FRANCAIS

ABOUT THE
INTERNET SOCIETY
ISOC Mission Statement
Membership

INET'98

Track 3 Commerce and Finance

Panel: Internet Commerce - The Next Generation

David Petraitis, Price Waterhouse

Building Blocks for Electronic Commerce

Security and Confidence in Electronic Commerce: Certification Authorities   - Paper 170

Isabel HERNANDO
Universidad del País Vasco/Euskal Herriko Unibertsitatea Spain

The creation of a stable regulatory framework for new "information society" services is fundamental in a well-functioning international market. It is recognized that these new online services will become a source of economic growth and employment. However, an appropriate regulatory framework has to be put in place in order to provide an international, or at least a pan-European level playing field. One of the key elements for the development of these services, especially the online financial and business transactions, will be digital signatures.

In this paper, attention will be given to the legal aspects related to the use of digital signatures in electronic commerce, specifically those resulting from the identification and liability of certification authorities.

The objective of this paper will be to identify in this legal context the potential schemes and real obstacles and their effects resulting from differences in legal concepts and implementation in an international regulatory environment.

Payment in Electronic Commerce  - Paper 075

Philippe MICHON
France Telecom  France

With the growth of the Internet, the network evolved from a research to a commercial network. Because the Internet is perceived as being an unsecured network, people are afraid to use it for commercial transactions. The first evolution that made the Internet more secure was the use of the SSL protocol, which encrypts all the data that are present on the channel. But the SSL protocol seems to be insufficient for banks, and there are also some legal problems with cryptography in several countries. The second evolution was the work of a group composed of companies like Visa and MasterCard. They created a universal protocol called SET (Secure Electronic Transaction) to use cards on the open network. This protocol has been accepted worldwide.

What is the French situation for the use of cards for electronic and face-to-face commerce? There are two distinctive features. The first one is the fact that the customer has been using a Minitel, for ten years, to purchase goods and services (weather forecast, newspaper information, timetable of trains and planes). In the French Minitel network, people are charged on their telephone bills for very small amounts (micropayments). For bigger amounts, the card is used in two ways: the secured way (inserting the card in the inside card reader) or the less secured way (giving the number and expiration date of the card). The second feature began in the 1980s. In this case the customer uses his card for payment in a face-to-face purchase: he inserts his card in the card reader of the merchant and enters his PIN code; the code is verified inside the smart card; if the code is correct, the card signs the transaction and creates a "French Payment Certificate."

With the rise of the Internet, the French bank community wants to build on this situation and needs to adapt the SET protocol. For this reason, a consortium has been created: eComm -- Electronic Commerce Consortium. The Consortium is composed of six members: three famous French banks (Banque Nationale de Paris, Société Générale, and Credit Lyonnais), Visa International, Gemplus (a card and card reader manufacturer), and France Telecom. The consortium has two different projects: the first one concerns the regular payment (for purchases above 50 francs) and the second concerns the micropayment.

First project: eComm phase I-a. The pilot of the first project will begin in December 1997 in France. As in the SET protocol, we have three actors -- the merchant, the gateway, and the customer -- but in our version, the customer has a card reader in his personal computer to increase the security. The merchant software is standard SET software; this means that the merchant can use, for example, American software. The cardholder must use a special wallet to take advantage of the smart card. The gateway is also modified to verify the French Payment Certificate. The steps are as follows:

The customer follows a link on the merchant Web server. The wallet, if the customer has an eComm certificate, asks the cardholder to insert his card and to enter his PIN code. The PIN code is verified inside the card; if it's correct, the smart card creates a French Payment Certificate. This certificate is carried in the SET protocol to the gateway, which is able to verify it. The merchant can't do that.

Second project: eComm phase I-b, on the micropayment. The second project will begin in April 1998. The main idea is to use a postpaid card method. In the project we will use four actors: the customer, the merchant, the intermediary, and the gateway. The intermediary manages the asset. We call it "Open to Buy" (OTB): it's an amount (for example, 100 or 200 francs) that the issuer bank authorizes to the client. The micropayment steps are the following:

The customer follows a link on a merchant Web server. The wallet contacts the intermediary, which verifies the signatures and the OTB. If all is correct, the intermediary returns an acknowledgement to the wallet. If the OTB is insufficient, the intermediary triggers an SET transaction as a pseudo merchant with the flag NO-CAPTURE to use a standard SET function to obtain an authorization. The intermediary obtains the result of the bank network and if the result is accepted, it stores the amount as a new OTB and clears up the older purchases from the old OTB, subtracts the amount of the payment from the new OTB, and returns an acknowledgment to the wallet. When the wallet receives an acknowledgment, it forwards it for the delivery.

A Web server (http://www.e-comm.fr) is now open to give information about the consortium and the different projects:

For the future, we are planning new evolutions. For the regular payment phase II-a, we will use the protocol that results from the SET and EMV. For the micropayment phase II-b, we will use the French Electronic Purse.

Business Negotiations on the Internet - Paper 391

Manoj KUMAR
Stuart I. FELDMAN
IBM T.J. Watson Research Center USA

In this paper we explain the commonality in the structure of different price negotiation mechanisms such as fixed-price sales, various forms of auctions, and brokerages. We then discuss the various kinds of auctions. Next we describe the steps of an auction process and the functionality required in each step. Finally, we briefly present the design elements of a generic auction application.

Return to Abstracts by Tracks

Return to INET'98 Programs

Document Architectures and Their Applications

The Internet and EDI  - Paper 416

Dick RAMAN
EDI-TIE B.V.  Netherlands

There is quite a lot being written and said these days about the Internet and electronic commerce. What's surprising about this is that no one ever mentions electronic data interchange (EDI) in these discussions, while just about all the large and medium-sized companies have been doing business with each other electronically for years via EDI. It seems as though the Internet world has no idea what EDI really is and what it can mean for electronic commerce.

In nearly all the material published about the information superhighway, the focus is exclusively on how consumers will sooner or later be able to obtain every possible product and service electronically without having to leave home. One never hears of the trouble that companies will have to go through to deliver them. Speculation runs wild over how much companies will have to invest in order to make it technically possible for consumers to take advantage of these services, but no one says anything about how companies will have to relate with one another in order to operate efficiently on the "highway."

It's high time that the EDI organizations in the world let their voices be heard and make clear that EDI is actually the backbone of electronic commerce.

Historical Perspective for the Foundation of Internet-based EDI  - Paper 059

Kenneth W. COPELAND
U.S. Department of Veterans Affairs and Southwest Texas State University USA

C. Jinshong HWANG
Southwest Texas State University USA

This paper continues the work of the authors in addressing Electronic Data Interchange (EDI) and its implementation on the Internet that was started by the publication of two papers, "Electronic Data Interchange: Concepts and Effects" and "Third Generation Web Applications, Full Service Intranets, EDI -- The Fully Integrated Business Model for Electronic Commerce," which were presented at INET'97 and published in the proceedings of that conference.

This paper takes a look at the protocol and specification work done by the first EDI working group of the Internet Engineering Task Force (IETF). The work is significant both from the aspect that a start was made in marrying the two technological areas (EDI and the Internet) and from the aspect that the working group died from the inability to make progress on the second of the two deliverables, the EDI usage document.

The EDI working group of the IETF started their e-mail list in December of 1993 and the discussion of EDI on the Internet began with a bang. The first IETF meeting on EDI was held as a Birds of a Feather (BOF) session at the March 1994 meeting in Seattle, Washington. The EDI BOF decided that the initial work that needed to be accomplished was the Multipurpose Internet Mail Extensions (MIME) Content-Type definitions and an EDI-over-the Internet Usage document. A clear consensus was obtained to pursue a charter and continue work as a formally chartered working group.

The original charter called for two deliverables: "specification for the carriage of various EDI content via MIME-based e-mail, and a discussion document, considering issues in the use of EDI over the Internet. The usage document will cover such issues as addressing and security."

The working group decided that two other items were important: 1) specification of EDI routing information and 2) specification of mappings between Internet-based and X-400-based EDI. These two items would, however, be deferred and recommended to be done at a later time.

Over the course of the next 22 months, the working group did produce a specification for encapsulating EDI within MIME objects. This was the only technical specification produced and although technically trivial, was completely successful and is now a standard. Agreement could not be reached on content for a usage document, however, and this document never was produced.

By April 1995, the work on the usage document had made little progress and this lack of progress eventually doomed the working group to be disbanded. A second informational document entitled "EDI meets the Internet: Frequently Asked Questions about Electronic Data Interchange (EDI) on the Internet " was produced as an informational request for comments (RFC) and final publication occurred in January 1996.

Merging of EDI Security Requirements with Internet Security Technologies - Paper 060

Kenneth W. COPELAND
U.S. Department of Veterans Affairs and Southwest Texas State University USA

C. Jinshong HWANG
Southwest Texas State University USA

This paper looks at the current state of protocols and standards for doing Electronic Data Interchange (EDI) over the Internet. The paper examines the work done by the second EDI working group of the Internet Engineering Task Force (IETF) as well as the work they are intending to do. The paper is significant because it allows the reader to come abreast of the latest developments in Internet protocols relating to EDI as well as learn the direction that the protocols and specifications are heading in the near term.

In February 1996 an e-mail Birds of a Feather (BOF) session was started which resurrected EDI as a topic within the IETF. The death of the previous EDI working group was not for lack of interest, but more for lack of consensus on how to proceed. The new BOF became chartered as the Electronic Data Interchange - Internet Integration (EDIINT) working group.

The paper also discusses the IETF meetings that have occurred over the life of the working group and the status of the deliverables over this timeline.

Then the Internet drafts that have been produced by the working group are discussed with particular emphasis on the requirements for accomplishing EDI over the Internet. Included is a model of the process flow for accomplishing the required security to do EDI over the Internet.

"Requirements for Inter-operable Internet EDI" was the first Internet draft produced by the EDIINT working group. This document is a functional specification, discussing the requirements for inter-operable EDI, with sufficient background material to give an explanation for the EDI community of the Internet and security-related issues.

The second Internet draft, produced by the working group, describes how to securely exchange EDI documents using MIME and public key cryptography. The document entitled "MIME-based Secure EDI" is briefly examined and discussed.

Finally, the paper briefly mentions the third Internet draft, which the working group has produced, entitled "HTTP Transport for Secure EDI." This document describes how to exchange EDI documents securely using HTTP transport for EDI data that is packaged in MIME messages using public key security body parts.

The Future of Information Management in the U.S. Intelligence Community  - Paper 120

Frederick Thomas MARTIN
National Security Agency USA

This paper will describe the future of information management within the various organizations and agencies that collectively are known as the US intelligence community, including the CIA, NSA, DIA, and the now declassified NRO. The intelligence community of the US government recently confirmed that its budget -- kept secret as classified information in all 50 previous years since its inception -- totaled $26.6 billion dollars last year. Because most of these funds are spent on providing information, the central focus of this paper will address what the US intelligence community believes to be the "information revolution" of the third millennium. This paper will provide an explanation of the possible role and impact that the Information Technology Management Reform Act (ITMRA), passed by Congress in August 1996, will have on the future of information within the intelligence community and how that relates to Internet and intranet working professionals. It will describe the transition to Web-centric electronic publishing of our nation's intelligence reports, known as "finished intelligence," into an integrated information space. Describing the future, this paper will explore the concept of a more "agile" intelligence enterprise, giving us insight into how the US intelligence community plans to achieve its goal of an electronically networked environment for the production and exchange of intelligence, a goal deemed absolutely essential to national security in the 21st century.

Perhaps the greatest paradigm shift in modern intelligence production is the transition to Web-centric, electronic publishing of our nation's intelligence reports. As a result, there is much effort now being devoted within the government to addressing a number of electronic publishing concerns. Sharing the results of several successful projects, this paper will take a look at a number of these concerns, including the issue of implementing "push" technology and the debate in many enterprises today over the appropriate roles for standards such as SGML and the role of new emerging standards such as XML. Examples will include specific applications taken from the National Security Agency, the Office of Naval Intelligence, the National Imagery and Mapping Agency, and the Joint Intelligence Center, Pacific. These success stories have direct application to the organization or business today faced with the production and distribution of large volumes of documents, which describes virtually all businesses today!

The paper will also provide us with a look into the future: how does the US intelligence community plan to implement all of the information management improvements that it is working so hard on? We can begin to answer this with an examination of the underlying carriage to all of the information management improvements of the US intelligence community and a glimpse at the real future of the world of intelligence: the concept of "virtual intelligence." What will the world of virtual intelligence really look like?

To answer this, we will examine the idea of a more "agile" intelligence enterprise, as envisioned by Dr. Ruth David, the current CIA deputy director for science and technology. This paper will explain that vision, including the perceived problems, security issues, and management challenges. The "agile" intelligence enterprise concept, combined with architectural, security, and other standards applied to the existing and planned telecommunications infrastructure, represents the primary components of one of the US intelligence community's most important goals.

Return to Abstracts by Tracks

Return to INET'98 Programs

Types of Internet Business

The Internet and the Small Business - Paper 006

A. LYMER
University of Birmingham United Kingdom

R. JOHNSON
IBM (UK) plc United Kingdom

A. BALDWIN
Florida International University USA

This paper is taken from a study of the use Information Technology in a range of small and medium sized businesses in the UK and elsewhere during late 1996 and early 1997. It focuses on the impacts brought about in these businesses by the introduction of the Internet. In particular, this paper describes the construction of an impacts model built as a part of this research that enables a structured approach to cross business analysis of impact. It describes two cases of application of the model in real businesses and gives some details of other cases undertaken and of the findings of the wider study that are useful to those considering or assessing the use of the Internet in commercial environments. The paper also gives some details of future research that is being undertaken to extend the understanding of business impact of this technology in the small business sector.

A number of issues arose from this research that will be appropriate for further discussion and research work. These issues include:

the nature of the Internet environment most suited to small business operations
implementation issues of incorporating the Internet into a working small business
the possibilities for integration of the Internet with existing systems in the business the perspective necessary for success in managing Internet impacts in small businesses
the measuring and assessment of business impacts of changing systems support and consultancy requirements during and after system change planning for future business impacts of Internet technology.

Virtual and Real Communities: A Taxonomy of Net Strategies - Paper 142

Llorenç PAGES CASAS
Barcelona Internet Strategies Spain

Improving customer relationships is one of the theoretic benefits that companies hope to reach through their presence on the Internet. But, as surveys show, this is not so easy. This paper is intended to explain some keys to achieve it.

Advertising, Promotion and Sale of Medical Products Across Borders Using the Internet - Paper 337

Martijn TEN HAM
World Health Organization Switzerland

Marketing of medical products is covered by a number of regulations in order to ensure their safe and rational use. Safety, efficacy, and quality of medical products require careful technical assessment of scientific documentation and in many countries such products require marketing authorization.

Most countries allow promotion of prescription medical products only in the professional media and directed to the health professionals, not to the consumers.

With the advent of electronic information systems, in particular the Internet, information about all kinds of medical products has become accessible to the public.

The use of the Internet for promotion and sales of medical products is expanding rapidly, and the consequences of these activities for individual and public health are significant. It is important to address issues regarding the promotion and sale of medical products through the Internet as soon as possible in order to avoid unregulated situations with potential harmful outcomes.

Consumers and patients can buy medical products over the Internet and have them mailed to their home. Consumer protection may be undermined because there is no assurance of efficacy, safety, quality, or proper information for products that have not been licensed for marketing. Even if the medicinal products themselves may not be dangerous, consumers may compromise their health by not seeking proper medical treatment from a qualified health professional.

Medical products promoted and sold over the Internet do not meet product quality standards if they are not sold by authorized distributors. First, the stability and integrity of the product may be jeopardized if the product is shipped without proper packaging and handling. Second, tampering may become more of a concern if products are shipped to consumers without proper precautions.

For proper prescription, the physician carries out a careful examination and obtains some basic information about the patient, including concurrent disease and any other medication he or she is taking. Uncontrolled use of strong-acting pharmaceuticals may be associated with adverse effects that are not recognized and with interaction with other prescription or nonprescription medication or with food components.

In many countries, pharmacists have a very important role in providing information to the patient about prescription medical products and managing the prescription process for patients. Sale of prescription medical products over the Internet to patients leaves the pharmacist out of the pharmacotherapeutic treatment process.

Information on the Internet for health care professionals is also available to the public, unless the Web site contains a password-protected area for professionals only. Although in some countries all product information for consumers must be provided by a health care professional, including pharmacists, in other countries the Internet has proven to be a good source of product information or even a viable way to promote to consumers. Although patients can receive counseling from their health care providers, they can also use the Internet to look up information about the products they use. The quality of that information cannot be guaranteed, however, so that any medical product information received through the Internet should be compared with counseling from a health care professional.

It is technically impossible to prevent people from putting anything they want, including promotional material for medical products, on the Internet. Complete control of electronic information transport is unrealistic, and probably undesirable, but some understandable and reasonable measures should be taken to limit misuse of the Internet.

Any individual, company, or enterprise using the Internet for promotion or sale of medical products should be required to be authorized by the local authorities. The authorities should maintain a register of such authorizations which is easily accessible through the Internet.

To avoid receiving insufficient or incorrect information or fraudulent products through the Internet, any Internet user must be able to verify and identify the person or institution responsible for the information.

Codes such as The WHO Ethical Criteria for Medicinal Drug Promotion would also provide guidance for the quality of the information provided on the Internet. Several parties have proposed core standards for information to be provided on the Internet. In general they are straightforward and not too difficult to adhere to. They include authorship, attribution, disclosure of any financial arrangements, and dates, including updates. Other code principles, such as the Health on the Net code, are more specific for medical products and require supportive evidence for any claims, together with information sources, and, importantly, a clear statement which countries or state laws apply to the information and the product. One could give those providers of information that have their material satisfactorily checked against the code the right to carry a logo on their output.

It is not possible to prevent individuals from putting information on the Internet. It may be feasible to close servers and access providers who pass violative information on to potential customers, but several practical problems arise.

It would be useful to know the volume of their sales and how often "common" patients are involved. International exchange of information between relevant parties would save work and enable rapid international action.

Possibly the best place for control is at the receiving end. Professional societies should inform, through the medical press, their members of the dangers of uncontrolled sales of nonregulated medical products. Physicians should inform their patients about the possibility of obtaining medical products through the Internet, but also indicate the risks associated with this practice. The existence and meaning of the logo should be explained.

A positive step would be for governments to start promotion campaigns, both over the Internet and in the classic media, to increase awareness of potential problems.

Return to Abstracts by Tracks

Return to INET'98 Programs

Commerce Issues for Internet Service Providers

Internet Service Providers in Canada - Paper 413

Catherine PETERS
Marc LEE
Industry Canada Canada

This paper, using newly collected statistics, examines the Internet service provider (ISP) industry in Canada. The paper explores the range of products and services offered by the different firms to determine whether ISPs are profitable and what their financial records look like and to identify the characteristics of successful firms and some of the important issues for the future growth and development of the sector.

Charging and Accounting for Integrated Internet Services - Paper 449

Burkhard STILLER
George FANKHAUSER
Bernhard PLATTNER
Nathalie WEILER
Swiss Federal Institute of Technology Switzerland

Today's information society bears a stringent need for advanced communication services and content. Although solutions for methods of charging and accounting of single-service networks exist and are applied successfully, integrated-services networks require a completely different approach. Charging and accounting for the future Internet remain unsolved problems for the time being. This is due to a variety of service characterizations by quality of service (QoS) and the fact that the shape of the integrated-services Internet is still not fully defined. In addition, a highly competitive telecommunication service provider market requires dynamic pricing schemes for integrated multiservice networks in order to deal with basic bandwidth allocation and advanced QoS services. Based on basic terminology and general economic models, an investigation of best-effort and integrated-services Internet characteristics in terms of suitable, applicable, or existent solutions and approaches for charging and accounting methods is provided. Using these ideas being developed in research trends are sketched for the upcoming third and fourth phase of Internet development which will be strongly influenced by economic elements.

The Network is the Market: Financing Internet Bandwidth - Paper 076

The nineteen-hour shutdown of America Online (AOL) on Wednesday, 7 August 1996, brought home to many decision makers the challenge of matching public expectations of speed and reliability to the underlying telecomms infrastructure upon which the Internet runs. Basically speaking, unless large users can effectively fix the speed, reliability, and cost -- without having to build or lease infrastructure -- of Internet bandwidth, it is dubious that many of the extravagant claims of interactive commerce or entertainment can be realized. Such content or service providers will be in the same position as an airline that cannot fix its fuel cost but tries to compete nonetheless.

But if we apply some of the characteristics of how we supply fossil fuel energy to telecomms resources, several things become clear. There is no public forum where producers and consumers of bandwidth can effectively fix future prices. There is an effectively "closed" market for bandwidth, dominated by telecomms operators, where large users must either build their own infrastructure, lease telecomms lines, or try to bargain for the best deal from network providers.

This is changing slowly through competition and the introduction of still embryonic forums for trading telecomms capacity. This paper will explore some of the possibilities for writing financial contracts that can be traded publicly where the underlying asset is bandwidth. It will draw from previous research on the conceptual basis of bandwidth trading and then highlight actual developments in the City of London.

There are two main reasons to trade bandwidth: (1) to hedge risk; and (2) to speculate on price changes. Hedgers and speculators in such a commodity can unlock the real costs of communications for electronic markets. These actors need not be telecomms operators, just as investment banks that trade petroleum futures do not own filling stations. Instead, we are talking about investors who are assuming the risk of price movements in order to control a resource that underlies an economic paradigm. In that sense, the management of a bandwidth-based derivative such as a future or an option need not be different from that of any other financial contract.

This paper will concentrate on specific examples from Europe where the European Virtual Private Network Users Association (EVUA) has launched an organizational shell to buy bulk capacity on behalf of the EVUA membership. It will also track the development of telecomms arbitrage operations as well as dedicated bandwidth brokerages such as Band-X, which is developing a spot market for international minutes while publishing an index of international outbound prices. Between these efforts, certain important pieces for constructing public markets for bandwidth capacity are slowly emerging.

The aim of this paper will be to highlight for an interdisciplinary audience some of the constraints at work when attempting to "price" bandwidth, show how the Internet is impacting the traditional model, and introduce some of the possibilities for network-based financial instruments with real examp

Return to Abstracts by Tracks

Return to INET'98 Programs

Financial Issues in Electronic Commerce

Supervision and Regulation of Network Banks - Paper 047

Aleksander BERENTSEN
University of Bern Switzerland

Public computer networks, in particular the Internet, have the potential to transform the financial services sector by providing a fast, cheap way to sell financial services. Low setup costs and the transnationality of the Internet could remove significant barriers to entry in the financial services industry. Cross-border provision of services and the high mobility of network banks could challenge the ability of national and international authorities to establish and enforce banking regulations. This paper considers the supervision and regulation of banks providing financial services on public computer networks for the mass retail market, i.e., deposit taking and lending of money on retail and small- and medium-size company markets.

Digital Money and Monetary Control - Paper 048

Aleksander BERENTSEN
University of Bern  Switzerland

This paper considers the implications of digital money for monetary control. For this purpose, it first investigates the potential of digital money to replace central bank currency. Considering its characteristics only, digital money could eventually become the dominant payment instrument for small value payments. The main obstacles to its success, however, are network externalities. These externalities are discussed in a simple game-theoretic model in which buyers and sellers decide whether to use digital money or central bank currency for payments. The paper then studies the implications of a complete replacement of central bank currency. Here, the main problems for central banks are the loss of seigniorage income and the nontrivial reduction of total liabilities and assets, which adversely affect monetary control. It ends with a discussion of the measures that central banks can take to prevent these developments.

New Opportunities for Financial Information Services

Pretense: A New Threat to Electronic Settlement Systems - Paper 362

Shinsuke MIWA
Yoichi SHINODA
Japan Advanced Institute of Science and Technology Japan

This paper proposes that a new threat to electronic settlement systems has developed. Various electronic settlement systems such as secure credit card payment systems, electronic caches, and electronic checks do exist, and in order for a payment to be made correctly, these systems must communicate correct information about the payment to correct peers. However, on open network systems, the correct peer may not always be designated. That is, when a peer is being designated, before two-way authentication can take place, a malicious entity can give false information that can designate the entity as a payee. Notice that because the misdesignation occurs even before the two-way authentication is to take place, the existing electronic settlement systems cannot prevent this situation. This new type of threat to electronic settlement systems is named "pretense" in this paper. Characteristics of pretense are explored, and two improvements for electronic settlement systems to resist this threat are proposed.

Panel: The Internet and Global Capital Markets

Return to Abstracts by Tracks

Return to INET'98 Programs