Readings in Electronic Commerce

• edited by Ravi Kalakota, Andrew B. Whinston; Addison-Wesley, 1997
• EC World online: A Forum for the 21st Century
• Ch. 1: An Unaffiliated View of Internet Commerce by David H. Crocker
  • Internet will be global conveyor of ecommerce, because of: scaling, security, management
  • Connectivity = on: full-time, connect at will, client, mediated, messaging
  • sealing = privacy, signing = authentication, nonrepudiation = trusted intermediary (3rd party, logging actions of buyer/seller)
  • Digital transactions require: integrity, authenticity, privacy
  • Account-card services involve merchants, buyers, clearinghouse (issuing and acquiring banks); processes include: identifying participants, creation of authentification instruments, avoiding unauthorized (fraudulent) uses
  • Transaction schemes: in the clear (not advised), clear but with secret Ids, ID confirm (see First Virtual), secure link, mediated
  • Payment Companies
    • CommerceNet
    • CyberCash
    • DigiCash
    • First Virtual Holdings
    • MasterCard
    • Microsoft
    • NetMarket
    • Netscape
    • Open Market
    • Visa
  • RSA Data Security, Inc.
• Ch. 4: Electronic Commerce: A Washington Perspective, by James B. Rapp
  • late 1993, Clinton admin. launched National Information Infrastructure (NII), led by National Telecommunications Information Administration (NTIA) and Information Infrastructure Task Force (IITF). See National Information Infrastructure --- Agenda for Action: Washington, D.C., Sept. 15, 1993.
  • late 1995, Congress followed, with Internet Task Force and Congressional Technology Working Group
  • copyright / IPR - see U.S. Dept. of Commerce NTIA. Report on Intellectual Property and the National Information Infrastructure: Washington, D.C., Sept. 1995.
  • privacy - see U.S. Dept. of Commerce NTIA.Privacy and the NII: Safeguarding Telecommunications-Related Personal Information: Washington, D.C., Oct. 23, 1995.
  • international - China - ISPs registering - see V. Walt. The Internet Meets the Thought Police. Wall Street Journal Interactive Edition : May 4, 1996
  • labor - replace travel agents - see J. Levre. On-Line Airlines Bode Ill for Travel Agents. New York Times: May 2, 1996
  • consumer protection - against scam artists - see U.S. Federal Trade Commission. Online Scams: Road Hazards on the Information Superhighway: Washington, D.C., 1995.
  • cryptography - key management - see EPIC Analysis of Administration Crypto Policy Paper. Electronic Privacy Information Center (EPIC): May 1996.
  • technology transfer - Technology Reinvestment Fund (TRP) including DoD - supported CommerceNet, 1996.
• Ch. 5: International Encryption Policy, by Dorothy Denning
  • Intro: encrypted GII, export control on encryption technology, archiving/escrowing keys with trusted third parties (TTPs), key management infrastructure
  • Initiatives: Clipper - 1993 - escrow mechanism independent of any key management infrastructure - see D. Denning and M. Smid. Key Escrowing Today. IEEE Comm. 32 (9): 58-68, Sept. 1994; Canada - Nortel Entrust with optional key escrow; International Cryptography Experiment (ICE)
  • Key Escrow: overview - see D. Denning and D. Branstad. A Taxonomy of Key Escrow Encryption. CACM 39 (3): 34-40, March 1996, certificate authority, key holders, agents, data recovery, mutual assistance agreements between countries
  • Obstacles to key escrow: arguments over export controls on encryption, acceptability / risk, unescrowed methods - e.g., PGP (Pretty Good Privacy), NRC study
• Ch. 6: The Essential Role of Trusted Third Parties in Electronic Commerce, by A. Michael Froomkin
  • Introductory Commentary, History and Current Status of the Utah Act (Digital Signature)
  • ABA Draft Digital Signature Guidelines - American Bar Association
  • Anonymizer FAQ
  • deducing physical location of machine on Internet - in Zen and the Art of Internet, 1992, by B. Kehoe
  • selling anonymous Web pages - Community ConneXion, the Internet Privacy Provider
  • digital signatures, hashing, to detect forgery - Paul Fahn, RSA Laboratories, Answers to Frequently Asked Questions about Today's Cryptography 2.13, 1993
  • PGP encryption system - see Philip Zimmermann, PGP User's Guide Vol I: Essential Topics, Oct. 11, 1994
  • CAs: Sun; Internet PCA Registration Authority Root Key Info.; Netscape Test CA
  • identifying certificates: VeriSign, Class 1 Digital IDs; Class 2; Class 3; Class 4
  • authorizing certificates - e.g., anonymous credentialing to over 18 - see Validate
  • T. Barassi, The CyberNotary: Public Key Registration and Certification and Authentication of International Legal Transactions
  • digital time-stamping services - Digital Notary - Surety Technologies
  • list of buyer's desires - see M. Bellare et al. A Family of Secure Electronic Payment Protocols - July 12, 1995
  • charge tiny amount to access WWW pages - see Arnold Kling. Banking on the Internet
  • credit card systems handle large charges - see
  • microtransactions - see S. Glassman et al. The Millicent Protocol for Inexpensive Electronic Commerce and R. Rivest and A. Shamir. Payword and MicroMint: Two Simple Micropayment Schemes
  • smart cards - see D. Chaum. Prepaid Smart Card Techniques: A Brief Introduction and Comparison
  • electronic cash - see D. Chaum. Achieving Electronic Privacy, Sci. Am., Aug. 1992 and Ecash
  • anonymous credit card - see Vaxbuster. Safe and Easy Charging. 4 Phrack Issue 44, File 20
  • difficulties - delay in discovery loss of digital signature B. Wright. Eggs in Baskets: Distributing the Risks of Electronic Signatures
• Ch. 7: Perils and Pitfalls of Practical Internet Commerce: The Lessons of First Virtual's First Year, by N. Borenstein et al.
  • extended version of chapter
  • First Virtual
  • funded development of PGP-telnet
  • to process a transaction, look up buyer's VirtualPIN (account ID) in its database, find his email address, ask buyer to confirm validity
  • lessons: organizational issues, need for Internet intermediary, security and administration, customer service, myths and realities of cryptography
• Ch. 9: A Flexible Framework for Network Payment, by B. Neuman
  • B. Neuman and G. Medvinsky. Requirements for Network Payment: The NetCheque Perspective. In Proc. IEEE Compcon 95, March 1995 - seeNetCheque homepage
  • NetCash - see G. Medvinsky and B. Neuman. NetCash: A Design for Practical Electronic Currency on the Internet. In Proc. First ACM Conf. on Computer and Communications Security, ACM Press, Nov. 1993.
  • payment models:
    • secure presentation - e.g., Netscape SSL - see specs; SET - see Secure Electronic Transaction (SET) Specification; SHTTP - secure hypertext transfer protocol - see E. Rescorla and A. Schiffman. The Secure Hypertext Transfer Protocol; and CyberCash - see site
    • electronic currency - e.g., NetCash; DigiCash - see D. Chaum. Achieving Electronic Privacy. Sci. American 267, 96-101, Aug. 1992; Mondex - site
    • credit debit - e.g., NetCheque, NetBill, First Virtual InfoCommerce, direct transfer
    • collection agent - e.g., OpenMarket payment switch - see D. Gifford et al. Payment Switches for Open Networks. In Proc. IEEE Compcon 95, March 1995
  • perspectives: merchant, customer, financial service provider (risk manager)
  • characteristics: security, reliability, scalability, anonymity (such as is provided by cash purchases but that may lead to fraud), acceptability, customer base, flexibility, convertability, performance efficiency, economic efficiency, ease of use