Bob does not receive message [09a] the protocol-execution may not be successful (i.e. interruption at this point in time of the protocol-run may still lead to a termination in an unfair state). Message [10a] informs Alice, Bob acknowledges the successful protocol-execution (and the reception of message [09a]). If Alice does not receive this message the protocol-run may not terminate successfully.

Message [11a] is Alice' s farewell heard by Bob (according to this transaction). Please note, message [1 la] is optional and does not have any effect on the successful or unsuccessful ending of the off-line transaction protocol's run. However, this message may nevertheless be desirable in the protocol to allow Bob to confirm Alice has successfully received message [10a] which implies that the off-line transaction protocol was ended successfully (and thus in a fair state) for Alice.

After having successfully exchanged the three acknowledgment messages the off-line transaction protocol's run ends and both parties achieve the successful exchange of eCoins against an electronic receipt (e Receipt).

In one exemplary implementation of the Confirmation Phase for protocol case [a] Alice creates and transmits message [09a] to Bob. Message [09a] may be identified by the tag '/Ap P ,commit,info,9 · As indicated above message [09a] acknowledges reception (and successful validation) of Bob's previous message [08a]. As for the previous messages, also message [09a] contains the TSID of the off-line transaction protocol's run and an appropriately incremented message counter ψ. Furthermore, message [09a] comprises the ACKl-ticket object (Ticket[ACKl] .obj) which provides the evidence on the reception of Bob's message [08a] in a non-repudiable form. Table 16 exemplifies message [09a] sent from Alice to Bob. Msg. Transfer Elements Comments

/App,Commit,Info,95 Flag indication "Transaction finalizing".

A -» B Transaction Session ID, e.g. 32-bit,

TSID

[in clear or TSID := TID A ® TID B

09a via Ping-pong running-message-number,

VPN/VPC Ιηο(ψ),

incremented here.

if in use]

This is the confirmation for the value

Ticket[ACKl].obj .

transfer.

Table 16: Commit step 1.

The ACKl ticket object could for example be implemented as shown in Table 17. The ACKl ticket object may for example indicate its Type as "ACK1-TICKET" and comprises an Evidence and Signature section. The Evidence section contains a signature on a predetermined set of information on the transaction, e.g. the TSID of the transaction, a timestamp DTC A, and a nonce as shown in Table 17. The signature is signed using the private signing key of the CASTOR root certificate K S: C A S T O R :S UDI,PIV (i.e. the private key counterpart to the public key comprised in the Type-VI certificate).

Table 17: ACKl ticket.

The Evidence section (and optionally the Type) is further signed by Alice's CASTOR, for example by means of the Alice's private key part corresponding to the public key comprised in Alice's Type-VI certificate. This implementation is only exemplary. It is likewise possible to apply one signature to the Evidence section (and optionally the Type) by using one of the before mentioned private keys. Finally, the ACKl -ticket object is signed in the Signature section using Alice's private key part corresponding to the public key comprised in Alice's user certificate (Type-I/II).

If the delivery of message [09a] to Bob is successful the protocol enters into the next commit iteration. After receiving message [09a] Bob's CASTOR starts its commitment procedure. Bob's CASTOR creates and transmits this pre-final confirmation message [10a]. An exemplary implementation thereof is shown in Table 18. Message [10a] may be identified by a tag '/App,commit,irfo,io' - As for the previous messages, also message [10a] contains the TSID of the off-line transaction protocol's run and an appropriately incremented message counter ψ. The ACK2 -ticket object (Ticket[ACK2] .obj) informs the receiver Alice about the successful protocol-execution of entity Bob (an ACK for an ACK) as a positive feedback.

Table 18: Commit step 2.

The ACK2 -ticket object is similar to the ACK 1 -ticket object, except for indicating "ACK2-TICKET" in the type field. An example ACK2 -ticket object is shown in Table 19.

Table 19: ACK2 ticket.

Upon successful reception of message [ 10a] from Bob Alice creates and transmits her final confirmation message [11a] that will terminate the off-line transaction protocol's run. The final message [ 1 l a] may be identified by the tag ' / A pp,commit,info,n · As for the previous messages message [11a] contains the TSID of the off-line transaction protocol's run and an appropriately incremented message counter ψ, too. The ACK3-ticket object (Ticket[ACK3].obj) informs Bob about the successful protocol termination by Alice (an ACK for an ACK for an ACK) as a positive feedback. In case the message [1 1a] is lost this will have no effect on the successful termination of the off-line transaction protocol, i.e. the protocol-run is still successful. Table 20 shows an exemplary of message [11a].

Msg. Transfer Elements Comments

/App,Commit,Info, 11 Flag indication "Transaction finalizing".

A -» B

[in clear or Transaction Session ID, e.g. 32-bit,

TSID

11a via TSID := TID A β TID B

VPN/VPC

if in use] Ping-pong running-message-number,

incremented here. Ticket[ACK3] .obj This is the confirmation for the ACK2.

Table 20: Commit step 3.

The ACK3-ticket object is similar to the ACKl-ticket except for indicating a different message in the type field. An exemplary implementation of the ACK3 ticket object is shown in Table 21.

Table 21 : ACK3 ticket.

Figure 11 exemplifies the exchange of confirmation messages in the Confirmation Phase for protocol case [a].

1. Alice's CASTOR (eWallet) generates a fresh ACKl-ticket object and sends it as part of message [09a] to Bob.

2. Message [09a] is transferred through a network to Bob's node.

3. Bob's CASTOR (eWallet) receives and processes the message [09a] .

4. Bob's CASTOR (eWallet) replies to message [09a] by creating and sending message [10a] comprising an ACK2 -ticket object.

5. Message [10a] is transferred through the network to Alice's node.

6. Alice's CASTOR (eWallet) receives and processes message [10a] .

7. Alice gets informed about her transfer's transaction status.

8. Alice's CASTOR (eWallet) replies to message [10a] by creating and sending message [11a] containing the ACK3-ticket object. After transmission of this message the connection to Bob is terminated.

9. Message [1 la] is transferred through a network to Bob's node.

10. Bob's CASTOR (eWallet) receives and processes message [1 la] and terminates the connection to Alice.

11. Bob gets informed about his transaction status of the transfer.

Regarding protocol case [b] the Confirmation Phase is basically identical to the protocol case [a] except its flow of messages: In protocol case [b] messages [09b] and [1 lb] are sent by Bob while message [ 10b] is sent by Alice. Otherwise the contents of messages [09b], [10b], and [l ib] are identical to messages [09a], [10a], and [1 la] as discussed above. The following tables nevertheless briefly outline the message structures for protocol case [b]. Table 22 exemplifies message [09b] sent by Bob.

Table 22: Commit step 1.

Table 23 exemplarily shows a message [10b].

Table 23: Commit step 2.

Finally, Table 24 exemplarily shows a message [l ib] .

Table 24: Commit step 3.

In one exemplary embodiment of the invention all confirmation messages [09] to [1 1] are repeated multiple times in a transmission burst to lower the loss possibility as a precautious countermeasure against statistical occurrences of temporal shadowing radio transmission interruptions and/or distortions.

Regarding the Confirmation Phase it should be noted, this phase of the off-line transaction protocol may be implemented as described above in other applications, too. 1.4.4.10 Termination of the Off-line Transaction Protocol 's Run

The end of the Confirmation Phase constitutes also the end of the off-line transaction protocol's run. If the protocol's run has terminated successfully both parties have successfully completed the off-line transaction protocol's run and exchanged their main and change secrets (here eCoins) and optionally the (partial) update of system objects as described above. Hence, the protocol has been terminated in a fair state so that no fairness reconstruction is necessary. Accordingly, the off-line transaction protocol allows transferring electronic tokens between two peers via a direct link, without the interaction of any third party. In cases in which an interruption of the off-line transaction protocol has occurred a post- transaction protocol fairness recreation process using the proofs generated during the off-line transaction protocol's run may need to be performed to reconstruct fairness to both parties of the transaction, e.g. for achieving reimbursement compensation for a loss of electronic tokens.

1.4.4.11 Reliable Date & Time under Assumption of at least one unaltered partner e Wallet

Considering for example a transaction system for electronic tokens, due to the peer-to-peer nature of the transaction protocol, there are always two CASTORs/e Wallets engaged, one as payer and the other as payee. In cases where CASTORs/e Wallets contact an authority, the date & time information will also be transferred from such an authority to the contacting eWallet in case of being able to provide the official reference time.

Using this as premising constraint, the leverage security requirements for preventing time manipulations acts could be lower (relaxed) as described in the following:

In the transcaction system for electronic tokens as described, the CASTORs/e Wallets exchange all information (e.g. eCoins, local time) within the off-line transaction protocol. This includes eWallet-to- eWallet, eWallet-to-RCA, eWallet-to-CA or eWallet-to-eMint peer-to-peer protocol communication. Due to the establishment of a safe channel as fundamental parameter being part of the protocol, the probability for a third party (attacker) to make changes at this position is very small. The assertion to make is as follows: In such a scenario, both CASTORs/e Wallets always have two times available, the local time on the eWallet (indicated as "My Time") and the one from the partner CASTOR/e Wallet (indicated as "PartnerTime"). Every eWallet can compare both and adopt the local time to Max (My Time, PartnerTime), e.g. to the most advanced time to the future. If this comparison is already the eWallet' s local time, than no update of the time is necessary at the respective eWallet. In such an application constellation, it is possible to relax the security constrains for eWallets to an external unsecured local time source (e.g. RTC) with no manipulation protection against third party (attacker) interventions.

It can be assumed as side condition that the attacker is not able to control or manipulate both transacting eWallets and that the unmanipulated eWallet reflects (more or less) the real global (UTC) time. To prove that assumption, the following setups are discussed:

1. One of the two CASTORs/e Wallets is manipulated in a way, so that its local time "My Time" hurries ahead the "PartnerTime".

2. One of the two CASTORs/e Wallets is manipulated in a way, so that its local time "MyTime" runs after the "PartnerTime".

Looking to options for rewarding (and in so far pushing) the attacker, one can observe the following. In the setup referred under (1), the manipulated eWallet will accept less certificates (that belongs to eCoins and all other signed datastructures within the presented system) due to the fact, that the amount of expired end-of-life certificates is now larger than in the correct (unmanipulated) case. Moreover, such a "time-damage" will be inherited from the damaged to the innocent eWallet, because of the monotone anterograde behavior policy of CASTORs/e Wallets (rule to adapt always to the most advanced communicated time ever seen within a transaction protocol). As a consequence, the other eWallet will be "moved into the future" and has now the same problem. Such a "time-damage" is only repairable through an on-line contact with a certified authority (e.g. RCA, CA or eMint authority) providing the official reference time. To conclude this case, the attacker cannot win anything in such a setup, in fact he/she will lose.

In the setup referred under (2), there exist two subcases. The manipulated time at the manipulated CASTOR eWallet is either a) before (earlier than) or b) after (later than) the last point of synchronization or timestamp. Such a timestamp may be generated, safed and constantly renewed in a regular form e.g. every minute as manipulation protected sealed anchor of date and time into the internal safe nonvolatile-memory of the CASTOR/ eWallet.

The case a) is easy to handle. The CASTOR/eWallet to be manipulated will detect the attempt to deceive and will not accept the local time as being valid anymore : The CASTOR eWallet comprehends up from that moment his own local system time as invalid. This means that the CASTOR/eWallet is now incapable to make any further transaction. It has to contact a trustable source authority (as referenced above) to take a new system time (reset) over to the local RTC. This is a complete nothing-to-win situation for the attacker.

In case b), there is a small window from that point of time, where the local time is between after the last point of synchronization or timestamp, but before the "PartnerTime". In this case the manipulated CASTOR/eWallet will accept more certificates (that belongs to eCoins and all other signed datastructures within the presented system) due to the fact, that the amount of expired end-of-life certificates is now less than in the correct (unmanipulated) case. Actually already expired certificates are recovered of live. But unfortunately the time of keeping the attacker happy is short: At the next opportunity of having an on-line contact to an official reference time authority (e.g. to a RCA, a CA or an eMint) or to an other (unmodified) eWallet using the off-line transaction protocol, the date & time of the manipulated CASTOR/eWallet will automatically corrected before any eCoins are transferred. This means that all certificates are rated using the Max (My Time, PartnerTime) paradigm (as dictated by the policy). As a result, there is nothing to win for the attacker.

1.4.5 State-flow Transition-logic of a CASTOR

Figure 16 shows a state-flow transition-logic of a single CASTOR implementing the off-line transaction protocol including the "weak deal" handling procedure (also referred in this connection reference as "teleportation") according to an exemplary embodiment of the invention. It is important to keep in mind, the discussed teleportation works by atomizing the asynchronous exchange-process: Operations are protected either to be completely done or not at all. This makes the teleportation durable and guarantees reliable processing consistency. In the following, the states and events of the Mealy automat are elucidated briefly:

1.4.5.1 State "Off"

The CASTOR is off-line, power-downed, or in sleep mode. It won't respond to any request, except a power-on-event.

1.4.5.2 State "Begin " The CASTOR is powered-on by the user. An internal Build-In-System-Test (BIST) is performed. In case of an error this event may be indicated to the user; else, the control is passed to state "Conflict pending check".

1.4.5.3 State "Conflict pending check"

A check is performed whether the last teleportation-execution has been successfully terminated or whether the CASTOR may need to resolve conflicts arising from an earlier teleportation-run. This check may be advantageous, since the CASTOR can be stopped at any time by an external event or by the user. Since all steps of the transaction are atomistic, all operations may be recorded by an internal transaction-tracking-system of the CASTOR in a manner that even in case of a power-loss, they will be 'finished' by a logical rollback (state: "Conflict resolution"). In case a conflict resolution is needed, the CASTOR will propagate to the "Conflict resolution" state; else, the control is passed to the state "Ready".

1.4.5.4 State "Ready"

As long as the CASTOR is not initiating a run of the teleportation or in case the CASTOR does not need to reply to an incoming request, it remains in idle state. Only in case of having been switched off by the user, it passes the control to "Stop". If a run of the teleportation is requested, the CASTOR passes its state to "Pairing". 1.4.5.5 State "Stop '

This state disengages the CASTOR. Disengagement can be done by powering-down the CASTOR or forcing by it in some kind of sleep-mode. Only the user of the CASTOR is able to switch it to "Stop" state.

1.4.5.6 State "Conflict resolution "

In case of a pending conflict (e.g. due to a previous power-failure) found in the non-violate transaction memory, this conflict must first be cleared. After the completion of this (also atomistic) conflict resolution procedure, the state is passed to "Ready".

1.4.5.7 State "Fail" This state is reached if the off-line transaction protocol-run is interrupted without any deficit of fairness. In most cases the protocol-break is caused by a "Fail (fair)", which happens is if neither the expected message failed to reach its destination nor Alice nor Bob face a loss of any (value) secrets. This state clears all internal pending transactions and transfers the CASTOR back into the "Ready" state.

1.4.5.8 State "Pairing"

In response to an external paring request from a partnering CASTOR or in response to a user interaction with the CASTOR, a pairing-process is issued, and the CASTOR enters into the "Pairing" state. If this step can be finished successfully, the next step is the "VPN/VPC" state; else, the timeout "Fail" state is entered.

1.4.5.9 State "VPN/VPC"

Alice and Bob are mutually exchanging information for the (optional) creation of a VPN/VPC channel. After both peers have computed the common shared secrets (e.g. session keys) the (optional) encryption takes place and the secure channel is (optional) established. If everything succeeds the state advances to "Payload negotiations"; otherwise to "Fail".

1.4.5.10 State "Payload negotiations "

After the (optional) establishment of a secure private communication channel (VPN/VPC), Alice and Bob negotiate the transaction's payload, i.e. what the payload is and how it shall be exchanged. It may happen, the type of secrets on both sides aren't compatible (e.g. eCoins in€uros versus U$-Dollars), a CASTOR has not enough value stored inside to conduct the transaction, or even the granularity (eCoins are atomic and not divisible) do not allow for the change, etc. In cases where the transaction isn't possible, the CASTOR switches to the state "Transaction not possible" and interrupts the teleportation-run. If the exchange, however, is possible, and if no failure occurs, the CASTOR advances into the state "Secrets exchange". 1.4.5.11 State "Secrets exchange '

The secrets are exchanged to conduct the payment (exchange of secrets) against a receipt between Alice and Bob. If the transfer can be completed without an interruption (either an immediately effective successful off-line transaction protocol-transfer or a successfully delayed "weak deal"), both partners have a "Success". The CASTOR state then advances to "Commit". In any other case, the transfer hasn't been successful and a fail event comes up. In case the fail is a fair one, the CASTOR's state is changed to "Fail"; else, the state is changed to "Affidavit generation for fairness recreation" to generate of a proof of loss.

1.4.5.12 State "Commit" This protocol state is the last one in the teleportation and consolidates the transaction. A successfully commitment terminates the teleportation-run and returns to the state "Ready". In case of a "fail" the teleportation-run switches to 'Affidavit generation for fairness recreation'.

1.4.5.13 State "Transaction not possible "

In case a logical hindrance that (e .g. not enough value/money) prevents the transaction the teleportation-run is stopped and not performed. The state of the CASTOR transfers to "Fail".

1.4.5.14 State "Affidavit generation for fairness recreation "

In case the teleportation-run escalates to an unfair fail no further messages are exchanged. Secrets of one or both protocol-parties are lost because of something went wrong or due to an error. Note, since the teleportation transaction model is asynchronous, a CASTOR deciding something went wrong does not necessarily imply any incorrectly behaving other CASTOR. The handling of this state is one of the most challenging tasks in the teleportation. The CASTOR prepares actions to create a legally binding affidavit for later (delayed) lost-secret compensation through the eMint. After this step, the protocol state advances to "Fail".

1.4.5.15 Event "Power-on " The power-supply is activated by the user switching the CASTOR "On". This event transits the CASTOR from "Off" state to "Begin" state.

1.4.5.16 Event "Reset"

This event is fired in case the CASTOR-device switches its state from "Begin" to "Conflict pending check". As one of the first moves after a Reset the internal circuitry processes several functional tests (BIST), and the state shift indicates their successful completion (else the error indicator of the CASTOR is activated). 1.4.5.17 Event "Yes '

The last "Power-off event did not lead to a normal shutdown of the CASTOR through the "Stop" and "Off states. This event causes the CASTOR to enter the "Conflict resolution" state.

1.4.5.18 Event "No " The last "Power-off event leads to a normal shutdown of the CASTOR. The CASTOR enters into the "Ready" state.

1.4.5.19 Event "Solved"

After conflict resolution caused by the previous "Power-off incident the CASTOR is back operable again by advancing its state to "Ready".

1.4.5.20 Event "Idle "

The idle event is occurring as long as the CASTOR is in "Ready" state, i.e. no teleportation-process is running.

1.4.5.21 Event "Power-off"

The CASTOR is switched "off by the user. The CASTOR checks, if it is in the "Ready" state and if yes, it prepares itself for a "power-down" to transit into the "Stop" state. If a "Power-off signal is raised while not being in "Ready" state, the CASTOR performs a "fail-stop" action.

1.4.5.22 Event "Down "

After processing the "Stop" state, the CASTOR deactivates itself by disconnecting from the power supply. The "Down" event causes the CASTOR to transit to the "Off state.

1.4.5.23 Event "Request"

The "Request" event is issued either if the user triggers execution of a teleportation-run (the local user initiates a payment-request) or if an external message requesting paring has been received. The "Request" event transits the CASTOR from "Ready" state to "Pairing" state.

1.4.5.24 Event "Ok" This is the expected normal state progressing step to advance within the protocol processing.

1.4.5.25 Event "Cleared"

This event is automatically triggered in the "Fail" state after the internal processing of the fail-case and induces the "Ready" state. 1.4.5.26 Event "Logical-stop '

After "Payload negotiations" state the CASTOR checks if the negotiated requirements can be fulfilled. If yes, the CASTOR advances to the next state ("Ok"); else it will "pull the brake" by issuing this event.

1.4.5.27 Event "Abort"

The transaction cannot be completed, if it is impossible to conduct the transaction (e.g. due to both CASTORs cannot agree on the transaction's conditions or there is not enough money/value in the CASTOR). This event raised by the "Transaction not possible" state switches the CASTOR to the "Fail" state.

1.4.5.28 Event "Fail (fair) "

In case the transaction is interrupted and the CASTOR detects no fairness-deficit upon termination of the teleportation-run, the "Fail (fair)" event is triggered to transit the CASTOR to the "Fail" state.

1.4.5.29 Event "Fail ( unfair) "

In case the transaction is interrupted, and the CASTOR detects a fairness-deficit upon termination of the teleportation-run, an affidavit proof of loss is generated by the CASTOR to restore the "status quo ante". The "Fail (unfair)" event is triggered in this case so as to transit the CASTOR to the "Affidavit generation for fairness recreation" state.

1.4.5.30 Event "Success "

After the successful transfer of the secrets, the CASTOR has to accomplish the non-repudiation generation-process, and therefore enters into the "Commit" state, and consecutively advances to the "Ready" state to become available for the next teleportation request.

1.4.6 Handling of Interruptions of the Off-line Transaction Protocol

As shown in the previous section, eleven protocol messages in protocol case [a] and ten protocol messages in protocol case [b] are to be transferred between Alice and Bob within the peer-to-peer off- line transaction protocol. Within the first four messages the two protocol partners Alice and Bob pair and establish a secure VPN/VPC channel (raising their transaction states from 'unknown' over 'paired' to 'authenticated') for the rest of their yet to be exchanged messages. Please note, due to some error/timeout possibility, the protocol can fail and stop after every single atomized action (message sent or received): Therefore, the transaction may not proceed and further messages won't be sent or received. To distinguish the two protocol cases [a] and [b], Figure 5 and Figure 6 show the message flow of the off-line transaction protocol case [a] and [b], respectively. As shown in Figure 5, the eDoc[Ii a ] object (serving as an electronic invoice, withdrawal, deposit or remittance) is transmitted from Alice to Bob within message [05a] . The message informs Bob why Alice sent this message, and the eDoc[Ii a ] object comprises fields which can be used as evidence in a fairness reconstruction process. The eDoc objects differ from each other depending on the protocol case and state. Bob answers to Alice ' s message by adding his part to the eDoc[I 2a ] object within message [06a] .

Alice's message [07a] sends her payment (eCoins of the main secret) to Bob together with an updated eDoc[II a ] object. As of the moment message [07a] has been sent, the interval of state uncertainly in case of a protocol interruption begins for Alice. In Figure 5 this time interval is therefore also referred to as "critical section". It ends with the successful reception of message [10a] or with an interruption of the off-line transaction protocol, e.g. due to a message -timeout or another error cause. Same applies for Bob: His "critical section" starts with the transmission of message [08a] and ends with the successful reception of message [09a] .

Both "critical section" intervals are indicated by the two different triangles in Figure 5. The combination of both "Success" states (for Alice and Bob) means: The off-line transaction protocol state would result in a fair (successful) termination of the off-line transaction protocol for both parties upon any following interruption. Bob gets his "Success" after the reception of message [09a], Alice gets hers after receiving message [10a] . Both parties need a "Success" to make the off-line transaction protocol successful with a "deal" for Alice and Bob. "Deal" means, Alice and Bob both assume they have a contract with each other. These confirmation messages are important for the deal's confirmation in the final Confirmation Phase.

The general logic of Figure 6 for protocol case [b] is the same as described for Figure 5 except two technical details. First, there is no message [05b] in protocol case [b] because the flow logic doesn't need to be reversed as in protocol case [a] . The second distinction is the message flow direction: Due to the change of the main secret source (from Alice in protocol case [a] to Bob in protocol case [b]) the origins of messages [06] to [1 1] are reversed. Please note, the entity acting as source for the main secret being transferred is always the one which is in charge to successfully deliver message [09] to ensure a "Success" for the other entity.

1.4.6.1 Protocol State Analyses Next, all possible state transitions of the off-line transaction protocol discussed above and their results are analyzed taking into account the protocol behaves fail-stop. Please note, due to the off-line transaction protocol being of fail-stop type, no Byzantine failure (i.e. an erratic behavior of an entity with an intermediate error) possibility exists because a fail-stop does not allow any operation in case of incorrect behavior. The use of a fail-stop protocol means, whenever one CASTOR encounters an event calling for an interruption of the protocol-run, no error messages are produced or sent to the peer partner; instead the protocol is halted and the peer partner will time out. Questions to be answered will be:

- Can one CASTOR unambiguously detect the states of both CASTORs upon protocol interruption under all circumstances?

- Which states of failure for Alice and Bob will end in an unfair situation (e.g. losing the electronic tokens)?

- Can all unfair situations be handled in a way so fairness can be recreated, and how?

To answer these questions, the local states of both off-line transaction protocol-execution entities (Alice's and Bob's CASTORs) with respect to their local knowledge will be analyzed based on the state transition diagrams displayed in Figure 12 and Figure 13, for off-line transaction protocol cases [a] and [b], respectively. These state transition diagrams contain all possible combinations of the off-line transaction protocol states same is able to produce. All off-line transaction protocol failures at one off-line transaction protocol entity leading to an interruption become visible as timeouts at the other off-line transaction protocol entity, if the expected next off-line transaction protocol message cannot successfully be received within a predetermined period (timer) at the other off-line transaction protocol entity. Each fail -stop event causes an interruption of the off-line transaction protocol-run.

State diagram Figure 12 shows all possible states of the off-line transaction protocol for protocol case [a] (including the protocol states in case of an interruption). Alice's and Bob's states are shown in the boxes on the left-hand side and right-hand side, while the arrows are indicating the different protocol messages flowing between Alice and Bob.

As outlined above, Alice starts the protocol by transmitting message [01] to Bob. If this message goes lost nothing happens for Bob, and Alice faces a timeout, indicated by the state box [Alice TO l] . In order to do the transaction, Alice will have to reiterate the off-line transaction protocol by sending her first message [01] again. If Bob received message [01] successfully (i.e. message received and integrity check is passed) he answers by sending message [02] to Alice. In case of Bob doesn't receive message [01] he is not even aware a transaction had been intended!

If message [02] isn't successfully received by Alice (i.e. no message reception or message not passing the integrity check), she - again - faces the already aforementioned timeout. In this case the timeout will result in Alice terminating the protocol in state [Alice TOl].

Please note, on Alice's side all indicated left hand state boxes in Figure 12 starting with [Alice TOl] up to [WeakCommitted] indicate timeouts and thus (kind of) error states. Similarly, the right hand boxes on Bob's side starting from [Bob T01] to [Committed] indicate the timeout and (kind of) error states of Bob for protocol case [a] . Timeouts break the protocol flow by causing a fail-stop, i.e. an interruption of the off-line transaction protocol-run as indicated earlier herein. The dotted state boxes [Commit3] on Alice's and Bob's side indicate the successful protocol-run for the respective protocol entity including the [Committed] timeout state.

Because no electronic tokens or any other valuable information is transferred during the exchange of the first messages (up to message [07]), all protocol failures for Alice and Bob ([Alice TO l], [Alice T02], [Bob TO l], [Bob T02]) always lead to the off-line transaction protocol's termination in a fair state for both parties. The protocol failure cases [Alice T03] and [Bob T03] are not raising fairness problems because no fairness relevant information, in particular no electronic tokens, has been transferred yet.

Error event [Alice A l a] is a critical case for Alice . It happens if a timeout occurred after the transmission of message [07a]. Alice has transferred her electronic tokens to Bob without in turn obtaining the "receipt". This results in an unfair situation for Alice. In case of the [WeakCommitted] event for Alice, she has received evidence of her payment (i.e. transfer of her electronic tokens) in form of a valid electronic receipt (message [08a]), but she missed Bob's message [10a] (with the ACK2 -ticket object) as an answer to her previously sent message [09a] (with the ACKl-ticket object). This also causes an unfair situation since Alice is still within the "critical section" of the off-line transaction protocol (i.e. has a "weak deal"), while Bob already considers the transaction a "deal".

In case Alice has successfully received message [10a] (with the ACK2 -ticket object) from Bob, she enters - after sending her message [1 la] with the ACK3-ticket object to Bob - into the [Commit3]- state and passes the protocol-execution successfully in a (final) fair state.

Regarding Bob, in case of a timeout or another error resulting in error state [Bob B la], he previously sent his message [08a] containing his change secret (electronic tokens) and does not receive his receipt (i.e. message [09a]). Due to missing message [09a] containing the ACKl-ticket object the previously received main secret (electronic tokens) in message [07a] from Alice is destroyed by Bob's CASTOR and will not be released to the user's (i.e. Bob's) access.

In case of a successful reception of message [09a] from Alice with the ACKl-ticket object, Bob sends his message [10a] with the ACK2-ticket object to Alice in his [Commit2] state. In this case Bob has enough information about the deal for a successful termination in a (final) fair state. Depending on the reception of message [ 1 1 a] with the ACK3-ticket object, Bob passes the protocol-run with an additional knowledge about the successful protocol-run of entity Alice in a [Commit3] state or simply within a [Committed] timeout.

For the protocol case [a], in conclusion, unfair situations imperative to be handled are the timeouts/error states [Alice Ala], [WeakCommitted] and [Bob B la].

Figure 13 displays a state diagram with all possible off-line transaction protocol states for protocol case [b] (including the protocol states in case of an interruption). Figure 13 is indeed very similar to the state diagram described with respect to Figure 12 for protocol case [a] . The main difference between state diagram Figure 12 and state diagram Figure 13 is the respective role of Alice and Bob with reference to their payment: In Figure 13 and protocol case [b] Alice is the payee receiving the main secret while Bob is the payer to provide the main secret so that the state diagram of Figure 13 is essentially identical to that of Figure 12 with the positions of Alice and Bob reversed (except for message [05] missing in protocol case [b]).

In conclusion, unfair situations imperative to be handled for the protocol case [b] are the [Bob B ib], [WeakCommitted] and [Alice Alb] timeouts/error states.

1.4.6.2 State Discussion

The tables shown in Figure 14 and Figure 15 show all possible ways how to terminate the off-line transaction protocol-run in case [a] and case [b], respectively, including also the terminations where both parties terminate in a fair state. Note that the abbreviation "C3" stands for a "Commit3" state. In the description below the terms "secret" and "value" have the same meaning.

The column "ID" in the tables of Figure 14 and Figure 15 is used as reference to indicate a certain protocol stop situation. The column "State Pair" indicates the concrete stop event combination of Alice's and Bob's CASTORs as shown in Figure 12 and Figure 13. The two last state pairs in the tables provided by Figure 14 and Figure 15 are not caused by a timeout event. They refer to successful deals, respectively.

The column "Fairness deficit" indicates whether the protocol termination state of Alice respectively Bob (even to eMint) leads to an unfair state. "None" means, no party terminates the protocol in an unfair state. In case a name or names is/are indicated in the column, it/they denote(s) the transaction party facing a fairness deficit due to the transmission situation of the off-line transaction protocol. The remaining columns in the tables shown in Figure 14 and Figure 15 are depending on the protocol role of the entities, distinguishing between Alice and Bob.

The column "Strategy" indicates for Alice and Bob, respectively, what the respective entity (Alice or Bob) has to do in case a fairness deficit for the entity occurs, "final" indicates the respective party doesn't have to do anything (no fairness deficit) and the off-line transaction protocol can be terminated in a final state, "rollback" indicates the undoing of the transaction processed so far. Please note, a "rollback" case for Alice is only possible for IDs 07a and 08a and a "rollback" case for Bob is only possible for IDs 06b and 07b. For the "locked wait" case, please refer to the more detailed discussion below. In these "rollback" cases the main secret has been transferred by Alice or Bob, but they have not received the change secret successfully meaning the reception of the message with the change secret is missing or the integrity check failed. As can be perceived from Figure 14 and Figure 15 for these states and for the respective other transaction party, these cases are terminated without a deal/contract, so Alice and Bob - in theory - could both rollback the transaction by un-deleting their respective eCoins for the main secret. Hence Alice and Bob could rollback the protocol-run "back to the initial situation" before starting same.

However, for security reasons this may be undesirable, as it effectively allows a protocol termination case in which the CASTORs could decide not to destroy eCoins irrevocably once they have been transmitted, while the other party has received same (i.e. they are available at the other CASTOR as well, which facilitates a multi -spending case which should be avoided). This is thus a potential source of unwanted duplication of eCoins (i.e. the CASTORs would be effectively allowed to copy eCoins in special cases). Hence, even though a rollback is possible in the state combinations of IDs 07a, 08a, 06b, and 07b, i.e. Alice and Bob could perform the rollback in protocol cases [a] and [b], respectively, Alice and Bob nevertheless irrevocably destroy the transferred eCoins of the main secret and issue a proof of loss ("credit note" or "affidavit") for the eCoins of the main secret. Similarly, the CASTORs of Bob and Alice as receivers of the main secret in protocol cases [a] and [b], respectively, do not allow Bob and Alice to dispose the eCoins of the main secret in case they received message [07a] or [07b], respectively.

Please note, in Figure 14 and in Figure 15 there are protocol case dependencies for the "weak deal" state. This is indicated by the words "Ok:" and "Nok:". "Ok" means, that the "weak deal" will finally end in a successful way. "Nok:" means the opposite, i.e. the "weak deal" will finally end in an unsuccessful way. This will be discussed in a more detail below.

The outcome of a transaction can be a state that is not immediately clear. This leads to situations, where the off-line transaction protocol is not able to produce final states. In these cases at least one of Alice and Bob has a "weak deal" meaning a sort of a legally unconfirmed claim. "Weak deals" will be intermediate states limited in time. They are in no case causing a deadlock situation. The off-line transaction protocol may help to prepare for the subsequent resolution of the "weak deal" - which is realized outside of the off-line transaction protocol itself - as it may allow for the CASTORs agreeing on a lock timeout period ("WeakDealLockDelay", WDLD) for "weak deals" in the Negotiation Phase. As mentioned above, alternatively, the lock timeout period is predetermined, or could also be negotiated between Alice and Bob in advance (i.e. before the run of the off-line transaction protocol), optional in combination with a restriction rule (e.g. not lower as and/or not higher as) and is passed to the CASTORs as a parameter for the protocol-run.

During this lock timeout period the CASTORs try to (re)contact each other and try to transit the "weak deal" to a "deal" by exchanging the "missing" information. Both CASTORs also know what to do after expiry of the lock timeout period, e.g. whether a respective CASTOR may dispose of the exchanged eCoins and/or receipt of the other party, whether to maintain this data in a storage or whether to irrevocably destroy these data blocks.

In the special cases of IDs 08a and 07b, Bob and Alice, respectively, initially encounter a "weak deal", which will always become "no deal" (i.e. no contract between Alice and Bob). This is due to the respective other protocol partner's state upon interruption (i.e. for ID 08a, Alice is in state Alice Ala; for ID 07b Bob is in state Bob B ib) leading to an (immediate) final termination (for Alice Ala and Bob B ib) of the off-line transaction protocol (through rollback) to a "no deal" situation, which means that Bob (B la) and Alice (Alb), respectively, will never (as it is impossible) be contacted within a lock timeout period (meaning that in this case the "weak deal" partner have to wait to finish the complete lock timeout period) by their protocol partners (as they can/have immediately terminate/terminated the transaction) to resolve the "weak deal" for Bob, respectively Alice.

Hence, the "rollback" case in the column "Strategy", in Figure 14 and in Figure 15 may be considered as special case of the "final" case in terms of allowing the immediate termination of the off-line transaction protocol in a final state at the respective entity, but with a loss of the electronic eCoins of the main secret for Alice and Bob for a proof of loss and the collateral damage of waiting time, i.e. the complete lock timeout period for the respective partner entity. Hence, although rollback and termination of the protocol into a fair state would be possible in theory, the off-line protocol is terminated in an unfair state for the sender of the main secret.

Alternatively, in case of the security concerns with respect to the duplication of eCoins (so called multi-spending) it is not imperative to handle protocol interruptions in a way to allow the sender of the main secret to keep the eCoins of the main secret, while the receiver of the main secret may need to clear the eCoins of the main secret.

The column "to clear" indicates whether any eCoins and at which amount need to be destroyed by the respective local CASTOR of Alice and Bob to achieve fairness, respectively. The columns "to refund" indicates whether any proof of loss ("credit note" or "affidavit") and at which amount the proof of loss needs to be created by the local CASTOR, which may be used in a fairness recreation process upon having terminated the off-line transaction protocol. In these two columns the "none" case is self- explanatory, "main value" denotes the eCoins of the main secret of the transaction and "change value" the optional change secret of the transaction.

The columns "receipt" in Figure 14 and in Figure 15 indicate the state of the receipt (also referenced as quittance or receipt) after the off-line transaction protocol-run. "invalid" means, the receipt is not longer valid, i.e. it is invalidated by the CASTOR.

The columns "state" , in Figure 14 and in Figure 15 indicate whether Alice and Bob conclude a deal has happened (i.e. a contract on the receivables of the transaction) or not (no deal), i.e. whether they consider them legally bound to a contract or not. It should be noted, Alice and Bob always come to the same conclusion on whether they have a deal or not (see column "state") for all state combinations with one exception: There is the possibility of a contradiction (see IDs 10a and 09b); this special case will be discussed in more detail below.

The "locked wait" case in the column "Strategy" indicates that the local knowledge at the respective entity is insufficient to conclude on whether there has been a deal or not (see IDs 08a, 09a, 10a for protocol case [a] and IDs 07b, 08b and 09b for protocol case [b]). It is thus the only case that the offline transaction protocol is terminating with a "locked wait" (un-final) state decision (in contrast to "final" and "rollback") for the respective entity. In case of such "locked wait" condition the protocol partners have to try to (re)contact each other (again) within a lock timeout period, so as to decide whether a deal (contract) is existent or not (see section "Fairness Recreation" below for more details). Of course, in case only one CASTOR is in the "locked wait" state, only this CASTOR will try to contact the other CASTOR. During the Negotiation Phase, Alice and Bob mutually negotiate a lock timeout period ("WeakDealLockDelay", WDLD) as a maximum time span during which Alice and Bob need to contact each other to resolve the protocol situation to - at best - a deal situation. If this doesn't lead to a success (due to the impossibility to (re)contact the other (former) partner party or because the time window is closed (lock timeout expired)), there finally will be no deal.

The following paragraphs will discuss some special cases for an interruption of the off-line transaction protocol, and their handling in a post-transaction protocol termination process in further detail. In case a respective one of the tamper-protected semiconductor module has not sent any electronic tokens yet, it may terminate the off-line transaction protocol immediately in a final and fair state. For example, in the states identified by IDs Ola, 02a, 03a, 04a, 05a, 06a, 07a, 01b, 02b, 03b, 04b, and 05b in Figure 14 and Figure 15, respectively, the CASTOR of Bob can terminate the off-line transaction protocol immediately in a final and fair state. For Alice, the situation is slightly different: The CASTOR of Alice terminates the off-line transaction protocol immediately in a final and fair state in the states identified by IDs Ola, 02a, 03a, 04a, 05a, 06a, 01b, 02b, 03b, 04b, 05b, and 06b in Figure 14 and Figure 15, respectively.

In the states identified by IDs 07a, 08a, 06b, 07b in Figure 14 and Figure 15, respectively, the off-line transaction protocol is terminated after one of the tamper protected semiconductor modules, i.e. the CASTOR of the "payer", has transferred its electronic tokens without having received the expected response from the CASTOR of the "payee". In this situation, the CASTOR of the "payer" lacking the expected response, terminates the off-line transaction protocol immediately in a final, but however unfair state, in which the transferred electronic tokens are irrevocably destroyed and provides a proof of loss for the irrevocably destroyed electronic tokens.

In case the "payee" has successfully received the transferred electronic tokens (and nothing else thereafter) and has transferred change electronic tokens to the "payer", the "payee" terminates the "weak deal" phase of the off-line transaction protocol after expiry of a previously defined lock timeout period in a final but unfair state (see IDs 08a, 09a, 07b, 08b in Figure 14 and Figure 15, respectively), in which the CASTOR of the "payee" irrevocably destroys the received electronic tokens (for main value) and provides a proof of loss (for the change value).

Another situation to be handled is the situation where the off-line transaction protocol is terminated after the CASTOR of the "payer" has transferred its electronic tokens to the CASTOR of the "payee". Further is assumed that the CASTOR of the "payee" successfully received the electronic tokens and returned a confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens, but the "payee" did not receive the expected response to its confirmation of receipt for the transferred electronic tokens and, optionally, change electronic tokens the CASTOR of the "payer" - see, states IDs 08a, 09a, 07b and 08b in Figure 14 and Figure 15, respectively. In this situation, the CASTOR of the "payer" terminates the off-line transaction protocol either immediately in a final but unfair state (state Bob B ib), in which its transferred electronic tokens (for the change value) are irrevocably destroyed, and a proof of loss for the main value is provided by the CASTOR of the "payer", in case it has not received the "payee's" confirmation of receipt for the transferred electronic tokens and the optional change electronic tokens or in a weak commit (WC) state (state Bob C2).

In case the CASTOR of the "payer" has received the "payee's" confirmation of receipt for the transferred electronic tokens and the optional change electronic tokens, the CASTOR of the "payer" terminates the off-line transaction protocol either in a final and fair state (see IDs 1 la, 12a, 10b, 1 lb) in case the 'Commit2' message was received or in a weak deal state (see IDs 09a, 10a, 08b, 09b).

The off-line transaction protocol is terminated in a final and fair state (see IDs 11a, 12a, 10b, 1 lb) in case both tamper-protected semiconductor modules immediately receive all required messages or if both re-contact (within the "weak deal" phase of the off-line transaction protocol) each other and finish the transaction in a "weak deal" within a previously defined lock timeout period successfully. Otherwise the CASTOR of the "payer", which has transferred its electronic tokens to the CASTOR of the "payee", terminates the "weak deal" phase of the off-line transaction protocol in a final but unfair state (see IDs 09a, 10a, 08b, 09b) after expiry of the previously defined lock timeout period, in which the CASTOR of the "payer" produces a proof of loss for the main value of the electronic tokens already transferred to the CASTOR of the "payee" and irrevocably destroys the electronic change tokens received from the CASTOR of the "payee".

The CASTOR of the "payee", which did not receive the expected response to its confirmation of receipt for the transferred change electronic tokens (see IDs 08a, 09a, 7b and 08b) terminates the "weak deal" phase of the off-line transaction protocol after expiry of a previously defined lock timeout period in a final but unfair state, in case the tamper-protected semiconductor modules fail to re-contact each other within the previously defined lock timeout period successfully: The CASTOR of the "payee" irrevocably destroys the previously received electronic tokens of the main value and provides a proof of loss for change value of the previously sent electronic change tokens, in case the CASTOR of the "payee" has transferred change electronic tokens to CASTOR of the "payer" in response to having received the main electronic tokens from the CASTOR of the "payer".

With respect to the special cases denoted with IDs 09a (and 10a) and 08b (and 09b), it should be noted that the indicated state combinations of Alice and Bob upon interruption of the protocol are the only ones that do not allow to terminate the off-line transaction protocol in a predetermined (logically) final state. A final state of the transaction in terms whether Alice and Bob assume a deal or no deal to be achieved, depends on whether the two CASTORs can resolve the situation by (re-)contacting each other during a lock timeout period within the "weak deal" phase of the off-line transaction protocol. If this is not the case, the CASTORs transition the intermediate "weak deal" state to a final "no deal" state. If the two CASTORs (re)-contact each other successfully within the lock timeout period - this is not part of the off-line transaction protocol -, the CASTORs can transit the intermediate "weak deal" state to a final "deal" state.

In these situations identified by IDs 09a and 08b both (Alice and Bob) have a "weak deal". This off- line transaction protocol state will decide within the already addressed lock timeout period ("WeakDealLockDelay", WDLD) for both entities always at the same (identical) outcome state: Both CASTORs decide either for "no deal" or for "deal"; there will be never a contradicting outcome.

The only possibility for a contradiction in the termination of the off-line transaction protocol potentially exists in cases ID 10a or ID 09b: It could be argued, what happens if the off-line transaction protocol entity having the "weak deal" ("WeakCommit" state) in the state combinations of IDs 10a and 09b does not catch-up the missing message (up to the end of the lock timeout period) from the other protocol entity (which assumes a deal having been made) anymore and concludes on "no deal" (contradiction). This might happen indeed.

Assume for exemplary purposes, the protocol entity experiencing the "weak deal" was buying a service or tangible/intangible product ("Customer") and the other protocol entity was supplying the service or tangible/intangible product ("Merchant"), and that the Merchant assumed a deal, and the Customer has transited his/her "weak deal" to a "no deal". In this case the contradiction on the success state of the transaction remains: The Customer assumes no deal being made, while the Merchant considers the opposite (see for example, ID 10a and 09b of the tables in Figure 14 and Figure 15). This contradiction can be resolved as follows: The Customer (who lost his eCoins according to his final state of the off-line transaction protocol = no deal) contacts his eCoins issuing authority (eMint) and claims compensation for the eCoins paid to the Merchant. The proof of loss having been generated for eCoins paid to the Merchant by the Customer's CASTOR in case of terminating the transaction protocol finally in a "no deal" state serves as evidence the Customer can provide to claim for compensation. Please note, it is assumed that the proof of loss does not only indicates the eCoins (e.g. their identifying descriptor items (e.g. serial numbers) and value) destroyed by the Customer's CASTOR, but also provides additional information on the transaction partners, so that the Merchant is identified (e.g. by means of a vendor ID on the electronic receipt and the user Type-I/II certificate).

It's up to the issuing authority/eMint's policy if the Customer is compensated for his loss instantly or if he has to wait until the Merchant (or any other party) clears the eCoins against the issuing authority within their transferability period (eCoins can be defined to be transferable for a significantly shorter period of time (e.g. several months, e.g. 3 month), but would be valid for a much longer time (e.g. 3 years)). If (respecting to the second possibility) the "lost" eCoins are not cleared in this transferability period of time, the issuing authority/eMint compensates the Customer for the loss.

In this end-of-transferability-period moment (but no later than the clearing of the eCoins), the issuing authority/eMint is able to detect if a collision occurs (i.e. the eCoins being claimed by the Customer for compensation have been cleared by someone else, i.e. the Merchant). If no collision is detected (i.e. the eCoins to be compensated for have not been cleared yet), the issuing authority/eMint compensates the Customer, but now knows the identity of the Customer in return (which may used in a liability claim for fraud, etc.).

If eCoins for which compensation has been claimed by the Customer (which are still in the possession of the Merchant) are not (never) cleared (and expire as a consequence of that), the compensation claim is settled for the issuing authority/eMint, because fairness is restored: Neither the issuing authority/eMint nor the Merchant nor the Customer suffers a loss (equivalent to destroying a bill). However, in case the Merchant clears the eCoins with his authority/eMint (either directly or spending/travelling them through the economy), the authority/eMint will in turn ask the Customer for compensation. Please note, the Customer is known to the authority/eMint as he requested compensation of the eCoins. At this point, the Customer could be requested to clear the situation (e.g. by proving the deal hasn't been successful (i.e. "no deal"), i.e. the Customer has not received the service or tangible/intangible product subject to the deal. In case the authority/eMint can prove the Customer's allegation wasn't true (e.g. by evidence received from the authority/eMint' s CASTOR), the Customer is convicted of fraud. This is discussed in more details later this section. Overall, there is a low probability for encountering such situations, and the intentional creation of such situation is not attractive in view of the evidence on each transaction produced by the CASTORs and the de- anonymization of the parties (Customer and Merchant).

Due to the importance of understanding the cases where a contradiction in the termination of the offline transaction protocol for Alice and Bob occurs, the previous discussion is reduced in the following (due to a measure of redundancy reduction) leading only to the [a] case. The situation in the [b] case is logically identical to case [a], reversing the Alice's and Bob's entity positions:

In case of ID 10a, Bob always has a "deal", but for Alice it is possible to have a "no deal" due to the possibility of erratic channel behavior. This contradiction (as indicated above) makes it necessary to escalate fairness clearing to a higher level (all other cases don't need special treatment as they always have identical common states) and contradiction cannot be healed on a formal algorithmic layer within acceptable expenses. The way to solve it results from the nature of the treatment of same loss problem: In case of the transition "weak deal" "no deal", the party suffering the loss is in the necessity of requesting compensation by using the affidavit generated by the CASTOR. This leads to several consequences like the de-anonymization of the party with the claimed loss, knowing the identity of the transaction partner of the party with the loss, and the identifying descriptor item (e.g. serial numbers) of the used eCoins. Additionally, the eMint can check/prove the existing ID case of the contradiction (IDs 10a, ID 09b).

During the refund procedure the eMint can (mostly always) check within her legal limits or only in selected cases (e.g. depending on the level of the loss) if the loss claiming party additionally receives the paid product or service. This is also possible within money remittances, withdrawals, or payments of an amount of money. If the eMint is able to find evidence the party claiming the loss nevertheless took the counter-value of the transaction, the eMint might refuse compensation and escalate the situation to court.

It should be noticed, a multi-spending scenario does not occur in any situation. Not a single eCoin never ever will be replaced by a counterpart of the same identifying descriptor item (e.g. serial number). The finality of the transaction is also not destroyed, the success case is in every circumstance immediate, except in the "weak deal" cases (when WeakDealLockDelay (WDLD) > zero).

1.4.7 "Weak Deal" Phase

The "weak deal" phase of the off-line transaction protocol (i.e. the "weak deal" phase is also off-line) is entered in case there is an interruption of the off-line transaction protocol in a situation, in order to give the two CASTORs the chance to re-contact each other and to end the transaction successfully (e.g. by exchanging the previously missing protocol messages for a successful ending of the run of the off-line transaction protocol). The "weak deal" phase is not entered every time the off-line transaction protocol is interrupted, but only in cases where the respective local knowledge of the CASTORs on the transaction is insufficient to allow both CASTORs to conclude on the success or failure of the transaction. These are the states identified with IDs 8a, 9a, 10a in Figure 14 and IDs 7b, 8b and 9b in Figure 15. The weak deal" phase of the off-line transaction protocol is basically the "protocol" the two CASTORs follow in these cases and mainly consists of the two CASTORs trying to re-contact each other in a lock timeout period ("WeakDealLockDelay", WDLD) in order to come to either a successful termination of the transaction ("weak-deal" "deal") or unsuccessful termination of the transaction ("weak-deal" "no deal"). According to whether there is a deal or no deal for the respective tamper-protected semiconductor modules the take respective actions to avoid misuse of the transaction system, such as for example destroying electronic tokens, generating a proof of loss where applicable, etc. In chapter "Fairness Recreation" below, it will be outlined in detail on how the CASTORs behave in case the "weak deal" becomes a "no deal", i.e. the transaction is not successfully terminated within the lock timeout period.

In one exemplary embodiment, in case of an interruption of the off-line transaction protocol in a situation in which the response to the message [10] with the ACK2 -ticket object is outstanding at the CASTOR sending message [10] (IDs 10a and 9b), the respective CASTOR repeatedly sends message [10] with the ACK2 -ticket object also during the lock timeout period. This can be considered a re- contacting of the CASTORs. As can be noted in Figure 14 and Figure 15 upon reception of the ACK2- ticket object, both CASTORs consider the transaction sucessful. The repetition of message [10] during the lock timeout period may be advantageous as it increases the chance the other CASTOR receives message [10] with the ACK2 -ticket object and advances to the next state (IDs 1 la and 10b) in which Alice and Bob have a deal, and no fairness deficit occurs.

At the end of the lock timeout period ("WeakDealLockDelay", WDLD) one of the following two possible "weak deal" transitions will be performed/finalized:

- Missing message [10] has been successfully delivered: transition "weak-deal" "deal" is fulfilled, else

- "weak-deal" "no deal" is fulfilled/settled.

It is also possible to define a lock timeout period of zero duration. In this case the "weak deal" protocol is de facto not existent. In this case, all state decisions of the off-line transfer protocol are immediately final. All "weak deals" depicted in Figure 14 and Figure 15 then transit into "no deal" states, and the distinction of "Ok" and "Nok" (not ok) will collapse to the "Nok" option. In this sense the "weak deal" protocol is the more general case including the "in statu nascendi" final (zero lock) case.

The following list shows exhaustively all (theoretically) possible combinations of "reasons, why the contradiction has happened" for protocol Case [a] - for protocol Case [b] the roles of Alice and Bob are reversed:

- Statistical error case: Due to the very small probability of transmission errors over erratic channels the off-line transfer protocol can collapse into a "weak-deal" "no deal" condition. In this case the eMint may accept the loss and take the ownership of the referenced goods or services paid by the party which is to be compensated due to the affidavit mechanism. This could be handled like an insurance calculation based model.

- Alice cheats: Alice "constructs" this exceptional case wishing as well to get compensated by the eMint and as to receive the paid goods or services. In this case the eMint compensates Alice and becomes aware of Alice's identity (a recommended condition), Bob's identity (contained in the presented eDoc, part of the affidavit), and the identifying descriptor items (e.g. serial numbers) of the used eCoins. Sooner or later (up to the eCoin travelling speed through the economy and the clearing moment of the involved eCoins), the eMint is able to prove if Alice has produced a fraudulent claim against the eMint.

- Bob cheats: This is impossible (in protocol Case [a]).

- Alice and Bob are teaming to cheat: Both parties produce fictitious transactions to generate loss which then shall be paid by the eMint (claiming compensation). As one of the pre-conditions for loss compensation the eMint has to become aware of Alice's identity (only feasible with the recommended de-anonymization). Thus, if Alice cheats the eMint will become aware not only of Alice's but also of Bob's identity (because it is contained in the eDoc's data structure as part of the affidavit), and the identifying descriptor items" (e.g. the serial numbers used herein), too.

- Even if Bob "supported" Alice by not telling the truth about a specific former transaction the eMint can prove the untruth of Bob's statement once Alice clears the respective eCoins.

Table 25 contains a rating comparison of methods and arguments for a down-streamed "weak deal" handling (WeakDealLockDelay (WDLD) > zero) or an immediate handling (WeakDealLockDelay (WDLD) = zero) in the "weak deal" case:

Table 25: Preliminary considerations for "weak deal" handling possibilities. The fundamental difference between a "weak deal" and an "instant deal", as discussed above, is the reduction of the "weak deal no deal" occurrence's probability. This result from the effect of chaining up Alice and Bob together for a limited time frame (WeakDealLockDelay, WDLD) to provoke a (re)connect.

Summarizing the protocol Case [a] as shown in the table of Figure 14 the following should be noted: - There are no more than 12 different ways to terminate the off-line transaction protocol.

- Eight of them (IDs O la, 02a, 03a, 04a, 05a, 06a, 1 1a, 12a) terminate the protocol always in an immediately fair state to both parties, meaning fairness reconstruction is not required. - Three (IDs 07a, 08a, 09a) terminate the protocol in an unfair state (always for IDs 07a, 08a, and only within a given probability for ID 09a), and may possibly cause the necessity of a postponed fairness reconstruction.

- One (ID 10a) possibility of state contradiction (as discussed above) leads to a more complex handling of a postponed fairness reconstruction process to the parties.

- "weak deal no deal" and "weak deal deal" mean a transformation from intermediate state to an final state within the "weak deal" phase of the off-line transaction protocol, indicating part of a "phase -change" transition of the off-line transaction protocol.

In protocol Case [b], as shown in the table of Figure 15, it is important to notice the following:

- There are no more than 11 different ways to terminate the off-line transaction protocol.

- Seven of them (IDs 01b, 02b, 03b, 04b, 05b, 10b, and l ib) terminate the protocol always in an immediately fair state to both parties, meaning fairness reconstruction is not required.

- Three transaction results (IDs 06b, 07b, and 08b) terminate the protocol in an unfair state (always for IDs 06b, 07b, and only within a given probability for ID 08b) and may possibly cause the necessity of a postponed fairness reconstruction.

- One (ID 09b) possibility of state contradiction (as discussed above) leads to a more complex handling of a postponed fairness reconstruction process to the parties.

- "weak deal no deal" and "weak deal deal" mean transformations from an intermediate state to an final state within the "weak deal" phase of the off-line transaction protocol, indicating part of a "phase -change" transition of the off-line transaction protocol.

An error event that interrupts the off-line transaction protocol is raised in cases where the expected next message is not successfully received by the entity within a given time frame (timeout) or in cases where the error is caused by an unsuccessful integrity check of a message or another source of error (e.g. communication channel down, sudden power outage at one peer-device, manual termination of the transaction by the user, etc.). Beyond this fact one can be speculate about the reception of the previous message sent by the party which triggers the error-event at the respective other protocol- partner: Either the previous message was not received and the protocol partner faced already a timeout error event itself, or the previous message was received and there are other reasons, why the next message was not transmitted or received.

The tables of Figure 14 and Figure 15 reflect this "Byzantine General" transmission effect in the column "State Pair". Every timeout/error state is indicated twice for Alice and Bob, which can be interpreted as a state-case-splitting. For example, error state TO l for Alice in the table displayed in Figure 15 is shown in the ID-cases 01b and 02b. These two cases directly fit into the assumption dilemma (of not being able to know), why the expected message was not received successfully. Fact is Alice is unable to decide, which reason caused her timeout. This is a fundamental preposition for the off-line transfer protocol's intention. However, she is not in the need to differentiate. The situation can be cleared without Alice knowing the (exact) reason why her timeout/break resulted in the error state.

1.4.8 Fairness Recreation

As shown in the previous section as well in Figure 14 and Figure 15, it is impossible for the sender of a lost message to differentiate between the case the message has been received by the receiver, and the case the sender had missed the subsequent message. Therefore, from the perspective of this basic observation, the following paragraphs will discuss in further detail the actions needed for fairness recreation after the termination of the off-line transaction protocol.

Applying to the directive "pacta sunt servanda" ("promises must be kept") a transaction system has to guarantee the finality of payments under all circumstances. Due to the inevitability of losing (some) messages, the underlying strategy is loss compensation. It is important to note, if it is possible to compensate a protocol entity that experiences a loss of eCoins induced by the transmission thereof, the off-line transaction protocol is a "closed shop". A transaction system may thus guarantee through the usage of its off-line transaction protocol:

- it is impossible to increase the value (inflation of eCoins) and

- it is also impossible to lose value (deflation of eCoins).

This guarantees it is impossible to get an advantage neither over the other protocol party nor over the issuing authority/eMint as the protocol party for clearance/deposit, withdrawal, etc.

1.4.8.1 Proof of Loss in the eCash System (using the Electronic Document - eDOC)

As indicated above, the off-line transaction protocol may terminate in an unfair state. In order to reconstruct fairness to the parties of the transaction, it may therefore be advantageous if the parties to the transaction (in more detail the tamper-protected semiconductor modules) use a mechanism that allows to prove loss of any electronic token to a third party in a fairness reconstruction processes. According to another aspect of the invention, this is achieved by providing an electronic document that can be considered a non-repudiation token to ensure non-repudiability of the transaction.

In an exemplary implementation, the transaction protocol messages exchanged by the tamper- protected semiconductor modules during the Negotiation Phase and the Electronic Token Transfer Phase each comprise an electronic document that contains information on the state of the transfer of the electronic tokens and which is part of the proof of loss provided in a respective tamper-protected semiconductor module if a termination of the transaction protocol ends in an unfair state.

Such electronic document may for example comprise at least one of: an information on the transaction (e.g. type of the transaction (e.g. invoice, withdrawal, deposit, remittance, etc.), transaction ID, semiconductor module ID, amount and type of the electronic tokens, date, time, serial number information, user certificate references, and other data from the local user environment and/or the operating platform (e.g. comprised, at least in part, in the eDoc.eRequest.HTML5_Script section), please refer to the eRequest eDoc structure documented in chapter "eDoc Type Objects") and the tamper-protected semiconductor module(s) executing the transaction, the information being signed by a signing key of the tamper-protected semiconductor module initiating the transaction and/or counter-signed during the message exchange process by a signing key of the tamper-protected semiconductor modules concerned in that transaction, a "WeakDealLockDelay (WDLD) section, including a place (scratch) where to exchange proposed values for the weak deal lock delay prior to the negotiation and indicating the selected and negotiated value for a potentially later applied weak deal handling procedure. This information may also being signed and/or counter-signed as it is the case in the later delineated eRequest eDoc data structure,

a "Ranked Suggestion List" (RSL) of candidate combinations of atomic electronic token denominations stored in the tamper-protected semiconductor module and respective, optional change preferred candidate combinations of atomic electronic token denominations that fulfill the receivable of the transaction (signed and/or counter-signed),

a selection of one of the candidate combinations of atomic electronic token denominations and respective, optional change preferred candidate combinations of atomic electronic token denominations selected from the„Ranked Suggestion List" (signed and/or counter-signed), identifying descriptor items of the selected candidate main combination of atomic electronic tokens stored in the first tamper-protected semiconductor module transferred to the second tamper-protected semiconductor module, wherein the identifying descriptor items of the selected candidate combination of atomic electronic tokens are signed and/or counter-signed by the signing key of the first tamper-protected semiconductor module,

identifying descriptor items of the selected candidate change combination of atomic electronic tokens stored in the second tamper-protected semiconductor module transferred to the first tamper-protected semiconductor module, wherein the identifying descriptor items of the selected candidate change combination of atomic electronic tokens are signed and/or counter-signed by the signing key of the second tamper-protected semiconductor module, and

a confirmation of receipt of electronic tokens (e .g . comprised, at least in part, in the eDoc.eReceipt.HTML5_Script section) signed and/or counter-signed by the signing key of either the first or the second tamper-protected semiconductor module, depending on whether the first or the second tamper-protected semiconductor module initiated the transaction, a voucher in form of an affidavit usable for the compensation claim against the issuing authority/eMint.

According to an exemplary embodiment, the first version of the electronic document is generated within the Negotiation Phase of the electronic tokens to be transferred in the transaction and the electronic document is updated and exchanged by the tamper-protected semiconductor modules as part of the transaction protocol messages exchanged by the tamper-protected semiconductor modules in the Negotiation Phase and the Electronic Token Transfer Phase. The tamper-protected semiconductor modules may for example mutually sign and counter-sign information added to the electronic document as part of the update thereof.

Such a proof of loss provided by a CASTOR can be considered a voucher in form of an affidavit to an external arbiter (issuing authority of the eCoins/eMint). This voucher can be exchanged for eCoins of the corresponding value. The eCash system uses this mechanism to compensate a party with a fairness deficit to recover fairness. A proof of loss may be constructed similarly to the eCoins, however lacking the "transferability" property.

1.4.8.2 Unfair Transactions or Compensation Cases

In the previous section "Handling of Interruptions of the Off-line Transaction Protocol", the state pairs which may lead to an unfair termination of the off-line transaction protocol as shown in the tables of Figure 14 and Figure 15 already have been a discussed. In these cases Alice and/or Bob (as the users) receive a proof of loss from their CASTOR to prove their loss of the eCoins of the main secret/values and/or the eCoins of the change secret/values, respectively.

Overall, only four state pairs (IDs) exist where a post off-line transaction protocol fairness reconstruction (may) become(s) necessary to restore fairness. For protocol Case [a] these are the state pairs corresponding to IDs 07a, 08a, 09a, and 10a of the table shown in Figure 14 and another four in the protocol Case [b] for the state pairs corresponding to IDs 06b, 07b, 08b, and 09b as shown in the table of Figure 15. All others state pairs lead to an immediate final termination of the off-line transaction protocol into a fair state for Alice and Bob, so no compensation of any loss has to be performed.

Fairness recovery includes a reimbursement of an eCoin loss for the transacting party incurring the loss, so the original state before entering into the transaction is restored, e.g. no transaction ever happened ("no deal"). None of the successful deals (i.e. "deal") require any compensation. In some rare cases, however, the transaction results into a "weak deal" status. In these cases, it depends on the (delayed) final status of the transaction (deal or no deal), whether the transaction resulted in a loss, calling for a fairness reconstruction. It is assumed in the presented eCash system, the issuing authorities of the electronic tokens (eMints) always are "collecting all losses and forming the source of reimbursement for the parties with the loss". This will be outlined further below in the section " Reimbursement Treatment resolved by the Issuing Authority (eMint)".

1.4.8.3 Unfair State Case Alice Ala

Table 26: Excerpt from Figure 14 of the termination pairings.

This state pair occurs if Alice (as the payer) transmitted the eCoins of the main secret (main value) to Bob (as payee) within message [07a], and Alice didn't receive Bob's message [08a] with the eCoins of the change secret (change value) that would contain Bob's receipt (as part of the eDoc) to confirm reception of Alice's message [07a] in return. Instead, Alice faces a timeout. As outlined above, this situation may be - in theory - resolvable by a rollback and "recreation" of the main secret by Alice's CASTOR. As outlined above, such "minting capability" for CASTORs is undesirable. In this case the rollback performed by Alice's CASTOR will immediately and finally conclude there is "no deal" (see column "state"), and her CASTOR will terminate the off-line transaction protocol so Alice loses her main value (i.e. her eCoins of the main secret are deleted). Further, Alice's CASTOR generates and provides a proof of loss for these eCoins for a postponed compensation with the eCoin-issuing- authority (eMint) - see column to "to refund" indicating "main value". Alice has no receipt from Bob - see column "receipt" indicating "missing", and the deal with him is not successful ("no deal").

1.4.8.4 Unfair State Case Bob Bl b

Table 27: Extract from Figure 15 of the termination pairings.

This is the almost same situation as outlined for Alice in the section "Unfair State Case Alice Ala above but the roles of Alice and Bob exchanged due to no flow reversal in the protocol Case [b] .

1.4.8.5 Unfair State Case Bob Bla

State Bob

ID Fairness deficit

Pair Strategy to clear to refund receipt State

A Ala locked Ok: none Ok: none weak

08a Alice & Bob sent

B Bla wait Nok: Nok: deal A WC Ok: none main change

09a

B Bla Nok: Alice & Bob value value

Table 28: Extract from Figure 14 of the termination pairings.

This situation may occur in protocol Case [a], if Bob's CASTOR sent his eCoins of the change secret to Alice in message [08a] - i.e. after having received her main value in message [07a] - in his (Bob's) role as payee. However, the expected first confirmation message [09a] ('Commitl ' message) does not arrive at Bob's CASTOR, and it goes into a timeout.

This situation will result into a lock state as consequence of the "weak deal". This is indicated for Alice by the 'WC, an acronym for a 'Weak Commit' . Bob currently doesn't have a valid contract with Alice, and therefore, he cannot bank Alice's payment (Alice's eCoins of the main secret) - see column "to clear" indicating "main value" for the case there finally is no deal. Being locked means, Bob's CASTOR cannot immediately terminate the off-line transaction protocol into a final state. A lock imposes a lock timeout period for any party which has a reconnection opportunity to change the "weak deal" to a successful "deal" status.

If Bob is able to conclude the transaction within that time frame (lock timeout period) because he's able to re-contact Alice and to finally receive her confirmation message [09a], the deal ends with a success for Bob. The lock will be removed, no proof of loss will be generated, and no value is cleared. Alice's eCoins of the main secret are "unfrozen" by Bob's CASTOR and transferred into his value pool for further disposition through Bob.

If the lock time window (lock timeout period) at Bob's side is "closed" without a prosperous reconnection, Bob's CASTOR will transit the intermediate state of the transaction from "weak deal" into "no deal". Before removing the lock in this case, the main value (i.e. Alice's eCoins of the main secret) that Bob received previously within message [07a] will be irrevocably destroyed - see column "to clear" indicating "main value" -, and a proof of loss will be generated for the lost eCoins of the change secret - see column "to refund" indicating "change value". The previously sent receipt will be annulled (it loses its validity).

It is noteworthy, in case of ID 08a the deal will be always unsuccessful ("weak deal no deal") for Bob, i.e. the "weak deal" state will always transit to a "no deal" state in order to come to the same final transaction state for this case as Alice who has to conclude, no deal had been made due to the missing eCoins for the change secret of message [08a] at her side (see table in Figure 14).

During lock state, both CASTORs are able to effect other (further) transactions; only the data objects of the "weak deal" will remain blocked and, with respect to data coherence, unavailable.

1.4.8.6 Unfair State Case Alice Alb

State Alice

ID Fairness deficit

pair Strategy to clear to refund receipt state A Alb

07b Alice & Bob Ok: none Ok: none

B Bib locked Nok: Nok: weak

sent

A Alb Ok: none wait main change deal

08b

B WC Nok: Alice & Bob value value

Table 29: Excerpt from Figure 15 of the termination pairings.

This is almost the same situation as outlined for Alice in section "Unfair State Case Bob Bla" above, except for exchanged roles of Bob and Alice due to no flow reversal in the protocol case [b] .

1.4.8.7 Unfair State Case Alice Weak Commit (WC)

Table 30: Extract from Figure 14 of the termination pairings.

In this situation, Alice sends her first confirmation message [09a] ('Commitl ' message) to Bob after she has received his eCoins of the change secret with the receipt. Alice is acting in her role as payer. Nevertheless, Alice doesn't receive the expected confirmation message [10a] ('Commit2' message) from Bob so she runs into a timeout. This situation results into a lock state, a consequence of the "weak deal". Alice currently has no valid contract with Bob. This is indicated by 'WC, an acronym for 'Weak Commit'. Being locked means, Alice's CASTOR cannot immediately terminate the off-line transaction protocol in a final state. A lock imposes a lock timeout period for a party having a reconnection opportunity to change the "weak deal" to a successful "deal" status.

If Alice is able to conclude the transaction within that time window (lock timeout period) by being able to contact Bob (who also has a "weak deal" for the state pair corresponding to ID 09a) and finally by receiving her confirmation message [10a] from Bob, the deal ends with success for Alice, i.e. the "weak deal" will be transitioned to a "deal". The lock will be removed and no proof of loss will be generated.

If the lock timeout window is "closed" at Alice's end without a prosperous reconnect there is "no deal". Before removing the lock in this case, a proof of loss is generated for Alice's main value - see column "to refund" - and Bob's change payment is deleted - see column "to clear". The previously received receipt from Bob (as part of message [08a]) will be annulled and turned into a proof of loss for the lost main secret. In the unsuccessful ID 10a case ("Nok:"), the eMint loses the main value to Alice.

Please note, in cases the transferred eCoins are to be destroyed irrevocably (later) upon termination of the protocol and not immediately after their transfer, it'd be possible to still use these eCoins as internally available eCoins for compensation purposes. This solution, however, may be considered less favorable because being more risky.

During the lock state the CASTORs may be able to effect other (further) transactions; only the data objects of the weak deal will stay blocked and, with respect to data coherence, unavailable.

The indication 'C2' is an acronym for a 'Commit2' for Bob in the ID 10a.

1.4.8.8 Unfair State Case Bob Weak Commit (WC)

Table 31 : Excerpt from Figure 15 of the termination pairings.

This is almost the same situation as outlined for Alice in the section "Unfair State Case Alice Weak Commit (WC)" above except for exchanged roles of Alice and Bob due to no flow reversal in the protocol case [b] .

1.4.9 Reimbursement Treatment resolved by the Issuing Authority (eMint)

The compensation is granted by the eCoins issuing authority (eMint) to be compensated in exchange of the proof of the loss the CASTORs generate in case of (unfair) termination of the off-line transaction protocol, including the clearing (i.e. deletion) of eCoins. The proof of loss for the thus lost eCoins may for example be provided by means of the eDoc object updated and exchanged between Alice and Bob as part of the protocol-run.

In all cases where a user is to be compensated for a loss, the issuing authority (eMint) should mandate the user to reveal his identity before it refunds the user's eCoins. Please note the off-line transaction protocol may provide full anonymity to the users. Cases of refunding eCoins to Alice and Bob are adapted to the principle 'in dubio mitius' (latin for„In the doubts the mild/the more favorable"), because it is considered impossible for the CASTOR to detect, whether transmission of a message from the other CASTOR during the run of the transaction protocol really happened, or not. It is assumed, in these compensation cases the CASTORs had followed the off-line transaction protocol, and the CASTORs were not tampered (see also the countermeasures to prevent tampering of the CASTORs discussed herein). As mentioned above, the CASTOR annihilates eCoins before it provides (in exchange) any proof of loss effecting the reimbursement as one measure of security.

One possibility to implement a fairness restoration process after termination of the off-line transaction protocol for the compensation of eCoins could consist of a direct transfer of the compensated eCoins in form of newly generated eCoins to the loss claiming party's CASTOR after a presentation and validity confirmation of a proof of loss automatically generated by the CASTOR itself. For the fairness recreation process it is not critical how the proof of loss is transferred to the issuing authority responsible to compensate the loss (eMint). For example, the proof of loss could be sent even (several times) within an email or be uploaded to the issuing authority by any other means.

It is unattractive to misuse the fairness restoration compensation mechanism to generate (steal) value due to the way eDocs and EoO tickets are used since those are signed by the respective CASTOR which uses its signing key corresponding to the public keys indicated in their respective root certificate (Type-VI) and user certificate (Type-I/II). Hence, a misuse would become possible only if the PKI of the eCash system was broken, which is considered impossible.

As already indicated above, the eDoc object exchanged between the CASTORs during the off-line transaction protocol-run - inter alia - contains the lost eCoins identifying descriptor items (e.g. serial numbers). Please note all information that may serve as a proof of loss can be included in the eDoc. Furthermore, the issuing authorities are assumed to keep track of self-minted eCoins cleared by the users. Hence, using their multi-spending database, each issuing authority can check whether the "to be cleared" eCoins have been cleared already, or whether eCoins declared as "lost" weren't multi-spent or cleared by someone else already, respectively.

In case of a valid compensation request, the lost eCoins due to be compensated will be added to the multi-spending database (i.e. their identifying descriptor items (e.g. their serial numbers) are stored therein). This enrollment ensures that any party trying to clear those eCoins (again) will be detected. The expenses for a proof of loss falsification are comparable to multi-spending expenses; in both cases the CASTOR itself had to be manipulated, which is presently considered impossible due to the usage of a PKI infrastructure and due to the usage of several additional structural and functional measures which improve the CASTOR' s tamper-resistibility (which are comprised in other design elements of the invention as previously mentioned herein).

The (policy dependent) requirement to unveil anonymity in case a user is claiming a reimbursement makes, lowers the incentive to misuse the compensation mechanism for fairness restoration. Indeed, the compensation mechanism for fairness recreation won't increase the threat potential against the presented eCash system. The fairness restoration process doesn't include any interdependence between the transaction parties Alice, Bob, and the issuing authority (eMint); all relationships are reduced to Alice vs. issuing authority or Bob vs. issuing authority. Every transaction party in the eCash system can act on its own interest without the necessity to perform a "menage a trois". This is a consequence of the "delayed-true fairness" goal which separates the on-line fairness reconstruction process from the actual value transfer process by means of the off-line transaction protocol.

Last but not least, some additional measures of efficiency and security should be noted:

- Electronic receipts exchanged between Alice and Bob as part of the transaction protocol messages (e.g. as part of the eDoc objects) are used to indicate an evidence proving a transaction within the eCash system. The practical intention might be a legal claim of the payer against the payee (e.g. ticket).

- In case of a transition from the intermediate "weak deal" state to a final "no deal" state, where the proof of loss comes into play, the meaning of an eReceipt changes immediately: Its original intent being a receipt expires. Instead, from now on it represents the evidence for a reimbursement claim against the issuing authority (eMint), which can be claimed as part of the fairness reconstruction (this can only be the case in the IDs 09a, 10a, 08b, and 09b).

- If a CASTOR ever creates a proof of loss for eCoins lost within an eCoin clearing transaction the proof of loss also contains identifying descriptor items (e.g. serial numbers) of the destroyed eCoins, which aids the detection of multi-spending attempts.

- Measures are to be taken to prevent against the fraudulent double-usage of the electronic receipt as well as documentary evidence against the transaction partner as well as a proof of loss for a reimbursement claim against the issuing authority (eMint).

1.4.10 Effectiveness

1.4.10.1 Forfeiture Probability

To calculate the resource demand for the issuing authority's reimbursement processing capacity realistically one has to know, how often protocol-runs will end with a fairness deficit (that requires the reimbursement of eCoins). To answer this question one has to focus on the following central issues:

1. What is the statistical occurrence for the off-line transaction protocol to be interrupted and terminated in an unfair state in relation to the total amount of complete (successful) protocol-runs?

This is a protocol specific value based on the amount of bits in the critical messages in relationship to all the bits transferred in a single protocol-run (without any interruption).

2. What Quality of Service (QoS) can be expected from the network transmission channel itself? The statistical expectation of critical network problems which could cause the off-line transaction protocol a premature dropout should be known.

1.4.10.2 Assumptions for the calculations

Assuming a uniform distribution of the Bit Error Rate (BER) of bits which cause a fail -stop for the transmitted messages the ratio between the numbers of "critical bits" against the number of all bits transmitted within a complete protocol-run has to be calculated. Note, the assumed value of this ratio will be worse than realistic because of the high probability of burst errors. To count the "critical bits", the size of all messages which can generate an unfair protocol termination if they aren't successfully received, are added up. The size of all messages is the amount of data from the first to the last bit of a complete transfer (294.288 kbit for the exemplary calculations). Of course, a few assumptions about the size of the keys, protocol objects, and eCoins have to be made. The following is assumed:

- ten (10) eCoins as main secret are transferred,

- five (5) eCoins for the change secret are transferred,

- three (3) CRL updates (of six) are transferred within the Response_l object,

- three (3) CRL updates (of six) are transferred within the Response_2 object,

100 (one hundred) entries are contained in every transferred CRL,

10 kbit HTML5 code is contained in every transferred eRequest section of the eDoc,

10 kbit HTML5 code is contained in every transferred eReceipt section of the eDoc.

1.4.10.2.1 Message Sizes

The assumed values for object sizes as shown in Table 32 are taken into account for sub case [b] because of the less convenient case. Please note, the sizes assumed in Table 32 only serve exemplary purposes. The resulting size for the complete protocol-run is 294.3 kbit, while 202.1 kbit is the size of all critical messages together. The unit kbit denotes an equivalent of 1000 bits.

Object Assumed size Critical Not critical

Symmetric key length 256 bit — —

Discrete Log. key length 572 * 2 bit — —

Elliptic curve key length 572 * 2 bit — —

HASH key length 512 bit — —

Cert x [Type-VI] .obj 21556 bit — —

Cert x [Type-I/II] .obj 16452 bit — —

CFV X 1280 bit — —

eDoc [La] . obj 17520 bit — —

eDoc [II b ] .obj 21496 bit — —

eDoc [Ill b ] .obj 35984 bit — —

∑Token[Main Secret]. obj 952 * 10 bit — —

∑Token[Change Secret] .obj 952 * 5 bit — —

Ctrl[Challenge] .obj 488 bit — —

Ctrl[Response_l] .obj 54776 bit — —

Ctrl[Response_2] .obj 54776 bit — —

Ticket[ACKl] .obj 1800 bit — —

Ticket[ACK2] .obj 1800 bit — —

Ticket[ACK3] .obj 1800 bit — —

Msg. 01 23828 bit — X

Msg. 02 23828 bit — X

Msg. 03 3928 bit — X

Msg. 04 3928 bit — X

Msg. 05b O bit — X

Msg. 06b 34652 bit — X

Msg. 07b 102436 bit X — Msg. 08b 95712 bit X —

Msg. 09b 1992 bit X —

Msg. 10b 1992 bit X —

Msg. l ib 1992 bit — X

Table 32: Assumed object sizes and their critical or non-critical status with reference to fairness.

Hence, the eCash system is facing a probability of approx. 69% (i.e. 202.1/294.3) a service failure hits a critical message. Therefore, it can expect that 69 of 100 broken transactions will terminate in an unfair state with the need of fairness recreation, which at a first glance isn't an impressive figure. Focusing on the second question about the expected QoS (which in turn allows to conclude on the probability of a service failure), the current international standard ISO/EN/IEC 60870-5-104:2007-10- 01 and the ITU-T recommendation G.114 provide a definition of QoS priority levels (up to 7). In both standards, the QoS level is mainly depending on parameters like latency, jitter, BER, Packet Loss Rate (PLR), and the Service Availability (SA). For the performance of the transaction system, SA is the key factor that determines the QoS. It should be further taken into account that communication problems preferably appear as single events or massed as bursts. Their event may generate an effect on the physical network layer but not necessarily cause a problem for the application. There are several error detection and correction mechanisms within the protocol stack of the network (service) itself. The fact of their existence increases the latency and reduces the throughput of the payload. Therefore, as long as the service is available and the lock timeout windows are passed, this is a minor problem.

Today most Service Level Agreements (SLA) for business contracts between an ISP and a customer define a service availability of better than 99,999%. The SA forms the guideline of requirements of the upper transaction fail-rate boundary for IP -based radio data communication in packet radio service networks like GSM, UMTS, LTE, LTE-Advanced, Tetra, WiMAX, WLAN or Bluetooth which are defined to be better than 95% per hour. This means, the SA rate is the decisive factor for the transaction protocol. Therefore, the "worst case" service failure probability can be assumed to be 100%-95%=5%.

By combining the two statistically independent probabilities one obtains a failure rate of 5%*69%=3.5% for the unfair case. This is the worst-case scenario to be expected. This means, thirty- five thousand (35.000) of one million transactions are expected to terminate in an unfair state with the subsequent need of fairness recreation. In most cases, however, the SA is much better, even in the local loop proximity model case: Failure rates under one hundred transactions terminating in an unfair state per one million transactions (0,01%) are expected.

1.4.10.2.2 Execution Times

For usability of eCash systems the average transaction time is a matter of interest, too. Exemplary transaction time calculations for several network usage cases are listed in following Table 33. Network Name Uplink Round Trip Processing Run

Speed Time Time Time

RFID/NFC 106 kbit/s 64 kbit/s 20 msec 100 msec 5.7 sec

RFID/NFC 212 kbit/s 127 kbit/s 20 msec 100 msec 3.4 sec

RFID/NFC 424 kbit/s 256 kbit/s 20 msec 100 msec 2.3 sec

RFID/NFC 848 kbit/s 352 kbit/s 20 msec 100 msec 1.9 sec

RFID/NFC 6,78 Mbit/s 2.7 Mbit/s 20 msec 100 msec 1.2 sec

RFID/NFC 13,56 Mbit/s 5.4 Mbit/s 20 msec 100 msec 1.2 sec

GSM Standard CSD (Circuit 9.6 kbit/s 900 msec 100 msec 38.2 sec Switched Data )

GPRS 25.6 kbit/s 1000 msec 100 msec 17.5 sec

ISDN 62 kbit/s 200 msec 100 msec 6.7 sec

UMTS Standard 51.2 kbit/s 400 msec 100 msec 8.7 sec

EDGE (Enhanced Data Rates 88 kbit/s 1865 msec 100 msec 13.7 sec for GSM Evolution)

T-DSL 2048/192 163 kbit/s 55 msec 100 msec 3.1 sec

HSPA (High Speed Packet 1.2 Mbit/s 260 msec 100 msec 2.5 sec Access)

HSUPA (High Speed Uplink 1.2 Mbit/s 50 msec 100 msec 1.5 sec Packet Access) Cat.2

Bluetooth 2.0+EDR 2.0 Mbit/s 10 msec 100 msec 1.2 sec

HSDPA (High Speed 5.8 Mbit/s 150 msec 100 msec 1.8 sec Downlink Packet Access)

HSPA+ 8.8 Mbit/s 100 msec 100 msec 1.5 sec

WLAN IEEE 802. l lg 20 Mbit/s 10 msec 100 msec 1.1 sec

LTE (Long Term Evolution) or 40 Mbit/s 25 msec 100 msec 1.1 sec HSOPA (High Speed OFDM

Packet Access) Basic

Fast Ethernet 80 Mbit/s 1 msec 100 msec 1.0 sec

WLAN IEEE 802.11η 100 Mbit/s 10 msec 100 msec 1.1 sec

Giga Ethernet 800 Mbit/s 1 msec 100 msec 1.0 sec

Table 33: Transaction protocol runtime calculations for different networks.

The unit kbit/s is a data transfer rate equal to 1000 bits per second. Mbit/s denotes a data transfer rate equal to 1000 kbits per second.

The uplink speed of the General Packet Radio Service (GPRS) network is calculated by using the most robust Coding Scheme (CS-1), which is used when the Mobile Station (MS) is further away from a Base Transceiver Station (BTS). It can achieve a payload speed of 8.0 kbit/s per time slot, but provides 98% of normal coverage. Four time slots are assumed, because almost all MS and BTS can provide such. Therefore, a (theoretical) payload throughput of 32 kbit/s can be considered. Table 33 shows the estimated run-time for an eCash transfer by using the off-line transaction protocol calculated for some well-known networks. The network name specifies the public name of the standard. The column "Uplink speed" denotes the minimally guaranteed payload transfer throughput without packet protocol overhead (at its minimum 20% or more of the said transfer throughput for mobile network services) and not the Baud rate. In most cases the downlink speed is much higher. The Round Trip Time (RTT) is a network quality factor taken from official standards or published performance evaluations. The "Processing Time" is the maximum time for a CASTOR to perform the complete processing after the last bit of the message has been received including all cryptographic operations and the complete transmission of the response. The "Run Time" of a complete transaction (for the [a] case) is calculated in the following way:

Expected RunTime : = Protocol Traffic Size / Uplink Speed + 10*(RTT/2+Processing Time)

For a realistic interpretation of the values shown in Table 33, fast advancing technology especially in the fields of communications and electronics should be taken into account. Hence, it appears reasonable at present to assume the availability of high-speed network services will be a counting fact, and almost every smartphone will be well equipped with high-speed short haul P2P communication. Network speeds above 200 kbit/s do not decrease the transaction times much more. Instead, the real asymptotic barriers are network latency (more or less half of the RTT) and the CASTOR's processing speed (processing delay).

1.4.11 Overview on the Public Key Infrastructure

Figure 2 (and Figure 3) shows an exemplary overview over a Public Key Infrastructure and the trust relationship between the different entities in the eCash system for the exemplary off-line transaction protocol, as discussed above. Please note, this Public Key Infrastructure is based upon the ITU-T X.509 (version 3), "Information technology - Open systems interconnection - The Directory: Public- key and attribute certificate frameworks", 2008 available at http://www.itu.int, mentioned already earlier herein and is not limited to be used in an eCash system. Nevertheless, the following paragraphs will relate to the eCash system, but the explanations equally apply to multiple types of (transaction) systems should be still remembered.

If a user requests a new tamper-protected semiconductor module (or a device comprising same) the tamper-protected semiconductor module is provided with its firmware and its CASTOR root certificate issued by the Root Certification Authority (see Type-VI certificate). Nothing else has to be done to access (booting into) the eCash system. A directory containing "List of Files" files (signed by the RCA) plays an important role as it will become apparent from the following. The tamper-protected semiconductor module can capture this directory by following the information from the internal CASTOR product certificate (Type-V certificate, please refer to the "RootDirectoryPtr"). 1.4.11.1 Authorities

The following authorities play an important role in the provided PKI. Their tasks and meanings are described below.

1.4.11.1.1 Escalation Authority (EA)

This institution is an additional authority not defined in the ITU-T X.509. The Escalation Authority (EA) takes over the control of the RCA in exceptional cases "to solve" a specific problem or request. An example for such exceptional case can be the certification of new RCA, CA, or eMint authorities, the revocation of trust of already certified RCA, CA, or eMint authorities, or technical help within a refund process based on the physical ability to recover defective CASTORs. Furthermore, the EA may also take the role of the RCA and may be responsible for the initialization of the CASTORs (providing them with their CASTOR root certificate (Type-VI) and CASTOR product certificate (Type-V)). Note, the EA is not directly visible within the system described herein, in particular for the CASTORs. In this document, the EA institution is explicitly mentioned in exceptional cases. Nevertheless, it should be clear, that the EA is capable of taking the role of the RCA in any arbitrary matter.

1.4.11.1.2 Root Certification Authority (RCA)

A tamper-protected semiconductor module needs to know where to find the Root Certificate Authority (RCA) within the eCash system. The "List of Files" directory contains a digitally signed "List of RCAs" file, with one or more entries indicating the approved RCA(s). Typically, the RCA list file only comprises one entry of one single RCA. In general - if there is more than a single entry, more than one RCA - the user may confirm the authority applying to him. The tamper-protected semiconductor module then extracts the reference information from the entry (off- and/or on-line) and stores the reference information enabling itself to contact this RCA in the future without the need to load the RCA list again (which is only the case in an update condition).

1.4.11.1.3 Certification Authorities (CAs)

For example, the tamper-protected semiconductor module may need to know which Certification Authorities (CAs) - sometimes also referred to as Trust Centers (TCs) - are available within the eCash system to find its appropriate counterpart. The "List of Files" directory points to a "List of CAs" file, which contains a digitally signed list of all approved TC/CA institutions available to tamper-protected semiconductor modules within the eCash system. The user may select his/her preferred or appropriate TC/CA. The tamper-protected semiconductor module then extracts the reference information from the TC/CA list (off- and/or on-line) and stores the reference information enabling itself to contact this TC/CA in the future without the need to load the CA list again. Furthermore, the users obtain their user certificate (Type-I/II) from the selected TC/CA. 1.4.11.1.4 Issuing Authorities (eMints)

Furthermore, a tamper-protected semiconductor module may also need to know wherefrom to obtain the eCoins of the currency its user wants to store within (the device containing) the tamper-protected semiconductor module. There may be one (or more) issuing authorities (eMints) for every currency. Hence, for each requested currency the tamper-protected semiconductor module needs to know where to find the respective issuing authority (eMint). The "List of eMints" file contains a digitally signed list of all approved currencies and of all approved eMint-institutions worldwide available to the tamper-protected semiconductor modules. The user can select the desired currencies. Then the tamper- protected semiconductor module extracts the reference information for the selected issuing authority or authorities from the eMint list (off- and/or on-line) which contains the information on which eMint is minting the requested currency and stores this reference information.

An issuing authority may optionally also solely issue a variety of different currencies by offering different types of eCoins. In this case, the issuing authority may foster a currency list in a single "List of Currency Editions" file of all different currencies it supports. Moreover and also optionally, a tamper-protected semiconductor module may load the respective eCoin batch production-certificates (Type-VII) which reference all eCoin batch productions and therefore the associated eCoins. The required reference information is included in the currency list file provided by the issuing authority. Using this reference information the tamper-protected semiconductor module is able to load all required Type-VII certificates for the desired currencies (off- and/or on-line).

The tamper-protected semiconductor module extracts the intended reference information to be taken from the currency list file, learns it permanently, and enables itself to handle these currencies from this moment in time. Such list file is supplied by every eMint.

1.4.11.2 Alternative PKI Architectures

The exemplary PKI architecture shown in Figure 2 is inter alia applicable in eCash systems to be deployed worldwide. However, the PKI infrastructure of Figure 2 may not be desirable or advantageous for any application of this invention. Accordingly, more simple or even more complex PKI infrastructures may be used instead. The PKI infrastructure shown in Figure 2 could be simplified by combining two or more authorities into a single authority. In the extreme case, the functions of the EA, RCA, CA, and issuing authorities (eMints) could all be offered by a single institution/organization (the GA or General Authority), as exemplarily shown in Figure 3. It may also be possible to distribute functionality of one authority to two or more authorities, as it is for example also the case in Figure 2, where the EA can take over functions that would normally performed by the RCA according to the standard ITU-T X.509. 1.4.11.3 System Updates

The off-line transaction protocol may - according to another aspect of the invention - further support a "viral infection" mechanism to distribute system update information (like firmware or other data objects) among the tamper-protected semiconductor modules in the system. This means that system update information (like firmware and/or other data objects) may be exchanged in a viral manner between tamper-protected semiconductor modules whenever they perform a transaction with another tamper-protected semiconductor module.

In one exemplary embodiment, at least one of the transaction protocol messages exchanged between the tamper-protected semiconductor modules comprises system update information for updating system parameters, data objects and/or software/firmware of the tamper-protected semiconductor modules. The system update information, data objects and/or software/firmware could for example comprise at least one of:

a Certificate Revocation List of revoked tamper-protected semiconductor module's certificates, a Certificate Revocation List of revoked batch production certificates of electronic tokens, - a Certificate Revocation List of revoked electronic tokens,

a Certificate Revocation List of revoked certificates of issuing authorities of the electronic tokens, a Certificate Revocation List of revoked user certificates,

a Certificate Revocation List of revoked Certification Authority certificates,

software/firmware updates for updating the software/firmware of the tamper-protected semiconductor modules, and

policy or rule updates to modify the policies of the tamper-protected semiconductor modules.

In one exemplary implementation, the system update information, data obj ects and/or software/firmware is comprised in transaction protocol messages of a Negotiation Phase or an Electronic Token Transfer Phase of the off-line transaction protocol.

To update system information, a tamper-protected semiconductor module may contact the "List of Files" directory to learn which updates are available within the eCash system. A system update in a "List of System Updates" file provided by the RCA contains a digitally signed list of all approved update objects available for tamper-protected semiconductor modules. The user may make a selection of the updates he/she wants to obtain, respectively. Some of the updates, for example security or system relevant updates, may be mandatory. The tamper-protected semiconductor module then extracts their respective reference information from that system update list, loads the complementary files, and installs them permanently into its non-violate memory. It should be noted; the systematic viral update distribution which may be implemented in the off-line transaction protocol is an additional supplemental update mechanism to the ordinary "download" mechanism initiated by the user itself.

1.4.11.4 Verification Chains

To verify the public key infrastructure's objects (e.g. certificates, CRL, or other digitally signed objects) the chain of trust needs to be verified up to the CASTOR root certificate provided by the RCA. A correct CASTOR root certificate should be present in the tamper-protected semiconductor module. Otherwise the tamper-protected semiconductor module may not be operable. In one embodiment of the invention, the CASTOR root certificate may be hardcoded into the tamper- protected semiconductor module's internal circuitry. To prevent any tampering or manipulation, the trust for this certificate is implicit. As will be outlined below, various techniques may be employed to protect the tamper-protected semiconductor module against attacks.

The general procedure to verify a certificate, a CRL, or any other digitally signed object works as follows:

Search for the complete chain of certificates down to the CASTOR root certificate.

Ensure all certificates aren't expired or aren't revoked.

Verify all digital signatures are valid.

1.4.12 Data Object Structures

In the following exemplary implementations of several data objects, including the various certificates and keys referred to herein, used within the transaction system are shown in further detail. It should be apparent that the structure of the data objects is only exemplary and the exact structure of the data objects may depend on the intended application of the transaction system.

1.4.12.1 Keys used in the Transaction System

This section will provide an exemplary overview on the different keys for encryption and signing within the transaction system. Please note that the overview is only representing one exemplary embodiment, which keys should be used for encryption and signing, but also other key rings than specified be used may be used in a transaction system. Keys used within the transaction system may be distinguished between their category, their generating instance, and their place of action. The grouping criterion is their affiliation to the following four categories:

- Public key rings in certificates for verifying signatures or for DLC-based key agreement,

- Private key rings for signing purposes, secret signature checking or ID evidences,

- Session key generation, mainly used for the creation of the VPN/VPC tunnel, - Other special keys, e.g. internally used within the CASTOR, e.g. for trusted bootstrapping using TRUSTLETs.

Key names are constructed by the notation shown in the following Table 34:

Table 34: Keys and their meaning used within this document.

"A" can be of {Si gnature , E nciyption , D eciyption } . "B" is the affected (controlled) trust party, e.g. an EA, RCA, CA, eMint or CASTOR. "X" is the type code or use case, e.g. the certificate type, "e" means an ephemeral key part, "s" means a static key part, "pub" means the public key part of a public key-pair, "prv" means the private key part of a public key-pair.

1.4.12.1.1 Private Key Rings

This section provides an overview on the private key parts of particular public key-pairs. They are not distributed and kept secret by the owning device or organization. All keys of this type from one instance form the internal key ring. Table 35 shows an overview on the different entities of the PKI infrastructure of the transaction system as shown in Figure 2 and the respective private key parts used by same for the different tasks. Please note that the simplified PKI infrastructure of Figure 3 could be simply implemented by logical collecting and assigning all keys from EA, RCA, CA, and eMint as depicted in Figure 2 to the single GA of the simplified PKI infrastructure of Figure 3.

Table 35: Overview about the entities of private key

The following tables provide a better overview on the use of the different private keys to be used by the different entities in the PKI infrastructure. The EA uses the following private keys listed in Table 36.

Key name Purpose

KDs EA static key part for DLC-based key exchange/agreement management.

Table 36: Private key parts of a PK pair assigned to the EA organization.

The RCAs in the PKI infrastructure as depicted in Figure 2 use their private keys according to the following Table 37.

Key name Purpose

Ks:RCA:Tvpe-III.piv private key part for signing certificates, lists and objects (for CAs).

Ks:RCA:Type-IV,prv private key part for signing certificates, lists and objects (for eWallets).

Ks:RCA:Tvpe-V,prv private key part for signing certificates, lists and objects (for eMints).

Ks:RCA:Type-VI,prv private key part for signing certificates, lists and objects.

KE:RCA:Tvpe-III.piv private key part for encrypting file objects (for CAs).

KE:RCA:Type-IV,prv private key part for encrypting file objects (for eWallets).

KE:RCA:Tvpe-V.prv private key part for encrypting file objects (for eMints).

KE:RCA:Tvpe-VI,prv private key part for encrypting file objects, in rare cases decrypting keys

KE:FW:T1-API.PIV private key part used within the TRUSTLET generation for API objects.

KE:FW:T1-IPL.PIV private key part used within the TRUSTLET generation for IPL objects. K 1- private key part used within the TRUSTLET generation for LICENSE objects.

K 1- private key part used within the TRUSTLET generation for OS objects.

K 1- private key part used within the TRUSTLET generation for APP objects.

K 1- private key part used within the TRUSTLET generation for TELE objects.

K 1- private key part used within the TRUSTLET generation for WEAK objects.

K 1- private key part used within the TRUSTLET generation for TIME objects.

K 1- private key part used within the TRUSTLET generation for INIT objects.

K 1- private key part used within the TRUSTLET generation for AFFI objects.

K 1- private key part used within the TRUSTLET generation for PUF objects.

K private key part used within the TRUSTLET generation for API objects.

K private key part used within the TRUSTLET generation for IPL objects.

K private key part used within the TRUSTLET generation for LICENSE objects.

K private key part used within the TRUSTLET generation for OS objects.

K private key part used within the TRUSTLET generation for APP objects.

K private key part used within the TRUSTLET generation for TELE objects.

K private key part used within the TRUSTLET generation for WEAK objects.

K private key part used within the TRUSTLET generation for TIME objects.

K private key part used within the TRUSTLET generation for INIT objects.

K private key part used within the TRUSTLET generation for AFFI objects.

K private key part used within the TRUSTLET generation for PUF objects.

KDs RCA static key part for DLC-based key exchange/agreement management.

Table 37: Private key parts of a PK pair assigned to the RCA.

For more information on the use of TRUSTLET(s), please see the priority application PCT/EP2011/001219.

The CAs in the PKI infrastructure as depicted in Figure 2 use their private keys according to the following Table 38.

Table 38: Private key parts of a PK pair assigned to a CA.

The issuing authorities (eMints) in the PKI infrastructure as depicted in Figure 2 use their private keys as shown in Table 39.

Table 39: Private key parts of a PK pair assigned to an eMint.

The CASTORs (eWallets) in the PKI infrastructure as depicted in Figure 2 use their private keys shown in Table 40. Key name Purpose

private key part for signing own unique serial number product identity (EoO &

Ks:CASTOR:SUDI,piv eLogs).

Ks:CASTOR:CON,prv private key part for internal hash signing purposes.

Ks:CASTOR:CON,pub key part for internal hash checking purposes and known by the RCA.

private key part for signing and identity proofs for personal users (EoO &

Ks:User:TYPE-I,prv eDocs).

private key part for signing and identity proofs for commercial users (EoO &

Ks:User:TYPE-II,prv eDocs).

KE:CASTOR:OWN,PIV private key part for own internal encryption purposes.

KD :C ASTOR :0 WN.pub key part for own internal decryption purposes.

self-generated key for encrypted data read/write operations to the external

KE:CASTOR:I/0,sym memory.

KD S:C ASTOR static key part for DLC-based key exchange/agreement management.

Table 40: Private key parts of a PK pair assigned to an eWallet. 1.4.12.1.2 Public Key Rings

This section provides an overview of the public key parts of particular public key -pairs. They are distributed as key elements within the certificates. Table 41 shows an overview on the different entities of the PKI infrastructure of the transaction system as shown in Figure 2 and the respective private key parts used by same for different tasks. Please note that the simplified PKI infrastructure of Figure 3 could be implemented by logical collecting and assigning all keys from EA, RCA, CA, and eMint as depicted in Figure 2 to the single GA of the simplified PKI infrastructure of Figure 3.

The EA in the PKI infrastructure as depicted in Figure 2 uses its public keys as shown in Table 42.

Table 42: Public key parts of a PK pair assigned to the EA organization.

The RCA in the PKI infrastructure as depicted in Figure 2 use its public keys as shown in Table 43.

Key name Where to find Purpose

Ks:RCA:Type-III.pub Cert. Type-Ill public key part to authenticate certificates, lists and objects.

Ks:RCA:Type-IV.pub Cert. Type-V public key part to authenticate certificates, lists and objects.

Ks:RCA:Tvpe-V,pub Cert. Type-TV public key part to authenticate certificates, lists and objects.

Ks:RCA:Type-VI.pub Cert. Type-VI public key part to authenticate certificates, lists and objects (e.g. keys).

KD:RCA:Tvpe-III,pub Cert. Type-Ill public key part for decrypting file objects.

KD:RCA:Tvpe-IV,pub Cert. Type-V public key part for decrypting file objects.

KD:RCA:Tvpe-V.pub Cert. Type-TV public key part for decrypting file objects.

KD:RCA:Type-VI.pub Cert. Type-VI public key part for decrypting files, in rare cases encrypting keys.

KD:FW:Tl-API,pub Cert. Type-V public key part used within the TRUSTLET execution for API objects.

KD:FW:Tl-IPL.pub Cert. Type-V public key part used within the TRUSTLET execution for IPL objects.

KD:FW:Tl-LIC.pub Cert. Type-V public key part used within the TRUSTLET for LICENSE objects.

KD:FW:Tl-OS.pub Cert. Type-V public key part used within the TRUSTLET execution for OS objects.

KD:FW:Tl-APP.pub Cert. Type-V public key part used within the TRUSTLET execution for APP objects.

KD :FW :T l-TELE,pub Cert. Type-V public key part used within the TRUSTLET execution for TELE objects.

KD :FW :T 1-WEAK.pub Cert. Type-V public key part used within the TRUSTLET execution for WEAK objects.

KD :FW :T 1-TF E.pub Cert. Type-V public key part used within the TRUSTLET execution for TIME objects.

KD:FW:Tl-INIT.pub Cert. Type-V public key part used within the TRUSTLET execution for INIT objects.

KD:FW:Tl-AFFI,pub Cert. Type-V public key part used within the TRUSTLET execution for AFFI objects.

KD:FW:Tl-PUF.pub Cert. Type-V public key part used within the TRUSTLET execution for PUF objects.

KD:FW:T2-API.pub Cert. Type-V public key part used within the TRUSTLET execution for API objects.

KD:FW:T2-IPL.pub Cert. Type-V public key part used within the TRUSTLET execution for IPL objects.

KD:FW:T2-LIC,pub Cert. Type-V public key part used within the TRUSTLET for LICENSE objects.

KD:FW:T2-OS.pub Cert. Type-V public key part used within the TRUSTLET execution for OS objects.

KD:FW:T2-APP,pub Cert. Type-V public key part used within the TRUSTLET execution for APP objects.

KD :FW :T2-TELE,pub Cert. Type-V public key part used within the TRUSTLET execution for TELE objects.

KD :FW :T2-WEAK,pub Cert. Type-V public key part used within the TRUSTLET execution for WEAK objects.

KD :FW :T2-TF E.pub Cert. Type-V public key part used within the TRUSTLET execution for TIME objects.

KD:FW:T2-INIT,pub Cert. Type-V public key part used within the TRUSTLET execution for ΓΝΙΤ objects.

KD:FW:T2-AFFI.pub Cert. Type-V public key part used within the TRUSTLET execution for AFFI objects.

KD:FW:T2-PUF,pub Cert. Type-V public key part used within the TRUSTLET execution for PUF objects.

Cert. Type-

KQs RCA static key part for DLC-based key exchange/agreement management.

III/TV/V

Table 43: Public ! < ey parts of a PK pair assigned to the RCA. For more information on the use of TRUSTLET(s), please see the priority application PCT/EP2011/001219.

The CAs in the PKI infrastructure as depicted in Figure 2 use their public keys as shown in Table 44.

Table 44: Public key parts of a PK pair assigned to a CA.

The issuing authorities in the PKI infrastructure as depicted in Figure 2 use their public keys as shown in Table 45.

Table 45 : Public key parts of a PK pair assigned to an eMint.

The CASTORs in the PKI infrastructure as depicted in Figure 2 use their public keys as shown in Table 46.

1.4.12.1.3 Session Keys for VPN/VPC

Session keys are generated within a key generation process for a single run of the off-line transaction protocol, using the ephemeral public PK parts KQ e:x and their ephemeral private PK partner parts KD e:x , and their static relatives. Table 47 shows their (static partner key parts) usage for all possible entity-to- entity communication possibilities within the transaction system, assuming the PKI infrastructure as shown in Figure 2. Please note, for the simplified PKI infrastructure of Figure 3 all keys not needed may be omitted, thus using only four between the GA (e.g. in the position of the RCA) and a CASTOR.

a e : sage o t e - jase sess on eys.

Keys marked Italic in Table 47, are the private static key parts for a DLC-based key exchange/agreement scheme; the other keys are their corresponding public static partner parts. Every communication party/entity may use its own static key-pair to establish the VPN/VPC protected communication link, so that there are a total of four static keys in use for the VPN/VPC.

Since there is no need for the EA entity to establish a VPN/VPC protected communication link with itself, the respective keys are omitted in the table above. The same is true for the RCA in case there is only one. In cases where this is not true, the currently missing four keys in Table 47 between two RCAs need to be associated.

The DLC-based key exchange/agreement schemes in the transaction system are generating and exchanging sufficient information between the two protocol parties, so that the protocol parties can share these secrets without any other third party in a MITMA secure way. Note that the lifetime for these session keys is limited to the context of a single protocol-run. The teleportation protocol uses four different (nameless) symmetrical link/session keys to operate the VPN/VPC tunnel:

- a session encryption/decryption (symmetrical) key for messages initiated by authority/party one, - a session encryption/decryption (symmetrical) key for messages initiated by authority/party two,

- a session authentication (symmetrical) key for messages initiated by authority/party one, and

- a session authentication (symmetrical) key for messages initiated by authority/party two.

1.4.12.2 Certificates and CRLs

1.4.12.2.1 Personal User Certificate (Type-I)

Every CASTOR owns a unique user certificate of the Type-I or Type-II style. They are issued by local CAs. Without such valid certificate, CASTORs are unable to execute the off-line transaction protocol successfully. An exemplary personal user certificate of Type-I is shown in Table 48.

Name Name of a user certificate, max. 20 characters (160 bit)

Type CERT-TYPE-I [certificate for checking the signature identity of a CASTOR] (8 bit)

Version Version number [16-bit unsigned integer describing the data object version]

YYMMDDHHMMS SZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation] (64 bit)

CertificateFormatVersion Version number 3

Certificate SerialNumber Serial number [128-bit size]

AlgorithmID CFV -Definition

K S:CA:TYPE-I,pub

PublicKey key part for authentication purposes

AlgorithmID CFV -Definition

CA:Type-I,pub

PublicKey key part for decryption purposes

Keys. AlgorithmID CFV-Definition (128 bit)

K S:User:TYPE-I,pub

PublicKey key part for authentication purposes

Cert. AlgorithmID CFV-Definition (128 bit)

s:CA Public static PK part for a (hybrid) DLC key

PublicKey

exchange/agreement scheme

X509.

http://www.UserSign.com [WebSiteAddress, 64 Chars,

URL=

ISO 646 String]

Info@UserSign.com [EmailAddress, 64 Chars, ISO 646

Email=

String]

DNS= UserSign.com.root.user [DNS Network name] (64*8 bit)

IP= 2001 :0db8:85a3:08d3: 1319:8a2e:0370:7334 [IPv6]

IssuerX500Name.

US [ISO 3166 country code] (5*8 bit)

SP= Ohio, Lorain County [State or Province] (16 bit)

UserSign Trust Network Ltd. [Organization, 64 Chars,

0=

ISO 646 String]

UserSign Headquarter [OrganizationalUnitName, 64

OU=

Chars, ISO 646 String] Secretary of Certification Authorities [CommonName, 64

CN=

Chars, ISO 646 String]

2075 Grafton [Locality, 64 Chars, ISO 646 String]

South Avon Belden Road 13 [StreetAddress, 64 Chars,

ST=

ISO 646 String]

notBefore YYMMDDHHMMS SZ [UTCTIME] (64 bit)

ValidityPeriod.

notAfter YYMMDDHHMMS SZ [UTCTIME] (64 bit)

Exmpl.: UserSign Certification Authority (CA) Local Issuing

IssuerUniqueldentifier

Service valid for only a single (DE) country (128 bit)

Exmpl.: Owner of this certificate is a CASTOR identified under

Subj ectUnique Identifier

CERT-TYPE-VI.LicenselD

ASYMCIPHER 128-bit, Public Key Block Cipher Methods

COMP 128-bit, Lossless Compression Payload Methods

DIGEST 128-bit, One Way Message Digest and Cryptographic Hash Methods

DIGSIG 128-bit, Message Identification and Authentication Signature Methods

CFV. FCS 128-bit, Integrity Frame Checking Sequence Methods

(1280 128-bit, Interactive Authentic Key Management and Exchange bit) KEYDISTRI

Methods

MACSIG 128-bit, Message Authentication Code Methods

PAD 128-bit, Padding Methods

RAND 128-bit, Random Bit Generation Methods

SYMCIPHER 128-bit, Secret Key Block Cipher with Mode of Operation Methods

Version 32-bit Identifier for the Domain Parameter Table

572-bits, field size, may be either an odd prime p or 2" m is prime

FR 572-bits, basis used

576-bits, field element that define the curve equation

576-bits, field element that define the curve equation

ECCDomainParamTable .

SEED 160*2-bits, optimal string for randomly generated curve

572*2*2-bits, generating point, (x G , yc) of prime order on the curve

572-bits, order of the point G

32-bits, cofactor, equal to the order of the curve divided by n

AlgorithmID CFV-Definition (128 bit)

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F ... (512 bit)

Table 48: Example of a CA issued personal user certificate of type CERT-TYPE-I.

1.4.12.2.2 CRL for Personal User Certificates (Type-I)

This style of CRL-TYPE-I Certificate Revocation List is released from the respective CA for everybody. This revocation mechanism is used to invalidate previously issued personal Type-I user certificates. The effect of this revocation is that the (single) CASTOR using that previously released user certificate will be unable to transfer eCoins anymore. The user of a CASTOR has to acquire a new user certificate, in case his/her user certificate is revoked. An exemplary CRL for personal user certificates of Type-I is shown in Table 49.

Name Name of a CRL file, max. 20 characters

Type CRL-TYPE-I [revocation list for CERT-TYPE-I]

Version Version number [16-bit unsigned integer describing the data object version]

DTStamp YYMMDDHHMMSSZ [UTCTIME as Date & Time stamp for the time of generation]

CRLFormatVersion Version number 3

CRLSerialNumber Serial number [128-bit size]

http://www.UserSign.com [WebSiteAddress,

URL=

64 Chars, ISO 646 String]

Info@UserSign.com [EmailAddress, 64

Email=

Chars, ISO 646 String]

DNS= UserSign.com.root.user [DNS Network name]

2001 :0db8:85a3:08d3: 1319:8a2e:0370:7334

IP=

[IPv6]

US [ISO 3166 country code]

SP= Ohio, Lorain County [State or Province]

IssuerX500Name. UserSign Trust Network Ltd. [Organization,

0=

64 Chars, ISO 646 String]

CRL. UserSign Headquarter

OU= [OrganizationalUnitName, 64 Chars, ISO 646

String]

X509. Secretary of Certification Authorities

CN=

[CommonName, 64 Chars, ISO 646 String]

2075 Grafton [Locality, 64 Chars, ISO 646 String]

South Avon Belden Road 13 [StreetAddress,

ST=

64 Chars, ISO 646 String]

Today YYMMDDHHMMSSZ [UTCTIME]

UpdateTimes.

NextTime YYMMDDHHMMSSZ [UTCTIME]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate] Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

AlgorithmID CFV-Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F ...

Table <■ 9: Example of a CA issuec revocation list of type CRL-TYPE-I.

1.4.12.2.3 Commercial User Certificate (Type-II)

Every CASTOR owns a unique user certificate of the Type-I or Type-II style. They are issued by local CAs. Without such valid certificate, CASTORs are unable to execute the off-line transaction protocol successfully. An exemplary personal user certificate of Type-II is shown in Table 50.

Secretary of Certification Authorities [CommonName,

CN=

64 Chars, ISO 646 String]

2075 Grafton [Locality, 64 Chars, ISO 646 String]

South Avon Belden Road 13 [StreetAddress, 64 Chars,

ST=

ISO 646 String]

notBefore YYMMDDHHMMS SZ [UTCTIME] (64 bit)

ValidityPeriod.

notAfter YYMMDDHHMMS SZ [UTCTIME] (64 bit)

Exmpl.: UserSign Certification Authority (CA) Local Issuing

IssuerUniqueldentifier

Service valid for only a single (DE) country (128 bit)

Exmpl.: Owner of this certificate is a CASTOR identified

Subj ectUnique Identifier

under CERT-TYPE-VI.LicenselD

ASYMCIPHER 128-bit, Public Key Block Cipher Methods

COMP 128-bit, Lossless Compression Payload Methods

DIGEST 128-bit, One Way Message Digest and Cryptographic Hash Methods

128-bit, Message Identification and Authentication Signature

DIGSIG

Methods

CFV. FCS 128-bit, Integrity Frame Checking Sequence Methods

(1280

bits) 128-bit, Interactive Authentic Key Management and Exchange

KEYDISTRI

Methods

MACSIG 128-bit, Message Authentication Code Methods

PAD 128-bit, Padding Methods

RAND 128-bit, Random Bit Generation Methods

SYMCIPHER 128-bit, Secret Key Block Cipher with Mode of Operation Methods

AlgorithmID CFV-Definition (64 bit)

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F ... (512 bit)

Table 50: Example of a CA issued commercial user certificate of type CERT-TYPE -II. 1.4.12.2.4 CRL for Commercial User Certificates (Type-II)

This style of CRL-TYPE-II Certificate Revocation List is released from the respective CA for everybody. This revocation mechanism is used to invalidate previously issued commercial Type-II user certificates. The effect of this revocation is that the (single) CASTOR using that previously released user-certificate will be unable to transfer eCoins anymore. The user of a CASTOR has to acquire a new user certificate in case his/her user certificate is revoked. An exemplary CRL for commercial user certificates of Type-II is shown in Table 51.

Name Name of a CRL file, max. 20 characters

Type CRL-TYPE-II [revocation list for CERT-TYPE-II]

Version Version number [16-bit unsigned integer describing the data object version]

YYMMDDHHMMS SZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation]

CRLFormatVersion Version number 3

CRLSerialNumber Serial number [128-bit size]

http://www.UserSign.com [WebSiteAddress, 64

URL=

Chars, ISO 646 String]

Info@UserSign.com [EmailAddress, 64 Chars, ISO

Email=

646 String]

DNS= UserSign.com.root.user [DNS Network name]

IP= 2001 :0db8:85a3:08d3: 1319:8a2e:0370:7334 [IPv6]

US [ISO 3166 country code]

SP= Ohio, Lorain County [State or Province]

IssuerX500Name.

UserSign Trust Network Ltd. [Organization, 64 Chars,

CRL. 0=

ISO 646 String]

UserSign Headquarter [OrganizationalUnitName, 64

OU=

Chars, ISO 646 String]

X509.

Secretary of Certification Authorities [CommonName,

CN=

64 Chars, ISO 646 String]

2075 Grafton [Locality, 64 Chars, ISO 646 String]

South Avon Belden Road 13 [StreetAddress, 64 Chars,

ST=

ISO 646 String]

Today YYMMDDHHMMS SZ [UTCTIME]

UpdateTimes.

NextTime YYMMDDHHMMS SZ [UTCTIME]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate] Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

AlgorithmID CFV -Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F ...

Table 51 : Example of a CA issued revocation list of type CRL-TYPE-II. 1.4.12.2.5 CA Certificate (Type-Ill)

This style of CERT-TYPE-III is released from RCA to every valid CA. Therefore, every authorized CA owns a unique CA certificate. Without such valid certificate, CASTORs are unable to identify the selected CA as being valid for the eCash system. It is used for certifying user certificates of Type-I and Type-II by the CAs. An exemplary CA certificate is shown in Table 52.

Name Name of a CA certificate, max. 20 characters

Type CERT-TYPE-III [certificate for checking the signature identity of this CA]

Version Version number [16-bit unsigned integer describing the data object version]

YYMMDDHHMMS SZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation]

ProductID 128-bit product identifier (here eCash) with version and revision number

128-bit protocol identifier (here teleportation protocol) with version and revision

ProtocolID

number

LicenselD 128-bit license identifier (here eCash licensee)

CertificateFormatVersion Version number 3

Certificate SerialNumber Serial number [128-bit size]

Cert.

X509.

http://www.CASign.org [WebSiteAddress, 64 Chars,

URL=

ISO 646 String]

Info@CASign.org [EmailAddress, 64 Chars, ISO 646

Email=

String]

IssuerX500Name. DNS= CASign.org.root.user [DNS Network name]

IP= 2001 :0db8:85a3:08d3: 1319:8a2e:0370:7334 [IPv6]

DE [ISO 3166 country code]

SP= Schleswig-Holstein [State or Province] 0= CASign Ltd. [Organization, 64 Chars, ISO 646 String] ou= CASign Headquarter [OrganizationalUnitName, 64 Chars, ISO 646 String]

Secretary of CASign Affaires [CommonName, 64

CN=

Chars, ISO 646 String]

24118 Kiel [Locality, 64 Chars, ISO 646 String]

Hermann-Rodewald-StraBe 3 [StreetAddress, 64 Chars,

ST=

ISO 646 String]

notBefore YYMMDDHHMMS SZ [UTCTIME]

ValidityPeriod.

notAfter YYMMDDHHMMS SZ [UTCTIME]

Exmpl.: CASign Root Certification Authority (RCA)

IssuerUniqueldentifier

Central Issuing Service valid for all countries (128 bit)

Exmpl.: CASign Certification Authority (CA) Local

Subj ectUnique Identifier Issuing Service valid for only a single (DE) country

(128 bit)

Version 32-bit Identifier for the Domain Parameter Table

572-bits, field size, may be either an odd prime p or 2 m , m is prime

FR 572-bits, basis used

576-bits, field element that define the curve equation

576-bits, field element that define the curve equation

ECCDomainParamTable .

160*2-bits, optimal string for randomly generated

SEED

curve

572*2*2-bits, generating point, (x G , y G ) of prime order on the curve

572-bits, order of the point G

32-bits, cofactor, equal to the order of the curve divided by n

AlgorithmID CFV-Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F

Table 52: Example of a CA issued certificate of type CERT-TYPE-III. 1.4.12.2.6 CRL for CA Certificates (Type-Ill)

This style of CRL-TYPE-III Certificate Revocation List is released from the RCA for everybody. This revocation mechanism is used to invalidate previously issued CA certificates. The effect of this revocation is that all certificates issued from this CA institution will be invalidated. All CASTORs operated beneath a Type-I or Type-II user certificate released by a CA, the CA of which is revoked, will be unable to transfer eCoins anymore and have to acquire new users certificate. A CRL for CA certificate is shown in Table 53. Name Name of a CRL file, max. 20 characters

Type CRL-TYPE-III [revocation list for CERT-TYPE-III]

Version Version number [16-bit unsigned integer describing the data object version]

YYMMDDHHMMSSZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation]

CRLFormatVersion Version number 3

CRLSerialNumber Serial number [128-bit size]

CRL.

X509.

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

AlgorithmID CFV -Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F

Table 53: Example of an RCA issued revocation list of type CRL-TYPE-III. 1.4.12.2.7 eMint Certificate (Type-IV)

This style of CERT-TYPE-IV is released from RCA to every valid eMint. Therefore, every authorized eMint organization owns a unique eMint certificate. Without such valid certificate, CASTORs are unable to identify the selected eMint as being valid for the eCash system. The eMint certificate is used for checking eMint-issued CERT-TYPE-VII certificates and the list of currency editions. An exemplary eMint certificate is shown in Table 54.

Name Name of an eMint certificate, max. 20 characters

Type CERT-TYPE-IV [certificate for checking Type-VII CERTs of this eMint]

Version Version number [16-bit unsigned integer describing the data object version]

YYMMDDHHMMS SZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation]

ProductID 128-bit product identifier (here eCash) with version and revision number

ProtocolID 128-bit protocol identifier (here teleportation) with version and revision number

LicenselD 128-bit license identifier (here eCash licensee)

CertificateFormatVersion Version number 3

Certificate SerialNumber Serial number [128-bit size]

AlgorithmID CFV-Definition

K S:RCA:TYPE-IV,pub

PublicKey key part for authentication purposes

AlgorithmID CFV-Definition

RCA:TYPE-IV,pub

Keys. PublicKey key part for decryption purposes

AlgorithmID CFV-Definition

Cert. KQ s:RCA A public static PK part for (hybrid) DLC

PublicKey key exchange/agreement management schemes

http://www.eMint.org [WebSiteAddress, 64 Chars, ISO

URL=

646 String]

X509. Info@eMint.org [EmailAddress, 64 Chars, ISO 646

Email=

String]

DNS= eMint.org. root.user [DNS Network name]

IP= 2001 :0db8:85a3:08d3: 1319:8a2e:0370:7334 [IPv6]

DE [ISO 3166 country code]

IssuerX500Name. SP= Schleswig-Holstein [State or Province]

0= eMint Ltd. [Organization, 64 Chars, ISO 646 String] eMint Headquarter [OrganizationalUnitName, 64 Chars,

OU=

ISO 646 String]

Secretary of eMint Affaires [CommonName, 64 Chars,

CN=

ISO 646 String]

24118 Kiel [Locality, 64 Chars, ISO 646 String]

ST= Hermann-Rodewald-StraBe 3 [StreetAddress, 64 Chars, ISO 646 String]

notBefore YYMMDDHHMMS SZ [UTCTIME]

ValidityPeriod.

notAfter YYMMDDHHMMS SZ [UTCTIME]

Exmpl.: eMint Root Certification Authority (RCA) Central

IssuerUniqueldentifier

Issuing Service valid for all countries (128 bit)

Exmpl.: Cash eMinting Authority (eMint) Local Issuing

Subj ectUnique Identifier

Service (128 bit)

AlgorithmID CFV-Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F

Table 54: Example of an RCA issued eMint certificate of type CERT-TYPE-IV. 1.4.12.2.8 CRL for eMint Certificates (Type-IV)

This style of CRL-TYPE-IV Certificate Revocation List is released from the RCA for everybody. This revocation mechanism is used to invalidate previously issued CERT-TYPE-IV certificates. This revocation causes all certificates and signed objects (eCoins) issued from this eMint institution to get invalidated. eCoins minted and released by this eMint institution cannot be transferred any more. An exemplary CRL for eMint certificate is shown in Table 55.

Name Name of a CRL file, max. 20 characters

Type CRL-TYPE-IV [revocation list for CERT-TYPE-IV]

Version Version number [16-bit unsigned integer describing the data object version]

YYMMDDHHMMS SZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation]

CRL. CRLFormatVersion Version number 3

CRLSerialNumber Serial number [128-bit size]

X509. http://www.eMint.org [WebSiteAddress, 64 Chars, ISO

URL=

646 String]

IssuerX500Name.

Info@eMint.org [EmailAddress, 64 Chars, ISO 646

Email=

String] DNS= eMint.org. root.user [DNS Network name]

IP= 2001 :0db8:85a3:08d3: 1319:8a2e:0370:7334 [IPv6]

DE [ISO 3166 country code]

SP= Schleswig-Holstein [State or Province]

0= eMint Ltd. [Organization, 64 Chars, ISO 646 String] eMint Headquarter [OrganizationalUnitName, 64 Chars,

0U=

ISO 646 String]

Secretary of eMint Affaires [CommonName, 64 Chars,

CN=

ISO 646 String]

24118 Kiel [Locality, 64 Chars, ISO 646 String]

Hermann-Rodewald-StraBe 3 [StreetAddress, 64 Chars,

ST=

ISO 646 String]

Today YYMMDDHHMMS SZ [UTCTIME]

UpdateTimes.

NextTime YYMMDDHHMMS SZ [UTCTIME]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

AlgorithmID CFV-Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F

Table 55: Example of an RCA issued revocation list of type CRL-TYPE-IV. 1.4.12.2.9 CASTOR Product Certificate (Type-V)

This style of CERT-TYPE-V is released from RCA to every valid CASTOR firmware image (the location of this certificate is contained within the image). It is the validation at the eCash system application level. Therefore, every authorized CASTOR owns a unique CASTOR product certificate. Without such valid certificate, CASTORs are unable to identify themselves as valid and trustable members of the eCash system. The CASTOR Product Certificate is used for checking and proving a CASTORs authentic unique identity. The CFVs in this certificate are reflecting the firmware capabilities. An exemplary embodiment of a CASTOR product certificate is shown in Table 56.

Name Name of a CASTOR firmware certificate, max. 20 characters

CERT-TYPE-V [certificate for checking the firmware signature identity of an

Cert. Type

CASTOR]

Version Version number [16-bit unsigned integer describing the data object version] YYMMDDHHMMSSZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation]

ProductID 128-bit product identifier (here eCash) with version and revision number

ProtocolID 128-bit protocol identifier (here teleportation) with version and revision number

LicenselD 128-bit license identifier (here eCash licensee)

CertificateFormatVersion Version number 3

Certificate SerialNumber Serial number [128-bit size]

AlgorithmID CFV -Definition

PublicKey key part for authentication purposes.

AlgorithmID CFV -Definition

PublicKey key part for decryption purposes.

AlgorithmID CFV-Definition (128 bit)

¾:FW:Tl-API,pub

PublicKey Trustled-Boot-Phase: API Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: IPL Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: License Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: OS-Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: App Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: Tele Check

AlgorithmID CFV -Definition

X509. PublicKey Trustled-Boot-Phase: Weak Check

Keys. AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: Time Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: Init Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: Affi Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: PUF Check

AlgorithmID CFV-Definition (128 bit)

PublicKey Trustled-Boot-Phase: API Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: IPL Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: License Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: OS-Check

AlgorithmID CFV -Definition

PublicKey Trustled-Boot-Phase: App Check

KD:FW:T2-TELE,pub AlgorithmID CFV -Definition PublicKey Trustled-Boot-Phase: Tele Check

AlgorithmID CFV -Definition

FW:T2-WEAK,pub

PublicKey Trustled-Boot-Phase: Weak Check

AlgorithmID CFV -Definition

FW:T2-TIME,pub

PublicKey Trustled-Boot-Phase: Time Check

AlgorithmID CFV -Definition

FW:T2-INIT,pub

PublicKey Trustled-Boot-Phase: Init Check

AlgorithmID CFV -Definition

FW:T2-AFFI,pub

PublicKey Trustled-Boot-Phase: Affi Check

AlgorithmID CFV -Definition

FW:T2-PUF,pub

PublicKey Trustled-Boot-Phase: PUF Check

AlgorithmID CFV -Definition

s:RCA A public static PK part for (hybrid) DLC key

PublicKey

exchange/agreement management schemes www.eCash.org/root/... / [Directory pointer to find the "file of files,

RootDirectoryPtr

64 Chars, ISO 646 String]

Exmpl.: eCash Root Certification Authority (RCA) Central

IssuerUniqueldentifier

Issuing Service valid for all countries (128 bit)

Exmpl.: Owner of this certificate is a CASTOR identified

Subj ectUnique Identifier

under CERT-TYPE-VI.LicenselD

ASYMCIPHER 128-bit, Public Key Block Cipher Methods

COMP 128-bit, Lossless Compression Payload Methods

DIGEST 128-bit, One Way Message Digest and Cryptographic Hash Methods

DIGSIG 128-bit, Message Identification and Authentication Signature Methods

CFV.

FCS 128-bit, Integrity Frame Checking Sequence Methods

KEYDISTRI 128-bit, Interactive Authentic Key Management and Exchange Methods

MACSIG 128-bit, Message Authentication Code Methods

PAD 128-bit, Padding Methods RAND 128-bit, Random Bit Generation Methods

SYMCIPHER 128-bit, Secret Key Block Cipher with Mode of Operation Methods

Version 32-bit Identifier for the Domain Parameter Table

572-bits, field size, may be either an odd prime p or 2" m is prime

FR 572-bits, basis used

576-bits, field element that define the curve equation

576-bits, field element that define the curve equation

ECCDomainParamTable .

SEED 160*2-bits, optimal string for randomly generated curve

572*2*2-bits, generating point, (x G , yc) of prime order on the curve

572-bits, order of the point G

32-bits, cofactor, equal to the order of the curve divided by n

AlgorithmID CFV-Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F

Table 56: Example of an RCA issued CASTOR product firmware certificate of type CERT-TYPE-V. 1.4.12.2.10CRL for CASTOR Product Certificates (Type-V)

This style of CRL-TYPE-V Certificate Revocation List is released from the RCA for everybody. This revocation mechanism is used to invalidate previously issued CASTOR product certificates of Type V. The consequence of such revocation affects all CASTORs referenced in such CRL resulting in their deactivation. An exemplary CRL for CASTOR product certificates of Type-V is shown in Table 57.

Name Name of a CRL file, max. 20 characters

Type CRL-TYPE-V [revocation list for CERT-TYPE-V]

Version Version number [16-bit unsigned integer describing the data object version]

YYMMDDHHMMS SZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation]

CRLFormatVersion Version number 3

CRLSerialNumber Serial number [128-bit size]

http://www.eCash.org [WebSiteAddress, 64 Chars, ISO

URL=

646 String]

CRL

Info@eCash.org [EmailAddress, 64 Chars, ISO 646

Email=

String]

X509. DNS= eCash.org.root.user [DNS Network name]

IssuerX500Name. IP= 2001 :0db8:85a3:08d3: 1319:8a2e:0370:7334 [IPv6]

DE [ISO 3166 country code]

SP= Schleswig-Holstein [State or Province]

0= eCash Ltd. [Organization, 64 Chars, ISO 646 String] eCash Headquarter [OrganizationalUnitName, 64 Chars,

OU=

ISO 646 String] Secretary of eCash Affaires [CommonName, 64 Chars,

CN=

ISO 646 String]

24118 Kiel [Locality, 64 Chars, ISO 646 String]

Hermann-Rodewald-StraBe 3 [StreetAddress, 64 Chars,

ST=

ISO 646 String]

Today YYMMDDHHMMS SZ [UTCTIME]

UpdateTimes.

NextTime YYMMDDHHMMS SZ [UTCTIME]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

Serial number [128-bit size, reference to the revoked

RevokedCERTSerialNumber

certificate]

AlgorithmID CFV-Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F

Table 57: Examp e of an RCA issued revocation list of type CRL-TYPE-V.

1.4.12.2.11 CASTOR Root Certificate (Type-VI)

This style of CERT-TYPE-VI is released from the RCA during the hardware serialization, validation and certification. Due to its fundamental importance the meaning of that will be explaind in a few more words:

- Hardware serialization: This makes the CASTOR hardware unique identifiable, so the hardware (not the user) can be identified in the field. One mechanism to achieve that is the incorporation of 'LicenselD', 'CertificateSerialNumber' and fields contained within the 'Unit.' section of the described certificate. If - as an addition due to the security aspect - a (cocoon) PUF is integrated as an exemplary security element, this strengthens the process of serialization by adding a unique fingerprint to the hardware.

- Hardware validation: This focuses the generation of the certificate. It is technical the unique bindung of the data set items within the certificate, validated by the RCA through its digital signature to make the process of trust in the delegation and responsibility accountable for other parties.

- Hardware certification: This means the process of "finalization" of products - in the exemplary case the CASTOR hardware. After its (chip) production, the physical product is ready but not functional: It has to be certified by the IP owner, the RCA providing the describt certificate. Another aspect is, that within the release of the certificate, the product ID goes into the internal data base of the RCA, so that the RCA is now aware of the existence of the (in the exemplary case) CASTOR hardware.

This can be for example realized as described in the PCT application PCT/EP201 1/001219 by the same applicant or as described in the PCT application with the title "Tamper-Protected Hardware and Methods for using same" filed by the same applicant on 12.03.2012.

The CASTOR root (hardware) certificate is used for checking and proving a CASTOR authentic identity. The CFVs in this certificate are reflecting the hardware capabilities of the CASTOR. An exemplary CASTOR root certificate of Type-VI is shown in Table 58.

Name Name of the CASTOR root (hardware) certificate, max. 20 characters (20x8 bit)

Type CERT-TYPE-VI [certificate for checking the signature identity of an RCA] (8 bit)

Version Version number [16-bit unsigned integer describing the data object version]

YYMMDDHHMMS SZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation] (64 bit)

ProductID 128-bit product identifier (here eCash) with version and revision number

ProtocolID 128-bit protocol identifier (here teleportation) with version and revision number

Hash(Signed(K s CASTOR puDi pub, PUD I)), 128-bit license identifier (here CASTOR-

LicenselD

ID)

CertificateFormatVersion Version number 3 (8 bit)

Certificate SerialNumber Serial number [128-bit size]

AlgorithmID CFV-Definition (128 bit)

K S:CASTOR:PUDI,pub

PublicKey key part for authentication purposes

AlgorithmID CFV-Definition (128 bit)

K S:RCA:TYPE-VI,pub

PublicKey key part for authentication purposes

AlgorithmID CFV-Definition (128 bit)

RCA:TYPE-VI,pub

Keys. PublicKey key part for decryption purposes

Cert.

AlgorithmID CFV-Definition

KQ s:RCA A public static PK part for (hybrid) DLC key

PublicKey

exchange/agreement management schemes

AlgorithmID CFV-Definition

X509. KQ s:CASTOR A public static PK part for (hybrid) DLC key

PublicKey

exchange/agreement management schemes http://www.eCash.org [WebSiteAddress, 64 Chars, ISO

URL=

646 String]

Info@eCash.org [EmailAddress, 64 Chars, ISO 646

Email=

String]

DNS= eCash.org.root.user [DNS Network name] (64*8 bit)

2001 :0db8:85a3:08d3: 1319:8a2e:0370:7334 [IPv6] (128

IssuerX500Name. IP=

bit)

DE [ISO 3166 country code] (5*8 bit)

SP= Schleswig-Holstein [State or Province] (16 bit)

0= eCash Ltd. [Organization, 64 Chars, ISO 646 String] eCash Headquarter [OrganizationalUnitName, 64 Chars,

OU=

ISO 646 String] Secretary of eCash Affaires [CommonName, 64 Chars,

CN=

ISO 646 String]

24118 Kiel [Locality, 64 Chars, ISO 646 String]

Hermann-Rodewald-StraBe 3 [StreetAddress, 64 Chars,

ST=

ISO 646 String]

notBefore YYMMDDHHMMS SZ [UTCTIME] (64 bit)

ValidityPeriod.

notAfter YYMMDDHHMMS SZ [UTCTIME] (64 bit)

Exmpl.: eCash Root Certification Authority (RCA) Central

IssuerUniqueldentifier

Issuing Service valid for all countries (128 bit)

Exmpl.: The owner of this CASTOR: CERT-TYPE-

Subj ectUnique Identifier

VI.LicenselD

ASYMCIPHER 128-bit, Public Key Block Cipher Methods

COMP 128-bit, Lossless Compression Payload Methods

128-bit, One Way Message Digest and Cryptographic Hash

DIGEST

Methods

128-bit, Message Identification and Authentication Signature

DIGSIG

Methods

CFV. FCS 128-bit, Integrity Frame Checking Sequence Methods

128-bit, Interactive Authentic Key Management and Exchange

KEYDISTRI

Methods

MACSIG 128-bit, Message Authentication Code Methods

PAD 128-bit, Padding Methods

RAND 128-bit, Random Bit Generation Methods

SYMCIPHER 128-bit, Secret Key Block Cipher with Mode of Operation Methods

Brand Max. 20 characters (20x8 bit)

ProductLine Max. 4 characters (4x8 bit)

Slotl Max. 2 characters (2x8 bit)

Slot2 Max. 2 characters (2x8 bit)

Slot3 Max. 2 characters (2x8 bit)

Slot4 Max. 2 characters (2x8 bit)

Family Code.

Slot5 Max. 2 characters (2x8 bit)

Slot6 Max. 2 characters (2x8 bit)

Slot7 Max. 2 characters (2x8 bit)

Slot8 Max. 2 characters (2x8 bit)

Info. Creation 64-bits, when (Date, Time) was the DEVICE created

Unit.

Version/Revision 64-bits, version and revision code

64-bits, when (Date, Time) will the DEVICE be

Expiry

expired

Model 32-bits, identity info about the DEVICE model code

32-bits id about the DEVICE manufacturer (not the

Manufacturer

CASTOR chip)

ReleaseCode Release identification as version/revision code (64 bit)

SerialCode Identify uniquely the DEVICE (128 bit)

128-bits 'DEVICE License-Code', identify uniquely

CLC

the licensee of the product

64-bits, when (Date, Time) was the CASTOR chip

CASTOR. Creation

created

Table 58: Example of an RCA issued CASTOR Root certificate of type CERT-TYPE-VI.

Please note, there is no CRL for CASTOR root certificates foreseen in the transaction system, and the firmware of each CASTOR may even ensure a CRL for CASTOR root certificates (if encountered, e.g. due to an attack) won't be considered. Basically, a CRL revoked a CASTOR root certificate would thereby revoke the RCA's public verification key part K S: RCA:TYPE-vi,pub, which is used for validating all certificates in the eCash system. A revocation of this key would render the entire eCash system dysfunctional (kill switch). 1.4.12.2.12eMint Batch Production Certificate (Type-VII)

Every eMint has at least one or more batch production certificates for each currency (in case there is more than only a single currency), according to the number of issued eCoin batches so far released. These Type-VII certificates have to be present as long as there are still eCoins in the economy referring to them. Revoking a batch production certificate means revoking all eCoins of that batch (making the respective eCoins invalid). The standard method to clear Type-VII certificates no longer needed is to revoke them. Of course, this could only be done after the last eCoin relating to that batch production certificate is cleared or expired. The user initially loads batch production certificates during the currency setup process (by selecting the desired currencies, the respective eMints are identified). The user's eWallet/CASTOR contacts then these eMints and requests all batch production certificates from them with a relationship of the wanted currencies (if there is more than a single currency the user wants to have from a single or from multiple eMint(s)). In case a later update of a batch production certificate is required (e.g. the user selects a new currency, loads new eCoins referring to an unknown (new) Type-VII certificate, or a transaction partner's eWallet/CASTOR refers to a (new) batch production certificate the user's eWallet/CASTOR is not aware of), the required batch production certificate can be transferred off-line within the off-line transaction protocol or on-line directly from the source eMint. The implementation not to integrate additional fields directly into the eCoin certificate may be advantageous as it allows reducing the size of the eCoin. Alternatively, validity period and the transferability period of an eCoin could be indicated in the certificate as separate fields. This style of self-certified currency certificate is released from an eMint to everybody. Every eMint can issue as many different currencies as desired. For every production-batch of eCoins a new certificate of this type has to be published. This mechanism may be advantageous as it allows implementing an ageing-mechanism for the eCoins' transferability. The eMint will release new production batches of eCoins to replace the old ones in a regular manner. These certificates will be removed at the earliest from the eMint's public data repository after the last referenced eCoin has lost its transferability. Therefore, there may always be several eMint batch production certificates available from every single eMint. An exemplary eMint batch production certificate of Type-VII is shown in Table 59.

Name Name of an eMint batch production-currency-certificate, max. 20 characters

CERT-TYPE-VII-001 [certificate for checking the signature identity of own minted

Type

eCoins; three digit codes how many CERTs there are]

Version Version number [16-bit unsigned integer describing the data object version]

Cert.

YYMMDDHHMMS SZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation]

Serial. 128-bit serial number of the eMint Root Certificate [CERT-TYPE-IV]

CertificateFormatVersion Version number 3

X509.

Certificate SerialNumber Serial number [128-bit size] AlgorithmID CFV bit-array based definition

K S:eMint:CurrList,pub key part for authentication purposes (List

PublicKey

of Currency Editions)

AlgorithmID CFV bit-array based definition

K S:eMint:TYPE-VII,pub

PublicKey key part for authentication purposes.

AlgorithmID CFV bit-array based definition

K

Keys. S:eMint:TYPE-VIII,pub key part for authentication purposes

PublicKey

(e Coins)

AlgorithmID CFV bit-array based definition eMint:TYPE-VII,pub

PublicKey key part for decryption purposes.

AlgorithmID CFV bit-array based definition s:eMint A public static PK part for (hybrid) DLC

PublicKey key exchange/agreement management schemes

notBefore YYMMDDHHMMS SZ [UTCTIME]

ValidityPeriod.

notAfter YYMMDDHHMMS SZ [UTCTIME]

Exmpl.: eMint Cash eMinting Authority (eMint) Local

IssuerUniqueldentifier

Issuing Service (128 bit)

Exmpl.: eMint Cash eMinting Authority (eMint) Local

Subj ectUnique Identifier

Issuing Service (128 bit)

Identification of an eCoin batch, max. 20 characters {optional

ID

information}

Batch. CurrencylD Three character code (e.g. EUR)

Yes/No: is this "have to" trust money, legalized from the

LegalTender

government? {optional information} Identification of financial institution internal MSDB, max. 20

CodeDatabase

characters {optional information}

First unsigned integer {optional information}

Serial.

Last unsigned integer {optional information}

128-bit unsigned integer {optional

0.01

information}

128-bit unsigned integer {optional

0.02

information}

128-bit unsigned integer {optional

0.05

information}

128-bit unsigned integer {optional

0.10

information}

128-bit unsigned integer {optional

0.20

information}

128-bit unsigned integer {optional

0.50

information}

128-bit unsigned integer {optional information}

128-bit unsigned integer {optional

DenominationTableQuantity. information}

128-bit unsigned integer {optional information}

128-bit unsigned integer {optional

10

information}

128-bit unsigned integer {optional

20

information}

128-bit unsigned integer {optional

50

information}

128-bit unsigned integer {optional

100

information}

128-bit unsigned integer {optional

200

information}

128-bit unsigned integer {optional

500

information}

128-bit unsigned integer {optional

1000

information}

TotalAmount 128-bit unsigned integer {optional information}

YYMMDDHHMMS SZ

FullTransferability

[UTCTIME]

ExpirationLifeEnd.

YYMMDDHHMMS SZ

LimitedTransferability

[UTCTIME]

Version 32-bit Identifier for the Domain Parameter Table

ECCDomainParamTable . 572-bits, field size, may be either an odd prime p or 2" m is prime FR 572-bits, basis used

a 576-bits, field element that define the curve equation b 576-bits, field element that define the curve equation

SEED 160*2-bits, optimal string for randomly generated curve

572*2*2-bits, generating point, (x G , yc) of prime order

G

on the curve

n 572-bits, order of the point G

32-bits, cofactor, equal to the order of the curve divided h

by n

AlgorithmID CFV-Definition

Signature.

DigestKey Exmpl. 7453 FDC5 AE52 063D AC4F ...

Table 59: Example of an eMint issued currency batch-production-certificate of type CERT-TYPE-VII. 1.4.12.2.13 CRL for eMint Batch Production Certificates (Type-VII)

This style of certification revocation list CRL-TYPE-VII is self-released from the respective eMint for everybody. This revocation-mechanism is used to invalidate previously self-issued eMint batch production certificates. There is only a single CRL for eMint batch production certificates per eMint. This revocation causes all eCoins originating from the revoked production-batches get invalidated. All eCoins of that batch will lose their transferability. Such revocation will be a standard procedure for the eMint, to be executed once all eCoins of that batch have lost their transferability over time. An exemplary CRL for eMint batch production certificates is shown in Table 60.

Name Name of a CRL file, max. 20 characters

Type CRL-TYPE-VII [revocation list for CERT-TYPE-VII]

Version Version number [16-bit unsigned integer describing the data object version]

YYMMDDHHMMS SZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation]

CRLFormat Version Version number 3

CRLSerial Number Serial number [128-bit size]

http://www.eMint.de [WebSiteAddress, 64

URL=

Chars, ISO 646 String]

CRL.

Cash@eMint.de [EmailAddress, 64 Chars,

Email=

ISO 646 String]

eMint.de. root.customer [DNS Network

X509. DNS=

name]

IssuerX500 Name.

2001 :0db8:85a3:08d3: 1319:8a2e:0370:7334

IP=

[IPv6]

DE [ISO 3166 country code]

SP= Hessen [State or Province]

eMint AG [Organization, 64 Chars, ISO 646

0=

String] eMint Headquarter

OU= [OrganizationalUnitName, 64 Chars, ISO 646

String]

Chair of Supervisory Board [CommonName,

CN=

64 Chars, ISO 646 String]

60325 Frankfurt am Main [Locality, 64 Chars, ISO 646 String]

Taunusanlage 12 [StreetAddress, 64 Chars,

ST=

ISO 646 String]

Today YYMMDDHHMMS SZ [UTCTIME]

UpdateTimes.

NextTime YYMMDDHHMMS SZ [UTCTIME]

Serial number 12345678 [128-bit size,

RevokedCERTSerialNumber

reference to the revoked certificate]

Serial number 12345678 [128-bit size,

RevokedCERTSerialNumber

reference to the revoked certificate]

Serial number 12345678 [128-bit size,

RevokedCERTSerialNumber

reference to the revoked certificate]

Serial number 12345678 [128-bit size,

RevokedCERTSerialNumber

reference to the revoked certificate]

Serial number 12345678 [128-bit size,

RevokedCERTSerialNumber

reference to the revoked certificate]

AlgorithmID CFV -Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F

Table 60: Example of an eMint issued batch-production revocation-list of type CRL-TYPE-VII.

1.4.12.3 Electronic Coins

The eCoins in the transaction system described herein may be provided in form of a (shortened) certificate according to X.509 (version 3). Please note that the certificate of an eCoin may be shortened in that it may not contain all non-optional elements of a X.509-compliant certificate (version 3) as will be shown below. An eCoin respectively the certificate should comprise at least an identifying descriptor item (e.g. serial number) (e.g. in form of a Globally Unique Identifier (GUID)) and the value of the eCoin, and a signature on these two pieces of information by the issuing authority (eMint). Furthermore, in a multi-currency transaction system, the eCoin may further indicate a currency identifier (e.g. in form of a three character code) indicating the currency of the eCoin.

Further, the eCoins may also contain additional information facilitating the eCoin administration in the transaction system, such as for example an indication of the identifying descriptor item (e.g. serial number) of a batch production certificate (Type-VII), a version number or a type-code (Type-VIII) claiming the certificate structure being an eCoin. Furthermore, each eCoin may have a validity period (i.e. a date (and time) when it is expiring). In some embodiments of the invention, each eCoin has both a validity period and a transferability period (both indicated by the date and time of its respective expiry). The eCoins may be transferred freely from device to device within the transferability period. After expiry of the transferability period, the eCoin needs to be cleared with the issuing authority, prior to the expiry of its validity period. In one embodiment, the validity period and the transferability period are indicated in the batch production certificate (Type-VII) of the batch production of eCoins to which the respective eCoin belongs. As indicated above, each eCoin may comprise a reference to its batch production certificate (Type-VII) so that the CASTOR can obtain the validity period and the transferability period for each eCoin from its batch production certificate (Type-VII).

1.4.12.3.1 eCoin Certificate (Type-VIII)

An exemplary eCoin in form of an eCoin certificate (Type-VIII) according to an exemplary embodiment of the invention is shown in Table 61.

1.4.12.3.2 CRL for eCoin Certificates (Type-VIII)

The issuing authority (eMint) may invalidate individual eCoins by including them in a CRL for eCoins. An exemplary CRL for eCoins is shown in Table 62.

0= eMint AG [Organization, 64 Chars, ISO 646

String]

ou= eMint Headquarter [OrganizationalUnitName, 64

Chars, ISO 646 String]

Chair of Supervisory Board [CommonName, 64

CN=

Chars, ISO 646 Stringl

60325 Frankfurt am Main [Locality, 64 Chars,

L=

ISO 646 String]

Taunusanlage 12 [StreetAddress, 64 Chars, ISO

ST=

646 String]

Today YYMMDDHHMMS SZ [UTCTIME]

UpdateTimes.

NextTime YYMMDDHHMMS SZ [UTCTIME]

RevokedCoinSerial Serial number [128-bit size, reference to the revoked eCoin]

RevokedCoinSerial Serial number [128-bit size, reference to the revoked eCoin]

RevokedCoinSerial Serial number [128-bit size, reference to the revoked eCoin]

• · · • · ·

RevokedCoinSerial Serial number [128-bit size, reference to the revoked eCoin]

RevokedCoinSerial Serial number [128-bit size, reference to the revoked eCoin]

AlgorithmID CFV -Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F ...

Table 62: Example of an eCoin revocation list of type CRL-TYPE-VIII.

An eCoin revocation CRL of Type-VIII is self-released from the respective issuing authority. This revocation mechanism is used to invalidate previously self-issued eCoins. There may be only one single CRL-file per currency edition issued by an issuing authority. The effect of this revocation is that all eCoins concerned by this list become invalidated (they lose their purpose).

1.4.12.4 Directory - "List of Files "

Within the CASTOR Product Certificate (Type-V), the URL to the directory containing all "List of Files" is supplied. It is referenced under CERT-TYPE-V.X509.RootDirectoryPtr. The supplied files are presented below.

1.4.12.4.1 List of RCAs

To help a CASTOR find the RCA(s), the eCash organization supplies a "List of RCAs" file database repository. It comprises a single list (file) containing in principle all accredited RCA organizations available to the public in the whole eCash system (however, in most cases there is only a single one). A CASTOR user has to contact a listed RCA to find the CRL-TYPE-III, CRL-TYPE-V, CRL-TYPE- r Certificate Revocation Lists or other supplied materials. This single list (file) is maintained by the eCash organization.

Name The name of this LIST-OF-RCAs-FILE

LIST-OF-RCAs [global list of the accredited RCA organization

Type

List of available]

RCAs. Version number [16-bit unsigned integer describing the data object

Version

version]

DTStamp YYMMDDHHMMS SZ [UTCTIME as Date & Time stamp for the time of generation]

C= US [ISO 3166 country code]

http://www.eCash.org [WebSiteAddress, 64 Chars, ISO

[0001] URL=

646 String]

DNS= eCash.org.root.user [DNS Network name]

AlgorithmID CFV -Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F ...

Table 63: Example of an eCash organization issued 'List of RCA' database repository. 1.4.12.4.2 List of CAs

To help a CASTOR to find its relevant CA, the RCA organization supplies a 'List of CAs' database repository. It comprises a single list (file) containing all accredited CA organizations in the whole eCash system available to the public. The user of a CASTOR has to choose his national CA to obtain a user certificate Type-I/II and the respective CRLs in the next step. This single list (file) is maintained by the RCA.

Table 64: Example of an RCA issued 'List of CAs' database repository. 1.4.12.4.3 List ofeMints

To help a CASTOR to find his relevant eMint, the RCA organization supplies a 'List of eMints' database repository. It comprises a single list (file) containing all accredited eMint organizations in the whole eCash system available to the public. The user of a CASTOR has to choose his eMint(s) to obtain the 'List of Currency Editions' file, the eMint batch production certificates, the desired currency (or currencies), and their respective CRLs in the next step. This single list (file) is maintained by the RCA.

The currencies issued by an eMint are NOT indicated within this list because that is a 'local eMint' decision taken by that authority without the need to ask or inform other authorities for/about cooperation.

1.4.12.4.4 List of Currency Editions

To help a CASTOR find the currency of interest, every eMint supplies a 'List of Currency Editions' database repository. This single list (file) contains all currencies minted by this eMint available to the public. A CASTOR user has to choose the desired currencies by loading the eMint batch-production- certificate Type-VII (and their corresponding eCoins) in the next step. Such single list (file) is maintained by every eMint-organization. It is possible to have more than one currency batch simultaneously active under the same currency ID.

Name The name of this LIST-OF-CURRENCY-EDITIONs-FILE

List of

Currencies. LIST-OF-CURRENCIE-EDITIONs [global list of all available currencies

Type

available by this eMint] Version number [16-bit unsigned integer describing the data object

Version

version]

YYMMDDHHMMSSZ [UTCTIME as Date & Time stamp for the time of

DTStamp

generation]

ID Three character code (e.g. EUR)

Name of current eMint batch-production

Name

currency-certificate, max. 20 char.

Identification of an eCoin batch, max. 20

Current batch

Currency characters {optional information}

CertType CERT-TYPE-VII

Certificate SerialNumber Serial number [128-bit size]

YYMMDDHHMMSSZ [UTCTIME as Date &

DTStamp

Time stamp for the first appearance]

ID Three character code (e.g. EUR)

Name of current eMint batch-production

Name

currency-certificate, max. 20 characters

Identification of an eCoin batch, max. 20

Current batch

Currency characters {optional information}

CertType CERT-TYPE-VII

Certificate SerialNumber Serial number [128-bit size]

YYMMDDHHMMSSZ [UTCTIME as Date &

DTStamp

Time stamp for the first appearance]

ID Three character code (e.g. USD)

Name of current eMint batch-production

Name

currency-certificate, max. 20 characters

Identification of an eCoin batch, max. 20

Current batch

Currency characters {optional information}

CertType CERT-TYPE-VII

Certificate SerialNumber Serial number [128-bit size]

YYMMDDHHMMSSZ [UTCTIME as Date &

DTStamp

Time stamp for the first appearance]

ID Three character code (e.g. CHF)

Name of current eMint batch-production

Name

currency-certificate, max. 20 characters

Identification of an eCoin batch, max. 20

Current batch

Currency characters {optional information}

CertType CERT-TYPE-VII

Certificate SerialNumber Serial number [128-bit size]

YYMMDDHHMMSSZ [UTCTIME as Date &

DTStamp

Time stamp for the first appearance]

ID Three character code (e.g. GBP)

Name of current eMint batch-production

Name

currency-certificate, max. 20 characters

Identification of an eCoin batch, max. 20

Currency Current batch

characters {optional information}

CertType CERT-TYPE-VII

Certificate SerialNumber Serial number [128-bit size]

DTStamp YYMMDDHHMMSSZ [UTCTIME as Date & Time stamp for the first appearance]

AlgorithmID CFV-Definition

Signature.

DigestKey Exmpl.: 7453 FDC5 AE52 063D AC4F ...

Table 66: Example of an e Vlint supplied 'List of Currency Editions' database repository.

List of System Updates

To keep CASTORs up-to-date and as part of the security strategy, the RCA organization supplies a 'List of System Updates' database repository. It is a single list (file) always containing the most recent updates of CASTOR relevant code and data objects available to the public. The user of a CASTOR accesses this list to share the most recent developments and fixes by downloading and auto-installing listed improvements. This single list (file) and the respective binaries are maintained by the RCA- organization.

Table 67: Example of an RCA supplied 'List of System Updates' database repository. 1.4.12.6 Controls

1.4.12.6.1 Control Challenges

Currently, only CRLs are prepared to be distributed.

Table 68: Example of a challenge control object used in the eCash system. 1.4.12.6.2 Control Responses Type 1

Currently, only CRLs are prepared for distribution.

Entity Principal identification for the responses (Alice or Bob)

Status NULL / OBJECT / REQUEST

Type-I/II.

Data Transferred object or empty slot

Status NULL / OBJECT / REQUEST

Response l . Type-Ill.

CRL. Data Transferred object or empty slot

Status NULL / OBJECT / REQUEST

Type-IV.

Data Transferred object or empty slot

Type-V. Status NULL / OBJECT / REQUEST Data Transferred object or empty slot

Status NULL / OBJECT / REQUEST

Type-VII.

Data Transferred object or empty slot

Status NULL / OBJECT / REQUEST

Type-VIII.

Data Transferred object or empty slot

Table 69: Example of a challenge response Type 1 object used in the eCash system. 1.4.12.6.3 Control Responses Type 2

Currently, only CRLs are prepared for distribution.

Table 70: Example of a challenge response Type 2 object used in the eCash system. 1.4.12.7 eDoc Type Objects

1.4.12.7.1 eDoc Type [I] Objects

Not all fields are filled for all valid transaction, some of them remain empty. For the case specific view concerning the presented off-line transaction protocol messages please refer to the subtypes of the eDoc[I] container. The following table comprehensively represents the generalized outward pre-flow (complete) super structure form of the eDoc[I] object.

Transaction session ID for this specific protocol-run. It links

TSID

this object to a transfer session. (32 bit)

Date The (starting) date of the protocol-run. (32 bit)

eDoc[I]. eRequest. Time The (starting) time of the protocol-run. (32 bit)

Alice's CASTOR serial Alice's serial number of her CASTOR. (128 bit)

Bob's CASTOR serial Bob's serial number of his CASTOR. (128 bit)

Alice UserCertRef Alice's certification authority issued reference serial number

Table 71 : Example of the blueprint for the super structure for a complete eDoc[I] format object.

1.4.12.7.1.1 eDoc (Sub) Type [I la ] Objects

The following table comprehensively represents the Matroska pre-flow container structure form of the eDoc[Iia] object used in message [5a] and message [6b] .

Table 72: Example of the blueprint structure for a container eDoc[Ii a ] format object. 1.4.12.7.1.2 eDoc (Sub) Type [I 2a ] Objects

The following table comprehensively represents the Matroska pre-flow container structure form of the eDoc[I 2a ] object used in message [6a] .

Table 73 : Example of the blueprint structure for a container eDoc[I 2a ] format object. 1.4.12.7.2 eDoc Type [II] Objects

Not all fields are filled for every valid transaction, some of them remain empty. For the case specific view concerning with the presented off-line transaction protocol messages please refer to the subtypes of the eDoc[II] container. The following table presents the generalized outward mid-flow (complete) super structure form of the eDoc[II] object.

Table 74: Blueprint example of the super structure for a complete eDoc[II] format object. 1.4.12.7.2.1 eDoc (Sub) Type [II a ] Objects

The following table comprehensively represents the Matroska mid-flow container structure form of the eDoc[II a ] ob ect used in message [7a] .

Table 75 : Example of the blueprint structure for a container eDoc[II a ] format object. 1.4.12.7.2.2 eDoc (Sub) Type [II b ] Objects

The following table comprehensively represents the Matroska mid-flow container structure form of the eDoc[II b ] ob ect used in message [7b] .

Table 76: Example of the blueprint structure for a container eDoc[II b ] format object. 1.4.12.7.3 eDoc Type [III] Objects

Not all fields are filled for every valid transaction, some of them remain empty. Please refer for the case specific view for a match with the presented off-line transaction protocol messages to the subtypes of the eDoc[III] container. The following table presents the generalized outward post-flow (complete) super structure form of the eDoc[III] object.

Following the CFV-

AlgorithmlD.

definition.

SignatureFromAlice/Bob .

Exmpl.: 7453 FDC5 AE52

DigestKey.

063D AC4F ...

Following the CFV-

AlgorithmlD.

definition.

SignatureFromBob/Alice .

Exmpl.: 7453 FDC5 AE52

DigestKey.

063D AC4F ...

Source Entity. Alice or Bob.

SN, SN, SN, SN, SN, SN, ... , SN, SN.

SerialNumbers.

(expectancy value 10 * 128 bit)

AlgorithmlD. Following the CFV -definition.

Signature. Exmpl. 7453 FDC5 AE52 063D

DigestKey.

Main Secret Serials. AC4F .

Following the

AlgorithmlD.

CFV -definition.

SignatureFromAlice/Bob . Exmpl.: 7453

DigestKey. FDC5 AE52 063D

AC4F ...

Content, logic and visual presentation of the electronic

HTML5 Script.

receipt, incl. DFD-based keywords (data collection).

Source Entity. | Bob or Alice. (8 bit)

SN, SN, SN, SN, SN, SN, ... , SN, SN.

Change SerialNumbers.

(expectancy value 5 x 128 bit)

Secret

AlgorithmlD. Following the CFV -definition.

Serials.

Signature. Exmpl. 7453 FDC5 AE52 063D

DigestKey.

AC4]

eReceipt.

Following the CFV-

AlgorithmlD.

definition.

SignatureFromBob/Alice .

Exmpl.: 7453 FDC5 AE52

DigestKey.

063D AC4F ...

Following the CFV-

AlgorithmlD.

definition.

SignatureFromAlice/Bob .

Exmpl.: 7453 FDC5 AE52

DigestKey.

063D AC4F ...

Entity. | Alice or Bob. (8 bit)

DropoutStateCase. | (Null, Ala, B la, Alb, Bib, WC)

Affidavit.

AlgorithmlD. | Following the CFV-definition.

Signature.

DigestKey. Exmpl.: 7453 FDC5 AE52 063D AC4F

Table 77: Example of the blueprint for the super structure of a complete eDoc[III] format object. 1.4.12.7.3.1 eDoc (Sub) Type [III a ] Objects

The following table comprehensively represents the Matroska post-flow container structure form of the eDoc[III a ] object used in message [8a].

Transaction session ID for this specific protocol-

TSID

run. It links this object to a transfer session.

Date The (starting) date of the protocol-run.

Time The (starting) time of the protocol-run.

eDoc [III a ] . eRequest.

Alice's CASTOR serial Alice's serial number of her CASTOR.

Bob's CASTOR serial Bob's serial number of his CASTOR.

Alice's certification authority issued reference

AliceUserCertRef

serial number of her user certificate. Serials. (expectancy value 5 * 128 bit)

AlgorithmlD. Following the CFV -definition.

Signature. Exmpl. 7453 FDC5 AE52 063D

DigestKey.

AC4F .

AlgorithmlD. Following the CFV -definition.

SignatureFromBob . Exmpl. 7453 FDC5 AE52 063D

DigestKey.

AC4F .

Entity. Alice or Bob. (8 bit)

DropoutStateCase. | (Null, Ala, B la, Alb, B ib, WC)

Affidavit.

AlgorithmlD. Following the CFV-definition.

Signature.

DigestKey. Exmpl.: 7453 FDC5 AE52 063D AC4F

Table 78: Example of the blueprint structure for a container eDoc[III a ] format object.

1.4.12.7.3.2 eDoc (Sub) Type [III b ] Objects

The following table comprehensively represents the Matroska post-flow container structure form of the eDoc[III b ] ob ect used in message [8b] .

It should be further noted that the individual features of the different embodiments of the invention may be individually or in arbitrarily combined to form subject matter of another invention encompassed by this description like the one with the title "Tamper-Protected Hardware and Methods for using same" filed by the same applicant on 12.03.2012.

It would be appreciated by a person skilled in the art that numerous variations and/or modifications may be made to the present invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects to be illustrative and not restrictive.