For Information Release
September 11, 1996

NTT Implements A New Electronic Money Experimental System

- Adopts a new scheme with improved security, reliability and efficiency -

Nippon Telegraph and Telephone Corporation (NTT) has developed a new electronic money experimental system which offers better security, reliability and efficiency than the experimental system presented in December, 1995. This new experimental system upgrades the feature of the previous version so that it guarantees customers' privacy and resists invalid usage efficiently by means of cryptographic techniques. Utilizing the results of our joint research with the Institute for Monetary and Economic Studies, Bank of Japan, the new system will improve the previous system as follows:
While the previous system mainly relied on a post-transaction detection method to prevent overspending, the new system adopts a data protection measure based on smart card device technology. As a result, the new system guarantees higher security.
In the previous system, each bank issued its own electronic money and also provided related services. The new system introduces an institute that is independent of the banks, to issue and distribute electronic money. With the system, multiple banks can jointly provide common electronic money services.
In the previous system, the size of the database to detect invalid usage of electronic money increased with the number of payments made. The new system solves this problem by introducing a new scheme that will substantially reduce the rate of database growth.
The electronic money in the new system is divisible into arbitrary smaller pieces and transferable from one customer to another in a practical amount of time.

I. Development Background

As the Internet expands, a variety of trials for realizing electronic payment systems have been made in many countries. In particular, electronic money, which is electronic data embodying monetary value and exchangeable through open networks, has been extensively researched and experimented; it is regarded as the infrastructural technology for the realization of electronic commerce.

NTT announced an experimental electronic money system for the Internet in December, 1995. This system was developed for online shopping through networks under the concept of practical electronic money as convenient and secure as cash. The security of the system was protected by sophisticated cryptographic techniques, in addition to physical or device techniques (tamper-resistance). Moreover, unlike the simple application of credit card payments to an open network environment, customers' privacy was protected by keeping customers' purchase history untraceable either by the issuers or by the merchants.

However, the system had the following problems:

Since the post-transaction detection method was the main protection against overspending, a customer who overspent could be detected and identified eventually, but detection came only after the crime was committed.
Since each bank was assumed to issue its own electronic money in the previous system, there were the problems of compatibility among the electronic monies issued by many banks and effective inter-bank settlement procedures.
Data of all spent electronic money had to be stored in the banks' database to detect overspending. Therefore, there was a problem of the database becoming extremely large as the amount of money issued grew.
There were practical limitations in dividing electronic money into arbitrary smaller pieces and transferring electronic money between individuals.
NTT has been working to overcome the above problems and has now developed a new improved experimental system. This new system utilizes the results of the joint research conducted by the Institute for Monetary and Economic Studies, Bank of Japan, and NTT Information and Communication Systems Laboratories.

II. Technical Features

Improved security

Since the procedure used to prevent overspending has been simplified and NTT's efficient signature scheme is used, payment can be realized quickly enough to permit practical use even with general-purpose smart cards.

Therefore, NTT can choose among any of the following methods to detect overspending:

The post-transaction detection method already used in the previous version of NTT's system.
The overspending prevention method by the physical integrity of the smart card during the payment procedure.
The online checking method of overspending at the issuing institute, where the crime is detected in progress and then prevented.

By combining these measures, multiple protections against various types of overspending are available. For example, overspending is already very difficult for ordinary people just because of basic smart card device techniques, and even if a smart card is analyzed and forged at high cost, such forgery can be detected by the post-transaction detection method with cryptographic techniques. These security measures can be flexibly combined depending on the payment amount, cost requirements and other conditions.

Common electronic money shared by many banks

For the convenience of customers, NTT has developed a technique that lets many banks share a common electronic money system. For this purpose, a new institute, which specializes in issuing electronic money, is introduced. The settlement of common electronic money among banks can be done through this institute thereby allowing multiple banks to exchange common electronic money. Each individual holds an account at a bank and withdraws an amount from the account, and obtains electronic money. The issuing institute will send the electronic money to the individual at the bank's request. Only the issuing institute has the database of already issued money and by using this, checks the validity of newly spent money which is returned from a bank to the institute for settlement.

Reduction in required storage resources

NTT has developed a scheme that reduces the database size in the issuing institute, while at the same time preserving the customers' privacy. To check the overspending of electronic money, the previous system had to store records of all already spent money in the database.
In the new system, money that is spent and returned to the issuing institute through the banks is deleted from the database. Hence, the database holds only data of currently active monies; the required storage resources can be greatly reduced.

Divisibility and transferability among individuals

Since the procedure of checking overspending has been simplified etc.,division of electronic money into many pieces of arbitrary value, and the transfer of electronic money from one individual to another is now possible.

III. Usage of Electronic Money

Registration of customers

Customers (of electronic money) register their public keys to be certified by the registration center. The certificate guarantees the validity of its associated public key.

Withdrawal of electronic money

The procedure of withdrawing electronic money consists of two steps: (i) Get a ticket from the customer's bank, and (ii) Get electronic money from the issuing institute by submitting the ticket. A cryptographic technique called "blind signature" ensures customers' privacy when getting the ticket.
The above institute issues electronic money in exchange for the ticket. The issued money is certified by a signature of the institute.

Payment (or transfer) of electronic money

The payment (or transfer) of electronic money consists of a delivery of electronic money with the payer's signature to the payee. Actual payment is completed after a few transactions of messages between the payer and the payee. The electronic money used in the payment is certified by a signature of the payer.

Deposit of electronic money

It is possible for a customer or a merchant to deposit electronic money by transferring the information described in (3) to a bank, from which the information is transferred to the issuing institute.

Return of electronic money

The electronic money deposited to a bank will be returned to the issuing institute. Overspending is checked by comparing the returned money with the record of issued money held at the institute.

Identification of a malicious customer

If overspending is detected, the issuing institute extracts the alleged customer's public key and its signature and sends to the registration center which identifies the malicious customer through its database.

IV. Future Plans

NTT will continue to conduct R&D on electronic money focusing on the implementation of smart card schemes and cost reduction for micro-payments. The company will also cooperate with related organizations with regard to system construction and operation.