article

Digital Cash

The Choices Are Growing

The most recent Internet media spotlight has focused on electronic commerce--here is a guide to the current methods of making money through the Web.

by Marshal M. Rosenthal

There's an old saying among freelancers: "Making money isn't the problem--it's the collecting the money that's hard." On the Internet, it becomes keeping your money that's the issue. Not because there are so many things to buy on-line that you can't control yourself, but because a net-thief might read your credit card or somehow "steal" the personal information you give a vendor on the 'Net in order to make a purchase.

This potential security hole leaves merchants, and others looking to exploit this huge potential on-line market with two choices: use conventional follow-up systems like faxes and phone numbers to make the customer feel more secure, or develop better systems of on-line security. While the first will probably continue, it's the second choice that interests us--the advent of "Digital Cash".

First, a brief primer on encryption. Encryption is the mechanism used to protect information while it is being transmitted between a customer and a merchant on the Internet. While encryption was originally used to protect clandestine communications from eavesdropping, it is now widely used commercially. The US Government generally restricts the export of "strong", i.e., hard-to-break encryption technology.

All digital cash systems are based on some form of encryption. Encryption is used in these systems to:

Encryption is, roughly speaking, used to convert between meaningful information and what is apparently pseudo-random gibberish. While a detailed description of encryption is beyond the scope of this article, encryption mechanisms fall into two broad classes: private-key and public-key. In a private-key system, there is a single "shared secret"--the private key--which is used both for encryption and decryption. In public-key systems there are two keys, one private and another public. The public key is widely published, while the secret key is kept confidential; either key may be used for encryption or decryption, depending upon the application. In general, private-key systems are used for "protecting" information, since private-key algorithms are faster than public-key systems. But public-key systems are used for other purposes, such as digital identification and so forth.

*Netscape uses the Secure Sockets Layer (SSL) in their Commerce Server to provide server authentication, data encryption, and message integrity. SSL provides capabilities similar to the more familiar "Berkeley sockets" or Winsock services. SSL sits between the application protocols such as HTTP, Telnet, FTP, etc., and the underlying transport, such as TCP/IP. But unlike an ordinary socket connection, once your web browser has established a connection to a server using SSL, you know which merchant you are connected to, and you know that your communication with that merchant is secure from eavesdropping or tampering.

The method used to establish identity is based upon an object called a digital certificate. A digital certificate simply ties together a public key with, say, the name and address of a customer or merchant. The trick is that these certificates are "signed" by a trusted third party, in much the same way that a passport is "signed" by the government that issues it. *VeriSign, a spin-off from RSA Data Security, is in the business of issuing these certificates which they call Digital IDs.

For a bit more on the process, we hear from Tom Smith of Niehaus Ryan Haller Public Relations, who handle VeriSign: "VeriSign issues Digital IDs to provide verification of a user's identity, authentication of message integrity (i.e., proof that the message has not been altered during transmission) and authorization to perform certain tasks (For instance, Digital IDs can provide authorization to use a credit card or access corporate information). These capabilities make it nearly impossible to refute an electronic transaction at a later date.

"Secure web servers using SSL must obtain a digital certificate to enable the encryption of transactions between a web server and client. VeriSign Digital IDs are the currently the only digital certificates available to the public. The Digital ID contains the name of the server owner, the server's public key, the serial number of the Digital ID, the Digital ID's expiration date and a digital signature from VeriSign attesting that VeriSign has performed the appropriate background check on the server owner's identity." Once issued, the Digital ID can be used with any applications that agree to recognize its validity like Netscape's clients and servers. To increase the process, VeriSign introduced four classes of Digital IDs, each class escalating the level of identity assurance."

Netscape's Navigator is probably the best known browser. Netscape provides built-in encryption-based security with its Secure Courier Protocol (still under development at the time of this writing). Netscape has aligned itself with VeriSign, which provides digital identification. Netscape Navigator 2.0 users are able to secure their on-line transactions and communications, and the VeriSign Digital IDs allow end users and merchants to confirm each other's identities.

Which brings us to the main choice for digital money control; software packages designed to interact between the user's web browser and the web site. Keep in mind that this is an evolving technology--one that moves as quickly as the appearances of web pages do--and that no standard has yet been set.

*CyberCash

CyberCash's client payment software and associated encryption techniques have been approved by the US Department of Commerce for export. Offering merchants an instant international marketing and distribution tool, CyberCash is at present working with two US-based banks, Wells Fargo Bank and First of Omaha Merchant Processing, and serves as a conduit through which payments can be transported easily, safely and instantaneously between buyers, sellers and their banks. CyberCash creates "pay buttons" on a merchant's web pages so that a simple point and click can be used for payment. Working through the Secure Internet Payment Service (which features powerful encryption techniques at the core), CyberCash supports all of today's credit card and banking industry standards. CyberCash pledges to support all future systems as well.

This system enables a user with Internet access to download CyberCash's client payment software from the company's worldwide web server to a PC. This software, the CyberCash Wallet, holds credit card numbers and a VeriSign Digital ID for use in paying through the Internet. The CyberCash Wallet is provided free and is installed on the PC using a graphical interface; it stores any credit card type (Visa, American Express, etc.). When you click on the PAY button on-line, the software on the merchant server sends a special message to the user's PC which turns on the CyberCash Wallet. The user then selects a credit card in the Wallet to use for payment. Then a series of encrypted messages travel through the `Net and over conventional credit card networks connected directly to the CyberCash Bank Payment servers.

*NetCheque and NetCash

Developed by the Information Sciences Institute of the University of Southern California, NetCheque is an electronic payment system for the Internet. Registered users can write electronic checks to other users which can be sent as e-mail or as payment to services through the Internet. Once deposited, the electronic check authorizes the transfer of account balances from the account against which the check was drawn to the account to which the check was deposited. The NetCheque system's strengths are its security, reliability, scalability, and efficiency. Well-suited for clearing micro-payments, its use of conventional cryptography makes it more efficient than systems based on public key cryptography, and NetCheque will enable the creation of new Internet services that charge small fees for access to information, processing queries, and consumption of resources.

Pay Per View (PPV) is a transaction handling protocol used on the World Wide Web. PPV is built on top of ARDP and HTTP, and merchants use it to make documents available on WWW servers. PPV's Features include support for most MIME document types, real-time payment verification, flexibility of payment and transfer methods, plus encryption options for payment instruments. Once PPV is installed, the merchant server answers an HTTP request for a PPV document with a preview of the document and payment information and options. The client software then prepares payment for the actual document at the user's direction and passes it on to the merchant. Once the server receives payment, it sends the full document to the customer's WWW browser. The software developed for PPV currently accepts both NetCheque and NetCash processes.

The other component is NetCash, which is designed to provide real-time electronic payment of digital money. Designed to facilitate anonymous electronic payments over an unsecured network, NetCash removes the need for tamper-proof software by providing secure transactions where attempts at illegal creation, copying, and reuse of electronic currency could occur. Currency issued by a currency server is backed by account balances registered with NetCheque. NetCash currency servers also use the NetCheque system to clear payments across servers, and to convert electronic currency into debits and credits against customer and merchant accounts. Though payments using NetCheque originate from named accounts, with NetCash the account balances are registered in the name of the currency server, and not the end user.

Encryption and security is provided by Kerberos, a system that works by providing principals (users or services) with "tickets" they can use to identify themselves to other principals, and with secret cryptographic keys for secure communication with other principals. Each ticket consists of a sequence of a few hundred bytes, and the ticket can be embedded into almost any other network protocol, so that the identity of the principles can be verified. Kerberos is well-suited for application-level protocols such as Telnet or FTP, to provide user-to-host security. It is also used, though less frequently, as the implicit authentication system of data stream or remote procedure call (RPC) mechanisms. Kerberos' creators fully realize that it is a "one-trick pony" but Kerberos does that single trick--providing mutual authentication and secure communication between principals on an open network--extremely well. It does this by making secret keys on request and providing a means for these secret keys to be safely moved throughout the network.

*Ecash

Ecash is a software solution that works in conjunction with the Mark Twain Bank. Using Ecash is like using a virtual ATM (Automatic Teller Machine). When connecting to the "Ecash Mint" over the Internet, you authenticate ownership of your account and request the amount of Ecash you want to withdraw. Software is used to store the digital cash obtained on the hard disk of your PC. When asked to make a payment, you confirm the amount, purpose, and payee, and the Ecash software transfers the correct value in "coins" from the disk. The merchant, company, or individual the goods are bought from then has the digital coins deposited into its Ecash account.

Merchants using Ecash need a web server running on a Unix machine that supports the standard CGI-BIN interface (such as NCSA HTTPD, CERN HTTPD, APACHE HTTPD, or Netscape Communications Server. After registering, the software is installed, the Ecash account is opened, and the shop data structure and shop front ends are built.

All this is predicated on Mark Twain Bank providing a place for the money to exist: these special accounts are called WorldCurrency Access accounts. One must set up the account in the currency desired (US Dollars or otherwise).

Nippon Telegraph and Telephone

Now for a glimpse of a possible future. Recently, Nippon Telegraph and Telephone (NTT) announced that it had developed a prototype electronic cash system--one using a new, in-house developed cryptographic technique that eliminates the need for on-line purchase approval. NTT claims that their system also features assured privacy for users, which makes it more like spending cash than using credit cards. Disregarding smart cards, which NTT feels are vulnerable to card cloning and require on-line verification, NTT's system is based on public-key encryption.

The NTT card requires the user to contact the bank and provide identification, such as a PIN number. The customer account is then debited and the card credited with the money using an electronic signature, the private key. An electronic ID is also loaded into the card in a unique coded form. During a purchase, the retail computer asks for information from the card's confidential ID information, checks it against the user's public key and, if valid, the transaction is then approved immediately. Transaction records are later sent to the bank. Attempts at counterfeiting the digital money triggers a fraud record that can be detected by the bank when receiving the retailer's transaction records. NTT is confident that the user ID of any fraudulently used card can be found by cross-referencing each transaction and examining the two communication records. There are currently no plans to begin public trials.

*MasterCard and *Visa

We were all ready to write about MasterCard and Visa separately--but things have changed. Each of these companies were pursuing their own separate routes as this was going to print --with MasterCard pushing their Secure Electronic Payment Protocol (SEPP) standard, and Visa going the "Smart Card" route. But that's all history now, as the two credit card giants are joining together to create a single technical standard for safeguarding payment-card purchases made over open networks such as the Internet. Called SET (Secure Electronic Transactions), the new specification will allow both consumers and merchants to conduct bank card transactions over the Internet in a simple and secure manner.

Participants in this effort with MasterCard and Visa, which is expected to be complete by mid 1996, are GTE, IBM, Microsoft, Netscape, SAIC, Terisa Systems and VeriSign. SET will be based on specially-developed encryption technology from RSA Data Security. Testing is to begin immediately and joint efforts will also be conducted after the individual tests to ensure that SET operates smoothly. Upon conclusion of the tests, an updated version of the specification will be published for software providers.

*Web900

Web900 is a new billing system designed so that one can charge for accessing some or all of a web site through the use of a 900 telephone number. The process runs as follows. The caller accesses the information page created as the front door, receives a 7 digit system code and then is told to call a 900 number (usually consisting of two numbers to choose from; one being X, the other XX amounts). After calling the number, the user enters the 7 digit code and receives a redemption code which s/he enters in the validation form of the web site. The customer is then given access to the web pages that previously were locked.

The redemption code works by accessing a CGI application which verifies the user's redemption code against a text file of codes which have been previously downloaded from Web900's BBS. Once the code is verified, the CGI application interacts with the web site's system security and accounting mechanism.

Web900 makes payments back to the web site's owner through the mail and keeps a 20% fee for their services. Web900 will also help with writing CGI applications and HTML.

It's hard to say what will happen as companies scramble to establish "standards" while dreams of sugerbucks dance in their heads. There's no denying that MasterCard and Visa combined are powerful heavyweights. Additionally, their name value to the consumer, as well as merchants, will go a long way toward making the use of digital cash on the Internet feel more natural.



Marshal M. Rosenthal is a writer and photo-journalist based out of New York City. He can be reached at marshalr@pipeline.com.