ANONUS: Anonymous Bonus Point System with Fraud Detection

Bonus point systems are widely used for rewarding customer loyalty in both traditional and electronic commerce scenarios. Merchants aim to additionally increase revenue by targeted advertising using customer data. At the same time, customers wish to protect their privacy of what they purchase. Common systems neither provide sufficient protection of privacy, nor protect the customers' identities. Anonymity makes it significantly harder to properly resolve claims of fraudulent transactions, because identities are not recorded for any purpose after a transaction has been committed. We propose an anonymous bonus system based on digital payment systems using blind cryptographic signatures. We implement a protocol extension that allows proof of bonus point possession in case of reported misbehavior, and we identify the implications on security, privacy, and performance of our proposals. Our results show that we can resolve these cases of fraud within the system without losing functionality in the bonus point protocol.

[1]  V. Shen,et al.  A BLIND SIGNATURE BASED ON DISCRETE LOGARITHM PROBLEM , 2011 .

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[4]  Philip S. Yu,et al.  A General Survey of Privacy-Preserving Data Mining Models and Algorithms , 2008, Privacy-Preserving Data Mining.

[5]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[6]  Chris Clifton,et al.  SECURITY AND PRIVACY IMPLICATIONS OF DATA MINING , 1996 .

[7]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[8]  E. Mohammed,et al.  A blind signature scheme based on ElGamal signature , 2000, IEEE/AFCEA EUROCOMM 2000. Information Systems for Enhanced Public Safety and Security (Cat. No.00EX405).

[9]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[10]  Yvo Desmedt,et al.  A Chosen Text Attack on the RSA Cryptosystem and Some Discrete Logarithm Schemes , 1986, CRYPTO.

[11]  Paulo Sérgio Almeida,et al.  ID generation in mobile environments , 2006 .

[12]  P. K. Kannan,et al.  The customer economics of internet privacy , 2002 .

[13]  Simon Josefsson,et al.  The scrypt Password-Based Key Derivation Function , 2016, RFC.

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[15]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[16]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[17]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[18]  Tobias Straub,et al.  An anonymous bonus point system for mobile commerce based on word-of-mouth recommendation , 2004, SAC '04.

[19]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .