Posted by arlene

The proliferation of incompatible payment systems creates difficulties for all concerned — users, service suppliers, financial institutions, and regulatory bodies. History has shown repeatedly that the expansion of commerce requires a stable and uniform environment. Yet, in a single aspect of electronic commerce such as electronic purses, there are more than 20 commercialized schemes in Western Europe alone, which shows that the environment is highly unstable. The various offers differ at the level of the protocol used, the security services, the cryptographic algorithms, the number of recognized currencies, the magnitude of the amounts involved per transaction, the inherent costs of a transaction, etc. This situation has spurred several initiatives to harmonize the various approaches with the aim of establishing common service platforms.

This presents the European programs SEMPER (Secure Electronic Marketplace for Europe) and CAFE (Conditional Access for Europe), as well as JEPI (Joint Electronic Payment Initiative), which the World Wide Web Consortium (W3C) and CommerceNet co-sponsor. Finally, field applications that aim at integrating bank cards with merchant cards through informatics are discussed.

SEMPER

SEMPER was sponsored by the Directorate General XIII of the European Commission as part of the ACTS (Advanced Communication Technologies and Services) project. It was conducted by a consortium of about 20 companies, financial institutions, and European universities, with project management by IBM France and technical leadership of IBM research laboratories in Zurich.

The aim of SEMPER was to address the various aspects, be they legal, commercial, social, or technical, of electronic commerce over insecure networks. From a technical viewpoint, this means that the open and secure access to the Web should be independent of the network architecture, operation system, peripheral equipment (smart card or computer), and software utilized. The openness of the architecture in this context means not only that it is nonproprietary, but also that it can evolve smoothly by addition of new components in the form of plug-ins. In other words, the operating principle is to hide the particularities of the various methods of electronic payment through specific application programming interfaces (APIs), thereby giving the end user the ability to make the desired payment in a transparent manner.

SEMPER ARCHITECTURE

The designers of SEMPER selected an architecture in four layers, as shown in Figure 14.1: the business layer, exchange layer, transfer layer, and supporting services layer.

The business layer deals with the details of the business sessions, such as ordering items, payment instructions, signatures, etc.

The exchange layer is responsible for establishing dialogs among the various entities: debtor, creditor, issuing and acquiring institutions, and, if needed, arbiter, notary, or trusted third party. The underpinning of SEMPER is fair exchange. Each party must be ensured that the transaction is reciprocal, i.e., that each party will receive something in return for a value that is sent, as specified in the agreement reached.

The transfer layer uses containers to transmit and receive information (signed documents or payments) originating from, or destined for, higher layers on the basis of associated security attributes. This layer consists of three distinct blocks for the functions of certification, verification of the statements (such as signature), and payment. These blocks are called, respectively, the certification block, statement block, and payment block (Figure 14.2). Separation of the various roles permits smooth adaptation of the architecture to the chosen method of payment, without disturbing the whole structure. The transfer manager is in charge of the syntactic analysis of the message arriving from the exchange layer before directing it to the corresponding block. In the reverse direction, it fills the message headers before sending them to the appropriate network (the Internet or the bank network). The certification block verifies and authenticates the parameters of the client or of the financial institution. SEMPER distinguishes among three types of certificates:

— Identification certificates that establish a link between a physical entity and the public key contained in the certificate

— Authorization certificates that associate a given attribute to a physical entity

— Hybrid certificates that combine the characteristics of the two preceding certificates

The certification authority for the SEMPER project was the Society for Mathematics and Data Processing GMD (Gesellschaft fur Mathematik and Datenverarbeitung) in Darmstadt. The payment block establishes the correspondence between the payment messages on the Internet side and those on the banking network side.

Finally, the supporting services layer offers to all the other layers the various security services (confidentiality, authentication, etc.), communication services, archival services, interfaces with the user, access control, time-stamping services, etc. The archival services allow the verification of the correct functioning of the whole system, for example, to detect double spending of digital money, to facilitate recovery following a crash, or to meet legal requirements. Time-stamping is a tool for nonrepudiation services or for retransmitting delayed or lost messages.

Possibly related posts: (automatically generated)
Platforms and Convergence Digital Payment Systems (SEMPER)

• Platforms and Convergence Digital Payment Systems (SEMPER) continue...
• Platforms and Convergence Digital Payment Systems (JEPI)
• Platforms and Convergence Digital Payment Systems (CAFE)
• Electronic Commerce Payment Concern
• Web Technology & Ecommerce Online Solutions
• Ecommerce revolution, Online Marketing
• Electronic Commerce, Ecommerce, Network and Internet Payment part 2
• Digital Legal Liabilities
• Electronic Commerce, Ecommerce, Network and Internet Payment part 1
• Which means of payment?