Task 503

AC503: Services Supporting an Electronic Marketplace


The trend towards IBC will result in a truly open electronic marketplace, comprising independent and to a certain extent mutually distrusting parties, eg, multiple network operators, service providers, service users. One typical example will be an electronic publisher offering video on demand or online database access over the IBC to anybody who pays for it. Another typical example, motivated by the trend towards mobile computing, will be digital payments in real shops. In this example, the payer's device might range from a simple smart card or, better, an electronic wallet to an arbitrarily sophisticated portable computer.

All parties involved in this electronic marketplace have their own specific security requirements. These are implied by the well known requirements on legal certainty and privacy. The most important examples of services required by such an electronic marketplace are:

A universal payment system supports multiple electronic money issuers and multiple service providers. It is usable in all situations (eg, offline in shops and online for paying for the communication service itself), for all amounts, and at least in all countries of the European Union. It satisfies the banks' security requirements (eg, electronic money is unforgeable) as well as the customers' requirements (eg, proofs of transactions, and at least all low value payments can be done anonymously).

Management of electronic credentials aims at digital equivalents of, eg, driver licenses, diplomas, and simple documents like receipts for payments. Again, electronic credentials must be unforgeable, and the services must protect the users' privacy. Here as with payments, privacy includes anonymity and unlinkability; eg, a credential should not unnecessarily reveal information about the credential holder nor enable any links between different credentials.

Fair exchange of electronic documents aims at all problems with a structure like a payment in exchange for goods: the service provider should receive the buyer's money if and only if the buyer receives the goods.

There is a need to investigate and to demonstrate how these services can be provided.


Technical Approach

This task should be carried out in the context of a trial.

The objectives suggest an interdisciplinary working group with competence not only in informatics, telematics and telecommunications but also in law, economics, social studies. The definition of new services and of the trial should involve public discussion. The work should use the results gathered in related projects, eg, RACE and ESPRIT. The security relevant parts should be subject to an external and publicly available evaluation. The trial implementation should involve modern cryptographic techniques, especially public key digital signatures and unlinkable credentials. Supporting trust services, eg, directories and certification services, will be required to handle public keys and certificates.

Key Results