Electronic Payments

Diverse Proposals I

• AIMP (AT&T)
• e-cash (DigiCash)
• Green Commerce (First-Virtual)
• iKP (IBM)
• MarketNet (BankNet)
• Mondex (NatWest & HKSB)
• Netscape
• NetBank & NetCash (Software Agent's Inc.)
• NetBill (CMU)
• NetCheque & NetCash (USC)

Diverse Proposals II

• NetChex
• NetMarket
• NetPay (Boston Automation)
• SIPS (CyberCash)
• SNPP (MIT)
• STT (Microsoft)
• SVC (VISA)
• Vishnu & Micropayments (Hewlett Packard)
• Web Payment System (Open Market)

Payment Models

• Cash
• Credit/Debit Instruments
• Credit Card payments

Aspects

• Policy
  • Legal
  • Ethical
  • Risk Management
• Dataflow
• Mechanism

Risks

• Authenticity
• Disclosure
• Service

Cash Schemes

• Tokens withdrawn from account prior to spending
• In principle at least one one party should not need to be on-line at time of transaction.
• Some schemes emphasize anonymity.

Cashier's Cheque

Mail Order

Credit Card by Phone

Mail Callback Loop

First Virtual

[Elections-`92, IF, NPR]

Shared Key Cryptography

NetBill, NetCheque, NetChex,

Mediated Digest Micropayments, SNPP

[Kerberos]

Public Key Cryptography

AIMS, iKP, SIPS, Vishnu

[PGP, MOSS]

Not Categorized

• Market makers
  • MarketNet (SSL + is a bank)
  • NetMarket (PGP)
  • OpenMarket (Payments switch)
• Insufficient details
  • NetPay (EDI)
• No public details
  • DEC, Microsoft, Netscape

Possible Questions of Interest

• What range of approaches is relevant?
• What are the common features of the respective dataflows?
  • What does the browser need to know?
  • How does this affect HTML?
• Could we assist integration into clients?
• Can we re-use payments technology elsewhere in the Web?

Technology Development

• X.509v3
  • Addresses `Four Corners' Issue
  • Attributes bound into certificates.
• Keyed Digest
  • e.g. MD5(k+m+k)