Task 503
AC503: Services Supporting an Electronic Marketplace
Background
The trend towards IBC will result in
a truly open electronic marketplace, comprising independent and to a
certain extent mutually distrusting parties, eg, multiple network
operators, service providers, service users. One typical example will
be an electronic publisher offering video on demand or online database
access over the IBC to anybody who pays for it. Another typical
example, motivated by the trend towards mobile computing, will be
digital payments in real shops. In this example, the payer's device
might range from a simple smart card or, better, an electronic wallet
to an arbitrarily sophisticated portable computer. All parties
involved in this electronic marketplace have their own specific
security requirements. These are implied by the well known
requirements on legal certainty and privacy. The most important
examples of services required by such an electronic marketplace are:
- a universal electronic payment system
- management of
electronic credentials
- fair exchange of electronic
documents.
A universal payment system supports multiple
electronic money issuers and multiple service providers. It is usable
in all situations (eg, offline in shops and online for paying for the
communication service itself), for all amounts, and at least in all
countries of the European Union. It satisfies the banks' security
requirements (eg, electronic money is unforgeable) as well as the
customers' requirements (eg, proofs of transactions, and at least all
low value payments can be done anonymously). Management of
electronic credentials aims at digital equivalents of, eg, driver
licenses, diplomas, and simple documents like receipts for
payments. Again, electronic credentials must be unforgeable, and the
services must protect the users' privacy. Here as with payments,
privacy includes anonymity and unlinkability; eg, a credential should
not unnecessarily reveal information about the credential holder nor
enable any links between different credentials.
Fair exchange of
electronic documents aims at all problems with a structure like a
payment in exchange for goods: the service provider should receive the
buyer's money if and only if the buyer receives the goods.
There is
a need to investigate and to demonstrate how these services can be
provided.
Objectives
- To collect the requirements
on services supporting an electronic marketplace, from a legal point
of view as well as from the point of view of all actors involved in
the marketplace
- to provide a coherent model of such a
marketplace, that is able to define the required service properties
and options, and to evaluate the functionality and security of
concrete services
- to show the feasibility of an electronic
marketplace by means of a trial
- to provide a definition and
specification of new services that can be used for
standardisation.
Technical Approach
This task should
be carried out in the context of a trial. The objectives suggest
an interdisciplinary working group with competence not only in
informatics, telematics and telecommunications but also in law,
economics, social studies. The definition of new services and of the
trial should involve public discussion. The work should use the
results gathered in related projects, eg, RACE and ESPRIT. The
security relevant parts should be subject to an external and publicly
available evaluation. The trial implementation should involve modern
cryptographic techniques, especially public key digital signatures and
unlinkable credentials. Supporting trust services, eg, directories and
certification services, will be required to handle public keys and
certificates.
Key Results
- Legal and user
requirements
- proposals for standardisation of universal digital
payment systems and credential mechanisms
- results from the trial
- contribution to ACTS Impact Assessment and Information
Window.