Innovative Secure Payments on the Internet using the German Electronic Purse

Brigitte Althen Gerd Enste Dr Brigitte Nebelung debis Systemhaus GEI

IT-Security Branch Oxfordstr 12- 16 D-53 1 1 1 Bonn Germany

Abstract

In this paper an innovative and secure method for pay- ments on the Internet is described which uses the German electronic purse

We describe how the method of payment using the Ger- man electronic purse is used today at ofline terminals at the merchants site The security mechanisms of the payment system are described in detail We discuss the adaption of this method towards secure payments on the Intemet

1 The principles of the German electronic purse

11 The eurocheque card with chip

In late March 1996 the German banlung community has launched a field test of their eurocheque card with chip in a town in the south of Germany

The eurocheque card is a debit card used for payments by nearly 50 Mio Germans Until today it carries a mag- netic stripe The new eurocheque card with chip is a smartcard which provides means not only for storage of data but also for performing computations

The eurocheque card with chip (see [ 131) provides an I S 0 7816-4 interface which can be modified only by the bank issueing the card To secure the smartcards programs and data against unauthorized modifications a security ar- chitecture with an access control system has been imple- mented in the smartcard

The security mechanisms implemented in the smartcard consist mainly of the generation and checking of MACs (message authentication codes) and encryption functions

The integrity of commands received by the smartcard is validated using these MACs The similar method is used to provide a cryptographic integrity feature for exchanged messages The encryption of data ensures the confidential- ity of commands and data Several individual and secret cryptographic keys are stored in the eurocheque card with

chip (see [I]) for the generation and checking of MACs as well as for the encryption of commands and data

12 The electronic purse

The electronic purse and its related commands and data is an application implemented in the eurocheque card with chip There also exist other types of smartcards issued by banks which incorporate the electronic purse Especially there exists some anonymous smartcards incorporating the electronic purse without any relation to the card holders banking account However each of these smartcards incor- porate the same security mechanisms

The electronic purse of a smartcard is a debit system which is preloaded and serves for the payment of goods or services An electronic value is stored in each smartcard which represents a certain amount of cash This electronic value can be

increased by loading and

reduced by payments at points of acceptance

Banks issueing smartcards with the electronic purse also install special clearing accounts for these smartcards The value stored in the electronic purse of the smartcard repre- sents a credit value that corresponds to this clearing account

The national payment system of the German banking community based on the electronic purse application is named GeldKarte (see [13]) In the following the name GeldKarte is used for all smartcards of the German bank- ing community which incorporate the electronic purse

The loading of a value into the electronic purse of a Geld- Karte is performed at a loading terminal using a crypto- graphically secured online dialog with a loading center of the German banking community The loading center en- sures that the amount which is loaded into the electronic purse is debited from an account and credited to the clear- ing account of the GeldKarte In order to load the Geld- Karte the card holder has to authenticate himself by a PIN

88 1063-952796 $500 0 1996 IEEE

(personal identification number) The money is withdrawn from the related banking account

In the following the method for payments using the elec- tronic purse are described in detail (see [ 131)

13 Payments using the electronic purse

Payment transactions using the electronic purse are con- ducted offline at terminals located at merchants The PIN is not required for payments

The merchantrsquos terminal has its own secure application module (SAM) which itself is implemented as a smartcard This smartcard incorporates the same security architecture as the rdquoeurocheque card with chiprdquo but provides different commands at its interface according to its specific purpose In the following this card is called rdquomerchant cardrdquo

During a payment with the electronic purse the merchant terminal has the task to manage the communication between the electronic purse and the merchant card For this pur- pose the merchant terminal sends the necessary commands to the smartcards (GeldKarte and merchant card) including the messages of the corresponding card

The following figure shows the all the messages and commands during a payment transaction

GrldKarte

Electronic

I

I

terminal

+

Figure 1 Payment using the German Elec- tronic Purse (550 DM)

The following security architecture is incorporated in the GeldKarte and the merchant card design

131 Security architecture

For de- and encryption the DES and Triple-DES algorithms are implemented in the merchant card MAC generation uses CBC and CFB-MAC according to ANSI X919 (see

[ 121) with simple or double long DES keys Today the Geld- Karte uses Single-DES In the near-future it is planned to switch to Triple-DES for MAC computation

Each GeldKarte is personalized with an individual iden- tification and DES key C I D and KRD A merchant card stores an individual ID M I D and a system key KGKRD which is used to derive the K E D

The access to stored data is controlled and reglemented by access conditions

In the following we describe the payment transaction We explain which commands and communication steps are used furthermore we describe which security mechanisms are realized

132 Authentication of the GeldKarte

The GeldKarte proves its authenticity to the merchant card First the merchant terminal requests the GeldKarte to send its identification C I D The merchant terminal requests a challenge in form of a random number R A N D from the merchant card with the command rdquoGET CHaLENGErsquo This random number R A N D is sent to the GeldKarte with the command rdquostart debit processrdquo

In the answer message of rdquostart debit processrdquo the Geld- Karte includes its current sequence number S N o and the random number R A N D These data is protected by a MAC which is computed over this data using its individual DES key KRD and appended to the message as a certificate for the authenticity

The answer of the GeldKarte is transmitted to the mer- chant card together with its C I D for verification with the command rdquostart paymentrdquo

b

RAND SNo MAC CID (from terminal)

Figure 2 Authentication of the GeldKarte

To verify the authenticity the merchant card computes the certificate (MAC) and compares it to the received value In order to do this it derives the key I i R D from its mas- ter key KGKRD and the identification C I D by decrypting H ( C I D ) using Triple-DES where H is the hash algorithm specified in IS0 101 18-2 which maps a value of arbitrary length to a value of 16 bytes length

The authenticity of the GeldKarte and its sequence num- ber S N o are certified since the identification data C I D is

89

included in the key derivation Including the random num- ber RAND into the MAC prevents replay attacks of mes- sages The merchant card is convinced by the authenticity of the GeldKarte and starts the payment Hence payments can only be started by an authentic GeldKarte

133 Reducing the actual amount in the GeldKarte

The actual amount of the electronic purse of the GeldKarte is reduced by the amount of the payment (DM 550 in the example)

Within the answer message of the command start pay- ment the merchant terminal receives the data for the com- mand debiting from the merchant card The merchant ter- minal completes the data for the command debiting with the amount of payment amount and sends it to the Geld- Karte

The data for the command debiting contains the identi- fication data M I D and the transaction number T N o of the corresponding merchant card as well as the sequence num- ber S N o of the GeldKarte All this data is MAC protected by the merchant card using the key KRD

Because of the MAC the GeldKarte can check the au- thenticity of the merchant card so that only authentic mer- chant cards can successfully process the command debit- ing

The identification data of the GeldKarte is included into the MAC generation The GeldKarte will detect whether the data of the command debiting is related to an other GeldKarte Therefore it is impossible to debit from different electronic purses with the same command data

The GeldKarte checks whether the sequence number S N o in the command data is identical with its actual se- quence number The attack to realize a multiple debit from one electronic purse with the same command data by re- playing old debiting commands is recognized and pre- vented

If the amount of payment is less than the actual amount stored in the electronic purse the actual amount is reduced by the amount of payment The debiting of the amount of payment is logged in the GeldKarte

Figure 3 Authentication of the merchant card

134

The GeldKarte issues a cryptographically protected receipt for the debiting which can be checked for authenticity and integrity by the merchant card

The answer message of debiting is transmitted from the merchant terminal to the merchant card in the command check payment In the answer message of debiting the GeldKarte sends the amount amount of payment the GeId- Kartes sequence number SNo the clearing account num- ber A N o and the transaction number T N o of the merchant card protected by a MAC Again the MAC is computed over this data using its DES key KRD

Electronic receipt for merchant card

SNo amount ANo

MID TNo MAC

Figure 4 Sending the receipt

The merchant card is able to recognize that these an- swer messages have been generated by the same GeldKarte which has proven its authenticity during start debit Furthermore it is proven to the merchant card that no merchant card is the intended recipient of the answer mes- sages and that the answer messages are not generated during an earlier payment with a different transaction number

Answer messages of the command debiting which are faked or answer messages of the command debiting which have been generated during an earlier payment and are now replayed are recognized by the merchant card and are cancelled

As response to check payment the merchant card sig- nals the merchant terminal whether the answe ge af debiting represents a correct receipt for the on of the actual amount in the GeldKarte

135

The merchant card generates a log entry of the payment aggregates the amount of payment in its sum entry and gen- erates cryptographically protected transaction data for the payment (within a single transaction)

The command payment is sent from the merchant ter- minal to the merchant card The merchant card processes this command only if the checks in the last steps had a POS-

itive result Therefore the merchant card generates trans- action data for the merchant only after having debited the amount of payment from a GeldKarte

Generating a certificate for the clearing center

90

To generate the MAC over transaction data and transac- tion number T N o an individual key l i z ~ for the merchant card is used

14 Clearing of Electronic Purse-Transactions

data of the electronic purse would be performed in the same manner

In the following section the viability of the GeldKarte for payment via the Internet is discussed further

2 Payments on the Internet If the merchant card has generated cryptographically

protected transaction data for a payment the merchant has the right to receive the amount of payment from the card issuer

The merchant can redeem the sales by presenting the cor- rect transaction data to a clearing center for the GeldKarte The clearing center debits the clearing account of the Geld- Karte and credits the merchants account

The merchant card or the transaction data which have been generated cannot be used to perform additional pay- ments because the certificate for the clearing center in- cludes the transaction number T N o The following figure shows the cycle of electronic representations of cash in the payment system GeldKarte and the cycle of payments

payment

goods services acceptant of

electronic amount of payment

Figure 5 Cycles in the Payment System Geld- Karte

In the 90ies the Information Highway experienced a real boom The main reason for this explosive growth is the commercialisation of the Internet At the beginning and un- til the 80ies the Internet started as a world wide net of uni- versities and the US-Government In the meanwhile com- panies discover this net of the nets as medium for transac- tions and communication as well as a source of distributed information They use it for marketing purposes for offer- ing distributing and selling their products Terms as elec- tronic commerce cyber shop virtual money electronic cash are some of possible examples in this context

With the ongoing commercialisation the demand for se- curing the Internet is growing rapidly Companies will use this medium for their business but with the same require- ments for the business transaction they are used to There- fore there is a demand for confidentiality integrity authen- ticity and especially liability for commercial transactions on the Internet

Out of these ideas the following question arises Can the existing German Electronic Purse system be adapted to pay- ments on the Internet (See [ 11)

21 Requirements and criteria for payment sys- tems

We first introduce some of the requirements and criteria for electronic payment systems which can form a base for evaluations of such systems (see [ 2 ] )

0 Availability

0 Easeofuse

0 Integrity of the corresponding transfer of data and money

15 Summary of Principles 0 Anonymity of the concerned parties

0 Limiting the risks

The following criteria classify klectronic payment sys- The process of payment described above is performed

offline During the payment the GeldKarte and the mer- chant card are located in one terminal

A payment in the form described above could be pro- cessed in the same manner even if both smartcards (Geld- Karte and merchant card) are separated In this case the merchant terminal would be replaced by a system managing the communication between the smartcards via an unsecure network eg the Internet In both cases the clearing of sales

tems

0 Security mechanisms for ensuring integrity authen- ticity anonymity privacy

0 Type of payment

- debit systems (pre-paid)

91

- credit systems (pay later)

- digital money (pay now)

0 Offline or online payments

0 Payments of small and large amounts

0 Payments in international currencies

22 Examples for Payment Systems

Typically existing credit and debit-card systems in Ger- many are not used for payments of small amounts The rea- sons are the complexity of the underlying technical struc- ture and the corresponding costs On the other hand until now the liability of payment transactions could be ensured only by using online mechanisms The concept of the Ger- man electronic purse was developed and specified to fill this gap by providing liable offline payment systems for small amounts

The following systems are some examples of actually developed electronic payment systems They differ in the underlying strategies and mechanisms and differ in the full- fillment of the given requirements and criterias The future will show which of the systems will coexist together

0 CAFE (see 1711

0 SET see [61)

0 Cybercash (see [lo])

0 Ecash (see [9])

0 MONDEX(see [SI)

0 andsoon

232 Ease of use

Payments with the electronic purse will become familiar to the customers By providing them the opportunity to use the same payment system for payment transactions on the Internet increases the acceptance of the electronic purse and the use of the commercial part of the Internet A customer will not accept several different smartcard systems each for a limited purpose

Another related aspect concerns the customers possibili- ties to overview and control all his payments In the case of several different smartcard systems each for a limited pur- pose a customer has to inspect several accounts In case of the eurocheque card with chip all payment transactions are recorded in one account

The customer is able to control all his payments by overviewing one account The form payment for payments in shops and on the Internet are the same Therefore the requirement for ease of use is fulfilled

233 Realization and Security

In addition to the German electronic purse the customer needs a smartcard reader at his PC and a client software for accessing the smartcard reader At the merchants site the same equipment has to be installed for the use of the merchant card The equipment is needed only to manage the communication between the two smartcards

All security features of the payment system GeldKarte are working in the same manner as the payment transaction at a merchant terminal in a shop All security functions eg generation of certificates mutual verification of authentic- ity and data eg the cryptographic keys are located in the smartcards

The merchant terminal manages the communication be- tween the smartcards and provides functions for data stor- age The security does not rely on the medium for the com- -

munication between the smartcards From a technical point of view it is not necessary that both smartcards are located 23 Payments with the purse

231 Starting Point at the same place Therefore the security is the same for payment transactions at a merchant terminal or on the Inter-

Nowadays customers already possess one or cards used in payment systems (eg MasterCard VISA eu- the transmission rocheque customer cards of different organisations) One of these cards in G~~~~~ is the card which today is in use by nearly 50 Mio customers All these eu- rocheque cards will be replaced in the end of 1996 with the new eurocheque card with chip including the application electronic purse

net The security mechanisms prevent manipulations during

Some functions which are implementes in the merchant terminal have to be implemented in special client applica- tions for the customers pes are

0 display of transactions amount

0 start of debiting command by the customer Almost every citizen in Germany will possess an eu-

rocheque card with chip in 1997 One requirement for a 0 logging of payment transactions

potentially widely spread payment system on the Internet will be given the payment system is highly available on the customer side

The clearing of the transaction data of the electronic purse is performed in the same manner for payments at shops or on the Internet

92

The integrity of data and commands is given by the con- struction of the payment system It is not reduced by using it on the Internet Even the clearing process remains the same The requirement for the integrity of the correspond- ing transfer of data and money is fulfilled

234 Anonymity of the parties

When incorporating a GeldKarte which does not have any relation to the card holders banking account the require- ment of anonymity is fulfilled anyway In the other case a merchant is not able to read out the identity of a customer from the data stored in the merchant card Therefore the anonymity of a customer against the merchant is guaran- teed

During the processing of the transaction data by the clearing centers the payments are related to the clearing ac- count

By combining data of the clearing account the banking account and the personal data of the customer the clearing center might generate data related to the customers shop- ping behaviour Therefore the anonymity of a customer is possibly affected

235 Restrictions

There are some restrictions of the German electronic purse for payments on the Internet

The German electronic purse is a national payment sys- tem Its currency is the Deutsche Mark (Deutsch Mark) Therefore the use of the German electronic purse is mainly limited to business within Germany

On the other hand the system is not limited to german merchants International merchants offering products in the german market can provide this payment service to the ger- man customers They can apply for a merchant card at the issuer bank and need an account in a clearing center

At the moment the field test supports only the function electronic purse with a chip It has to be decided whether the described system will be introduced for payments on the Internet However there are no technical restrictions

References

[ l ] Dr Brigitte Nebelung debis Systemhaus GEI IT- Sicherheit Dr Albert Glade Giesecke amp Devrient GmbH Die elektronische Geldborse als innovative Zahlungsmittel im Internet Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online- Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[2] Dr Riidiger Grimm GMD - Forschungszentrum Infor- mationstechnik GmbH Darmstadt Secure Shopping

Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online-Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[3] D Chapman and E Zwicky November 1995 Building Internet Firewalls OReilly amp Associates

[4] HickmanElGamal The SSL Protocol Internet Draft Netscape Communications

[5] Statistic of the Internet society httpwwwnwcom httpwwwmastercardcomsetsethtml

[6] Secure Electronic Transaction (SET) SpeciJication httpwwwmastercardcomsetsethtm

[7] CAFE httpwwwdigicashcomproducts proj ectslproj ects html httpwwwcwinlcwiprojectscafehtml

[8] Mondex httpwwwmondexcommondexnethtml httpwwwmondexcomndexhomehtml

[9] Ecash httpwwwdigicashcom httpwwwdigicashcomecashl httpwwwdigicashcompublishl

[ 101 Cybercash httpwwwcybercashcoondexnet html ftpftpcybercashcompub

[ 1 11 Christian Huitema IPv6 The New Internet Protocol Prentice Hall PTR 1996

[ 121 Financial Institution Retail Message Authentication Amercican Bankers Association August 13 X919

1986

[ 131 Schnittstellenspeziaktion fur die GeldKarte mit Chip debis Systemhaus GEI August 91995

93

(personal identification number) The money is withdrawn from the related banking account

In the following the method for payments using the elec- tronic purse are described in detail (see [ 131)

13 Payments using the electronic purse

Payment transactions using the electronic purse are con- ducted offline at terminals located at merchants The PIN is not required for payments

The merchantrsquos terminal has its own secure application module (SAM) which itself is implemented as a smartcard This smartcard incorporates the same security architecture as the rdquoeurocheque card with chiprdquo but provides different commands at its interface according to its specific purpose In the following this card is called rdquomerchant cardrdquo

During a payment with the electronic purse the merchant terminal has the task to manage the communication between the electronic purse and the merchant card For this pur- pose the merchant terminal sends the necessary commands to the smartcards (GeldKarte and merchant card) including the messages of the corresponding card

The following figure shows the all the messages and commands during a payment transaction

GrldKarte

Electronic

I

I

terminal

+

Figure 1 Payment using the German Elec- tronic Purse (550 DM)

The following security architecture is incorporated in the GeldKarte and the merchant card design

131 Security architecture

For de- and encryption the DES and Triple-DES algorithms are implemented in the merchant card MAC generation uses CBC and CFB-MAC according to ANSI X919 (see

[ 121) with simple or double long DES keys Today the Geld- Karte uses Single-DES In the near-future it is planned to switch to Triple-DES for MAC computation

Each GeldKarte is personalized with an individual iden- tification and DES key C I D and KRD A merchant card stores an individual ID M I D and a system key KGKRD which is used to derive the K E D

The access to stored data is controlled and reglemented by access conditions

In the following we describe the payment transaction We explain which commands and communication steps are used furthermore we describe which security mechanisms are realized

132 Authentication of the GeldKarte

The GeldKarte proves its authenticity to the merchant card First the merchant terminal requests the GeldKarte to send its identification C I D The merchant terminal requests a challenge in form of a random number R A N D from the merchant card with the command rdquoGET CHaLENGErsquo This random number R A N D is sent to the GeldKarte with the command rdquostart debit processrdquo

In the answer message of rdquostart debit processrdquo the Geld- Karte includes its current sequence number S N o and the random number R A N D These data is protected by a MAC which is computed over this data using its individual DES key KRD and appended to the message as a certificate for the authenticity

The answer of the GeldKarte is transmitted to the mer- chant card together with its C I D for verification with the command rdquostart paymentrdquo

b

RAND SNo MAC CID (from terminal)

Figure 2 Authentication of the GeldKarte

To verify the authenticity the merchant card computes the certificate (MAC) and compares it to the received value In order to do this it derives the key I i R D from its mas- ter key KGKRD and the identification C I D by decrypting H ( C I D ) using Triple-DES where H is the hash algorithm specified in IS0 101 18-2 which maps a value of arbitrary length to a value of 16 bytes length

The authenticity of the GeldKarte and its sequence num- ber S N o are certified since the identification data C I D is

89

included in the key derivation Including the random num- ber RAND into the MAC prevents replay attacks of mes- sages The merchant card is convinced by the authenticity of the GeldKarte and starts the payment Hence payments can only be started by an authentic GeldKarte

133 Reducing the actual amount in the GeldKarte

The actual amount of the electronic purse of the GeldKarte is reduced by the amount of the payment (DM 550 in the example)

Within the answer message of the command start pay- ment the merchant terminal receives the data for the com- mand debiting from the merchant card The merchant ter- minal completes the data for the command debiting with the amount of payment amount and sends it to the Geld- Karte

The data for the command debiting contains the identi- fication data M I D and the transaction number T N o of the corresponding merchant card as well as the sequence num- ber S N o of the GeldKarte All this data is MAC protected by the merchant card using the key KRD

Because of the MAC the GeldKarte can check the au- thenticity of the merchant card so that only authentic mer- chant cards can successfully process the command debit- ing

The identification data of the GeldKarte is included into the MAC generation The GeldKarte will detect whether the data of the command debiting is related to an other GeldKarte Therefore it is impossible to debit from different electronic purses with the same command data

The GeldKarte checks whether the sequence number S N o in the command data is identical with its actual se- quence number The attack to realize a multiple debit from one electronic purse with the same command data by re- playing old debiting commands is recognized and pre- vented

If the amount of payment is less than the actual amount stored in the electronic purse the actual amount is reduced by the amount of payment The debiting of the amount of payment is logged in the GeldKarte

Figure 3 Authentication of the merchant card

134

The GeldKarte issues a cryptographically protected receipt for the debiting which can be checked for authenticity and integrity by the merchant card

The answer message of debiting is transmitted from the merchant terminal to the merchant card in the command check payment In the answer message of debiting the GeldKarte sends the amount amount of payment the GeId- Kartes sequence number SNo the clearing account num- ber A N o and the transaction number T N o of the merchant card protected by a MAC Again the MAC is computed over this data using its DES key KRD

Electronic receipt for merchant card

SNo amount ANo

MID TNo MAC

Figure 4 Sending the receipt

The merchant card is able to recognize that these an- swer messages have been generated by the same GeldKarte which has proven its authenticity during start debit Furthermore it is proven to the merchant card that no merchant card is the intended recipient of the answer mes- sages and that the answer messages are not generated during an earlier payment with a different transaction number

Answer messages of the command debiting which are faked or answer messages of the command debiting which have been generated during an earlier payment and are now replayed are recognized by the merchant card and are cancelled

As response to check payment the merchant card sig- nals the merchant terminal whether the answe ge af debiting represents a correct receipt for the on of the actual amount in the GeldKarte

135

The merchant card generates a log entry of the payment aggregates the amount of payment in its sum entry and gen- erates cryptographically protected transaction data for the payment (within a single transaction)

The command payment is sent from the merchant ter- minal to the merchant card The merchant card processes this command only if the checks in the last steps had a POS-

itive result Therefore the merchant card generates trans- action data for the merchant only after having debited the amount of payment from a GeldKarte

Generating a certificate for the clearing center

90

To generate the MAC over transaction data and transac- tion number T N o an individual key l i z ~ for the merchant card is used

14 Clearing of Electronic Purse-Transactions

data of the electronic purse would be performed in the same manner

In the following section the viability of the GeldKarte for payment via the Internet is discussed further

2 Payments on the Internet If the merchant card has generated cryptographically

protected transaction data for a payment the merchant has the right to receive the amount of payment from the card issuer

The merchant can redeem the sales by presenting the cor- rect transaction data to a clearing center for the GeldKarte The clearing center debits the clearing account of the Geld- Karte and credits the merchants account

The merchant card or the transaction data which have been generated cannot be used to perform additional pay- ments because the certificate for the clearing center in- cludes the transaction number T N o The following figure shows the cycle of electronic representations of cash in the payment system GeldKarte and the cycle of payments

payment

goods services acceptant of

electronic amount of payment

Figure 5 Cycles in the Payment System Geld- Karte

In the 90ies the Information Highway experienced a real boom The main reason for this explosive growth is the commercialisation of the Internet At the beginning and un- til the 80ies the Internet started as a world wide net of uni- versities and the US-Government In the meanwhile com- panies discover this net of the nets as medium for transac- tions and communication as well as a source of distributed information They use it for marketing purposes for offer- ing distributing and selling their products Terms as elec- tronic commerce cyber shop virtual money electronic cash are some of possible examples in this context

With the ongoing commercialisation the demand for se- curing the Internet is growing rapidly Companies will use this medium for their business but with the same require- ments for the business transaction they are used to There- fore there is a demand for confidentiality integrity authen- ticity and especially liability for commercial transactions on the Internet

Out of these ideas the following question arises Can the existing German Electronic Purse system be adapted to pay- ments on the Internet (See [ 11)

21 Requirements and criteria for payment sys- tems

We first introduce some of the requirements and criteria for electronic payment systems which can form a base for evaluations of such systems (see [ 2 ] )

0 Availability

0 Easeofuse

0 Integrity of the corresponding transfer of data and money

15 Summary of Principles 0 Anonymity of the concerned parties

0 Limiting the risks

The following criteria classify klectronic payment sys- The process of payment described above is performed

offline During the payment the GeldKarte and the mer- chant card are located in one terminal

A payment in the form described above could be pro- cessed in the same manner even if both smartcards (Geld- Karte and merchant card) are separated In this case the merchant terminal would be replaced by a system managing the communication between the smartcards via an unsecure network eg the Internet In both cases the clearing of sales

tems

0 Security mechanisms for ensuring integrity authen- ticity anonymity privacy

0 Type of payment

- debit systems (pre-paid)

91

- credit systems (pay later)

- digital money (pay now)

0 Offline or online payments

0 Payments of small and large amounts

0 Payments in international currencies

22 Examples for Payment Systems

Typically existing credit and debit-card systems in Ger- many are not used for payments of small amounts The rea- sons are the complexity of the underlying technical struc- ture and the corresponding costs On the other hand until now the liability of payment transactions could be ensured only by using online mechanisms The concept of the Ger- man electronic purse was developed and specified to fill this gap by providing liable offline payment systems for small amounts

The following systems are some examples of actually developed electronic payment systems They differ in the underlying strategies and mechanisms and differ in the full- fillment of the given requirements and criterias The future will show which of the systems will coexist together

0 CAFE (see 1711

0 SET see [61)

0 Cybercash (see [lo])

0 Ecash (see [9])

0 MONDEX(see [SI)

0 andsoon

232 Ease of use

Payments with the electronic purse will become familiar to the customers By providing them the opportunity to use the same payment system for payment transactions on the Internet increases the acceptance of the electronic purse and the use of the commercial part of the Internet A customer will not accept several different smartcard systems each for a limited purpose

Another related aspect concerns the customers possibili- ties to overview and control all his payments In the case of several different smartcard systems each for a limited pur- pose a customer has to inspect several accounts In case of the eurocheque card with chip all payment transactions are recorded in one account

The customer is able to control all his payments by overviewing one account The form payment for payments in shops and on the Internet are the same Therefore the requirement for ease of use is fulfilled

233 Realization and Security

In addition to the German electronic purse the customer needs a smartcard reader at his PC and a client software for accessing the smartcard reader At the merchants site the same equipment has to be installed for the use of the merchant card The equipment is needed only to manage the communication between the two smartcards

All security features of the payment system GeldKarte are working in the same manner as the payment transaction at a merchant terminal in a shop All security functions eg generation of certificates mutual verification of authentic- ity and data eg the cryptographic keys are located in the smartcards

The merchant terminal manages the communication be- tween the smartcards and provides functions for data stor- age The security does not rely on the medium for the com- -

munication between the smartcards From a technical point of view it is not necessary that both smartcards are located 23 Payments with the purse

231 Starting Point at the same place Therefore the security is the same for payment transactions at a merchant terminal or on the Inter-

Nowadays customers already possess one or cards used in payment systems (eg MasterCard VISA eu- the transmission rocheque customer cards of different organisations) One of these cards in G~~~~~ is the card which today is in use by nearly 50 Mio customers All these eu- rocheque cards will be replaced in the end of 1996 with the new eurocheque card with chip including the application electronic purse

net The security mechanisms prevent manipulations during

Some functions which are implementes in the merchant terminal have to be implemented in special client applica- tions for the customers pes are

0 display of transactions amount

0 start of debiting command by the customer Almost every citizen in Germany will possess an eu-

rocheque card with chip in 1997 One requirement for a 0 logging of payment transactions

potentially widely spread payment system on the Internet will be given the payment system is highly available on the customer side

The clearing of the transaction data of the electronic purse is performed in the same manner for payments at shops or on the Internet

92

The integrity of data and commands is given by the con- struction of the payment system It is not reduced by using it on the Internet Even the clearing process remains the same The requirement for the integrity of the correspond- ing transfer of data and money is fulfilled

234 Anonymity of the parties

When incorporating a GeldKarte which does not have any relation to the card holders banking account the require- ment of anonymity is fulfilled anyway In the other case a merchant is not able to read out the identity of a customer from the data stored in the merchant card Therefore the anonymity of a customer against the merchant is guaran- teed

During the processing of the transaction data by the clearing centers the payments are related to the clearing ac- count

By combining data of the clearing account the banking account and the personal data of the customer the clearing center might generate data related to the customers shop- ping behaviour Therefore the anonymity of a customer is possibly affected

235 Restrictions

There are some restrictions of the German electronic purse for payments on the Internet

The German electronic purse is a national payment sys- tem Its currency is the Deutsche Mark (Deutsch Mark) Therefore the use of the German electronic purse is mainly limited to business within Germany

On the other hand the system is not limited to german merchants International merchants offering products in the german market can provide this payment service to the ger- man customers They can apply for a merchant card at the issuer bank and need an account in a clearing center

At the moment the field test supports only the function electronic purse with a chip It has to be decided whether the described system will be introduced for payments on the Internet However there are no technical restrictions

References

[ l ] Dr Brigitte Nebelung debis Systemhaus GEI IT- Sicherheit Dr Albert Glade Giesecke amp Devrient GmbH Die elektronische Geldborse als innovative Zahlungsmittel im Internet Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online- Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[2] Dr Riidiger Grimm GMD - Forschungszentrum Infor- mationstechnik GmbH Darmstadt Secure Shopping

Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online-Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[3] D Chapman and E Zwicky November 1995 Building Internet Firewalls OReilly amp Associates

[4] HickmanElGamal The SSL Protocol Internet Draft Netscape Communications

[5] Statistic of the Internet society httpwwwnwcom httpwwwmastercardcomsetsethtml

[6] Secure Electronic Transaction (SET) SpeciJication httpwwwmastercardcomsetsethtm

[7] CAFE httpwwwdigicashcomproducts proj ectslproj ects html httpwwwcwinlcwiprojectscafehtml

[8] Mondex httpwwwmondexcommondexnethtml httpwwwmondexcomndexhomehtml

[9] Ecash httpwwwdigicashcom httpwwwdigicashcomecashl httpwwwdigicashcompublishl

[ 101 Cybercash httpwwwcybercashcoondexnet html ftpftpcybercashcompub

[ 1 11 Christian Huitema IPv6 The New Internet Protocol Prentice Hall PTR 1996

[ 121 Financial Institution Retail Message Authentication Amercican Bankers Association August 13 X919

1986

[ 131 Schnittstellenspeziaktion fur die GeldKarte mit Chip debis Systemhaus GEI August 91995

93

included in the key derivation Including the random num- ber RAND into the MAC prevents replay attacks of mes- sages The merchant card is convinced by the authenticity of the GeldKarte and starts the payment Hence payments can only be started by an authentic GeldKarte

133 Reducing the actual amount in the GeldKarte

The actual amount of the electronic purse of the GeldKarte is reduced by the amount of the payment (DM 550 in the example)

Within the answer message of the command start pay- ment the merchant terminal receives the data for the com- mand debiting from the merchant card The merchant ter- minal completes the data for the command debiting with the amount of payment amount and sends it to the Geld- Karte

The data for the command debiting contains the identi- fication data M I D and the transaction number T N o of the corresponding merchant card as well as the sequence num- ber S N o of the GeldKarte All this data is MAC protected by the merchant card using the key KRD

Because of the MAC the GeldKarte can check the au- thenticity of the merchant card so that only authentic mer- chant cards can successfully process the command debit- ing

The identification data of the GeldKarte is included into the MAC generation The GeldKarte will detect whether the data of the command debiting is related to an other GeldKarte Therefore it is impossible to debit from different electronic purses with the same command data

The GeldKarte checks whether the sequence number S N o in the command data is identical with its actual se- quence number The attack to realize a multiple debit from one electronic purse with the same command data by re- playing old debiting commands is recognized and pre- vented

If the amount of payment is less than the actual amount stored in the electronic purse the actual amount is reduced by the amount of payment The debiting of the amount of payment is logged in the GeldKarte

Figure 3 Authentication of the merchant card

134

The GeldKarte issues a cryptographically protected receipt for the debiting which can be checked for authenticity and integrity by the merchant card

The answer message of debiting is transmitted from the merchant terminal to the merchant card in the command check payment In the answer message of debiting the GeldKarte sends the amount amount of payment the GeId- Kartes sequence number SNo the clearing account num- ber A N o and the transaction number T N o of the merchant card protected by a MAC Again the MAC is computed over this data using its DES key KRD

Electronic receipt for merchant card

SNo amount ANo

MID TNo MAC

Figure 4 Sending the receipt

The merchant card is able to recognize that these an- swer messages have been generated by the same GeldKarte which has proven its authenticity during start debit Furthermore it is proven to the merchant card that no merchant card is the intended recipient of the answer mes- sages and that the answer messages are not generated during an earlier payment with a different transaction number

Answer messages of the command debiting which are faked or answer messages of the command debiting which have been generated during an earlier payment and are now replayed are recognized by the merchant card and are cancelled

As response to check payment the merchant card sig- nals the merchant terminal whether the answe ge af debiting represents a correct receipt for the on of the actual amount in the GeldKarte

135

The merchant card generates a log entry of the payment aggregates the amount of payment in its sum entry and gen- erates cryptographically protected transaction data for the payment (within a single transaction)

The command payment is sent from the merchant ter- minal to the merchant card The merchant card processes this command only if the checks in the last steps had a POS-

itive result Therefore the merchant card generates trans- action data for the merchant only after having debited the amount of payment from a GeldKarte

Generating a certificate for the clearing center

90

To generate the MAC over transaction data and transac- tion number T N o an individual key l i z ~ for the merchant card is used

14 Clearing of Electronic Purse-Transactions

data of the electronic purse would be performed in the same manner

In the following section the viability of the GeldKarte for payment via the Internet is discussed further

2 Payments on the Internet If the merchant card has generated cryptographically

protected transaction data for a payment the merchant has the right to receive the amount of payment from the card issuer

The merchant can redeem the sales by presenting the cor- rect transaction data to a clearing center for the GeldKarte The clearing center debits the clearing account of the Geld- Karte and credits the merchants account

The merchant card or the transaction data which have been generated cannot be used to perform additional pay- ments because the certificate for the clearing center in- cludes the transaction number T N o The following figure shows the cycle of electronic representations of cash in the payment system GeldKarte and the cycle of payments

payment

goods services acceptant of

electronic amount of payment

Figure 5 Cycles in the Payment System Geld- Karte

In the 90ies the Information Highway experienced a real boom The main reason for this explosive growth is the commercialisation of the Internet At the beginning and un- til the 80ies the Internet started as a world wide net of uni- versities and the US-Government In the meanwhile com- panies discover this net of the nets as medium for transac- tions and communication as well as a source of distributed information They use it for marketing purposes for offer- ing distributing and selling their products Terms as elec- tronic commerce cyber shop virtual money electronic cash are some of possible examples in this context

With the ongoing commercialisation the demand for se- curing the Internet is growing rapidly Companies will use this medium for their business but with the same require- ments for the business transaction they are used to There- fore there is a demand for confidentiality integrity authen- ticity and especially liability for commercial transactions on the Internet

Out of these ideas the following question arises Can the existing German Electronic Purse system be adapted to pay- ments on the Internet (See [ 11)

21 Requirements and criteria for payment sys- tems

We first introduce some of the requirements and criteria for electronic payment systems which can form a base for evaluations of such systems (see [ 2 ] )

0 Availability

0 Easeofuse

0 Integrity of the corresponding transfer of data and money

15 Summary of Principles 0 Anonymity of the concerned parties

0 Limiting the risks

The following criteria classify klectronic payment sys- The process of payment described above is performed

offline During the payment the GeldKarte and the mer- chant card are located in one terminal

A payment in the form described above could be pro- cessed in the same manner even if both smartcards (Geld- Karte and merchant card) are separated In this case the merchant terminal would be replaced by a system managing the communication between the smartcards via an unsecure network eg the Internet In both cases the clearing of sales

tems

0 Security mechanisms for ensuring integrity authen- ticity anonymity privacy

0 Type of payment

- debit systems (pre-paid)

91

- credit systems (pay later)

- digital money (pay now)

0 Offline or online payments

0 Payments of small and large amounts

0 Payments in international currencies

22 Examples for Payment Systems

Typically existing credit and debit-card systems in Ger- many are not used for payments of small amounts The rea- sons are the complexity of the underlying technical struc- ture and the corresponding costs On the other hand until now the liability of payment transactions could be ensured only by using online mechanisms The concept of the Ger- man electronic purse was developed and specified to fill this gap by providing liable offline payment systems for small amounts

The following systems are some examples of actually developed electronic payment systems They differ in the underlying strategies and mechanisms and differ in the full- fillment of the given requirements and criterias The future will show which of the systems will coexist together

0 CAFE (see 1711

0 SET see [61)

0 Cybercash (see [lo])

0 Ecash (see [9])

0 MONDEX(see [SI)

0 andsoon

232 Ease of use

Payments with the electronic purse will become familiar to the customers By providing them the opportunity to use the same payment system for payment transactions on the Internet increases the acceptance of the electronic purse and the use of the commercial part of the Internet A customer will not accept several different smartcard systems each for a limited purpose

Another related aspect concerns the customers possibili- ties to overview and control all his payments In the case of several different smartcard systems each for a limited pur- pose a customer has to inspect several accounts In case of the eurocheque card with chip all payment transactions are recorded in one account

The customer is able to control all his payments by overviewing one account The form payment for payments in shops and on the Internet are the same Therefore the requirement for ease of use is fulfilled

233 Realization and Security

In addition to the German electronic purse the customer needs a smartcard reader at his PC and a client software for accessing the smartcard reader At the merchants site the same equipment has to be installed for the use of the merchant card The equipment is needed only to manage the communication between the two smartcards

All security features of the payment system GeldKarte are working in the same manner as the payment transaction at a merchant terminal in a shop All security functions eg generation of certificates mutual verification of authentic- ity and data eg the cryptographic keys are located in the smartcards

The merchant terminal manages the communication be- tween the smartcards and provides functions for data stor- age The security does not rely on the medium for the com- -

munication between the smartcards From a technical point of view it is not necessary that both smartcards are located 23 Payments with the purse

231 Starting Point at the same place Therefore the security is the same for payment transactions at a merchant terminal or on the Inter-

Nowadays customers already possess one or cards used in payment systems (eg MasterCard VISA eu- the transmission rocheque customer cards of different organisations) One of these cards in G~~~~~ is the card which today is in use by nearly 50 Mio customers All these eu- rocheque cards will be replaced in the end of 1996 with the new eurocheque card with chip including the application electronic purse

net The security mechanisms prevent manipulations during

Some functions which are implementes in the merchant terminal have to be implemented in special client applica- tions for the customers pes are

0 display of transactions amount

0 start of debiting command by the customer Almost every citizen in Germany will possess an eu-

rocheque card with chip in 1997 One requirement for a 0 logging of payment transactions

potentially widely spread payment system on the Internet will be given the payment system is highly available on the customer side

The clearing of the transaction data of the electronic purse is performed in the same manner for payments at shops or on the Internet

92

The integrity of data and commands is given by the con- struction of the payment system It is not reduced by using it on the Internet Even the clearing process remains the same The requirement for the integrity of the correspond- ing transfer of data and money is fulfilled

234 Anonymity of the parties

When incorporating a GeldKarte which does not have any relation to the card holders banking account the require- ment of anonymity is fulfilled anyway In the other case a merchant is not able to read out the identity of a customer from the data stored in the merchant card Therefore the anonymity of a customer against the merchant is guaran- teed

During the processing of the transaction data by the clearing centers the payments are related to the clearing ac- count

By combining data of the clearing account the banking account and the personal data of the customer the clearing center might generate data related to the customers shop- ping behaviour Therefore the anonymity of a customer is possibly affected

235 Restrictions

There are some restrictions of the German electronic purse for payments on the Internet

The German electronic purse is a national payment sys- tem Its currency is the Deutsche Mark (Deutsch Mark) Therefore the use of the German electronic purse is mainly limited to business within Germany

On the other hand the system is not limited to german merchants International merchants offering products in the german market can provide this payment service to the ger- man customers They can apply for a merchant card at the issuer bank and need an account in a clearing center

At the moment the field test supports only the function electronic purse with a chip It has to be decided whether the described system will be introduced for payments on the Internet However there are no technical restrictions

References

[ l ] Dr Brigitte Nebelung debis Systemhaus GEI IT- Sicherheit Dr Albert Glade Giesecke amp Devrient GmbH Die elektronische Geldborse als innovative Zahlungsmittel im Internet Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online- Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[2] Dr Riidiger Grimm GMD - Forschungszentrum Infor- mationstechnik GmbH Darmstadt Secure Shopping

Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online-Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[3] D Chapman and E Zwicky November 1995 Building Internet Firewalls OReilly amp Associates

[4] HickmanElGamal The SSL Protocol Internet Draft Netscape Communications

[5] Statistic of the Internet society httpwwwnwcom httpwwwmastercardcomsetsethtml

[6] Secure Electronic Transaction (SET) SpeciJication httpwwwmastercardcomsetsethtm

[7] CAFE httpwwwdigicashcomproducts proj ectslproj ects html httpwwwcwinlcwiprojectscafehtml

[8] Mondex httpwwwmondexcommondexnethtml httpwwwmondexcomndexhomehtml

[9] Ecash httpwwwdigicashcom httpwwwdigicashcomecashl httpwwwdigicashcompublishl

[ 101 Cybercash httpwwwcybercashcoondexnet html ftpftpcybercashcompub

[ 1 11 Christian Huitema IPv6 The New Internet Protocol Prentice Hall PTR 1996

[ 121 Financial Institution Retail Message Authentication Amercican Bankers Association August 13 X919

1986

[ 131 Schnittstellenspeziaktion fur die GeldKarte mit Chip debis Systemhaus GEI August 91995

93

To generate the MAC over transaction data and transac- tion number T N o an individual key l i z ~ for the merchant card is used

14 Clearing of Electronic Purse-Transactions

data of the electronic purse would be performed in the same manner

In the following section the viability of the GeldKarte for payment via the Internet is discussed further

2 Payments on the Internet If the merchant card has generated cryptographically

protected transaction data for a payment the merchant has the right to receive the amount of payment from the card issuer

The merchant can redeem the sales by presenting the cor- rect transaction data to a clearing center for the GeldKarte The clearing center debits the clearing account of the Geld- Karte and credits the merchants account

The merchant card or the transaction data which have been generated cannot be used to perform additional pay- ments because the certificate for the clearing center in- cludes the transaction number T N o The following figure shows the cycle of electronic representations of cash in the payment system GeldKarte and the cycle of payments

payment

goods services acceptant of

electronic amount of payment

Figure 5 Cycles in the Payment System Geld- Karte

In the 90ies the Information Highway experienced a real boom The main reason for this explosive growth is the commercialisation of the Internet At the beginning and un- til the 80ies the Internet started as a world wide net of uni- versities and the US-Government In the meanwhile com- panies discover this net of the nets as medium for transac- tions and communication as well as a source of distributed information They use it for marketing purposes for offer- ing distributing and selling their products Terms as elec- tronic commerce cyber shop virtual money electronic cash are some of possible examples in this context

With the ongoing commercialisation the demand for se- curing the Internet is growing rapidly Companies will use this medium for their business but with the same require- ments for the business transaction they are used to There- fore there is a demand for confidentiality integrity authen- ticity and especially liability for commercial transactions on the Internet

Out of these ideas the following question arises Can the existing German Electronic Purse system be adapted to pay- ments on the Internet (See [ 11)

21 Requirements and criteria for payment sys- tems

We first introduce some of the requirements and criteria for electronic payment systems which can form a base for evaluations of such systems (see [ 2 ] )

0 Availability

0 Easeofuse

0 Integrity of the corresponding transfer of data and money

15 Summary of Principles 0 Anonymity of the concerned parties

0 Limiting the risks

The following criteria classify klectronic payment sys- The process of payment described above is performed

offline During the payment the GeldKarte and the mer- chant card are located in one terminal

A payment in the form described above could be pro- cessed in the same manner even if both smartcards (Geld- Karte and merchant card) are separated In this case the merchant terminal would be replaced by a system managing the communication between the smartcards via an unsecure network eg the Internet In both cases the clearing of sales

tems

0 Security mechanisms for ensuring integrity authen- ticity anonymity privacy

0 Type of payment

- debit systems (pre-paid)

91

- credit systems (pay later)

- digital money (pay now)

0 Offline or online payments

0 Payments of small and large amounts

0 Payments in international currencies

22 Examples for Payment Systems

Typically existing credit and debit-card systems in Ger- many are not used for payments of small amounts The rea- sons are the complexity of the underlying technical struc- ture and the corresponding costs On the other hand until now the liability of payment transactions could be ensured only by using online mechanisms The concept of the Ger- man electronic purse was developed and specified to fill this gap by providing liable offline payment systems for small amounts

The following systems are some examples of actually developed electronic payment systems They differ in the underlying strategies and mechanisms and differ in the full- fillment of the given requirements and criterias The future will show which of the systems will coexist together

0 CAFE (see 1711

0 SET see [61)

0 Cybercash (see [lo])

0 Ecash (see [9])

0 MONDEX(see [SI)

0 andsoon

232 Ease of use

Payments with the electronic purse will become familiar to the customers By providing them the opportunity to use the same payment system for payment transactions on the Internet increases the acceptance of the electronic purse and the use of the commercial part of the Internet A customer will not accept several different smartcard systems each for a limited purpose

Another related aspect concerns the customers possibili- ties to overview and control all his payments In the case of several different smartcard systems each for a limited pur- pose a customer has to inspect several accounts In case of the eurocheque card with chip all payment transactions are recorded in one account

The customer is able to control all his payments by overviewing one account The form payment for payments in shops and on the Internet are the same Therefore the requirement for ease of use is fulfilled

233 Realization and Security

In addition to the German electronic purse the customer needs a smartcard reader at his PC and a client software for accessing the smartcard reader At the merchants site the same equipment has to be installed for the use of the merchant card The equipment is needed only to manage the communication between the two smartcards

All security features of the payment system GeldKarte are working in the same manner as the payment transaction at a merchant terminal in a shop All security functions eg generation of certificates mutual verification of authentic- ity and data eg the cryptographic keys are located in the smartcards

The merchant terminal manages the communication be- tween the smartcards and provides functions for data stor- age The security does not rely on the medium for the com- -

munication between the smartcards From a technical point of view it is not necessary that both smartcards are located 23 Payments with the purse

231 Starting Point at the same place Therefore the security is the same for payment transactions at a merchant terminal or on the Inter-

Nowadays customers already possess one or cards used in payment systems (eg MasterCard VISA eu- the transmission rocheque customer cards of different organisations) One of these cards in G~~~~~ is the card which today is in use by nearly 50 Mio customers All these eu- rocheque cards will be replaced in the end of 1996 with the new eurocheque card with chip including the application electronic purse

net The security mechanisms prevent manipulations during

Some functions which are implementes in the merchant terminal have to be implemented in special client applica- tions for the customers pes are

0 display of transactions amount

0 start of debiting command by the customer Almost every citizen in Germany will possess an eu-

rocheque card with chip in 1997 One requirement for a 0 logging of payment transactions

potentially widely spread payment system on the Internet will be given the payment system is highly available on the customer side

The clearing of the transaction data of the electronic purse is performed in the same manner for payments at shops or on the Internet

92

The integrity of data and commands is given by the con- struction of the payment system It is not reduced by using it on the Internet Even the clearing process remains the same The requirement for the integrity of the correspond- ing transfer of data and money is fulfilled

234 Anonymity of the parties

When incorporating a GeldKarte which does not have any relation to the card holders banking account the require- ment of anonymity is fulfilled anyway In the other case a merchant is not able to read out the identity of a customer from the data stored in the merchant card Therefore the anonymity of a customer against the merchant is guaran- teed

During the processing of the transaction data by the clearing centers the payments are related to the clearing ac- count

By combining data of the clearing account the banking account and the personal data of the customer the clearing center might generate data related to the customers shop- ping behaviour Therefore the anonymity of a customer is possibly affected

235 Restrictions

There are some restrictions of the German electronic purse for payments on the Internet

The German electronic purse is a national payment sys- tem Its currency is the Deutsche Mark (Deutsch Mark) Therefore the use of the German electronic purse is mainly limited to business within Germany

On the other hand the system is not limited to german merchants International merchants offering products in the german market can provide this payment service to the ger- man customers They can apply for a merchant card at the issuer bank and need an account in a clearing center

At the moment the field test supports only the function electronic purse with a chip It has to be decided whether the described system will be introduced for payments on the Internet However there are no technical restrictions

References

[ l ] Dr Brigitte Nebelung debis Systemhaus GEI IT- Sicherheit Dr Albert Glade Giesecke amp Devrient GmbH Die elektronische Geldborse als innovative Zahlungsmittel im Internet Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online- Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[2] Dr Riidiger Grimm GMD - Forschungszentrum Infor- mationstechnik GmbH Darmstadt Secure Shopping

Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online-Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[3] D Chapman and E Zwicky November 1995 Building Internet Firewalls OReilly amp Associates

[4] HickmanElGamal The SSL Protocol Internet Draft Netscape Communications

[5] Statistic of the Internet society httpwwwnwcom httpwwwmastercardcomsetsethtml

[6] Secure Electronic Transaction (SET) SpeciJication httpwwwmastercardcomsetsethtm

[7] CAFE httpwwwdigicashcomproducts proj ectslproj ects html httpwwwcwinlcwiprojectscafehtml

[8] Mondex httpwwwmondexcommondexnethtml httpwwwmondexcomndexhomehtml

[9] Ecash httpwwwdigicashcom httpwwwdigicashcomecashl httpwwwdigicashcompublishl

[ 101 Cybercash httpwwwcybercashcoondexnet html ftpftpcybercashcompub

[ 1 11 Christian Huitema IPv6 The New Internet Protocol Prentice Hall PTR 1996

[ 121 Financial Institution Retail Message Authentication Amercican Bankers Association August 13 X919

1986

[ 131 Schnittstellenspeziaktion fur die GeldKarte mit Chip debis Systemhaus GEI August 91995

93

- credit systems (pay later)

- digital money (pay now)

0 Offline or online payments

0 Payments of small and large amounts

0 Payments in international currencies

22 Examples for Payment Systems

Typically existing credit and debit-card systems in Ger- many are not used for payments of small amounts The rea- sons are the complexity of the underlying technical struc- ture and the corresponding costs On the other hand until now the liability of payment transactions could be ensured only by using online mechanisms The concept of the Ger- man electronic purse was developed and specified to fill this gap by providing liable offline payment systems for small amounts

The following systems are some examples of actually developed electronic payment systems They differ in the underlying strategies and mechanisms and differ in the full- fillment of the given requirements and criterias The future will show which of the systems will coexist together

0 CAFE (see 1711

0 SET see [61)

0 Cybercash (see [lo])

0 Ecash (see [9])

0 MONDEX(see [SI)

0 andsoon

232 Ease of use

Payments with the electronic purse will become familiar to the customers By providing them the opportunity to use the same payment system for payment transactions on the Internet increases the acceptance of the electronic purse and the use of the commercial part of the Internet A customer will not accept several different smartcard systems each for a limited purpose

Another related aspect concerns the customers possibili- ties to overview and control all his payments In the case of several different smartcard systems each for a limited pur- pose a customer has to inspect several accounts In case of the eurocheque card with chip all payment transactions are recorded in one account

The customer is able to control all his payments by overviewing one account The form payment for payments in shops and on the Internet are the same Therefore the requirement for ease of use is fulfilled

233 Realization and Security

In addition to the German electronic purse the customer needs a smartcard reader at his PC and a client software for accessing the smartcard reader At the merchants site the same equipment has to be installed for the use of the merchant card The equipment is needed only to manage the communication between the two smartcards

All security features of the payment system GeldKarte are working in the same manner as the payment transaction at a merchant terminal in a shop All security functions eg generation of certificates mutual verification of authentic- ity and data eg the cryptographic keys are located in the smartcards

The merchant terminal manages the communication be- tween the smartcards and provides functions for data stor- age The security does not rely on the medium for the com- -

munication between the smartcards From a technical point of view it is not necessary that both smartcards are located 23 Payments with the purse

231 Starting Point at the same place Therefore the security is the same for payment transactions at a merchant terminal or on the Inter-

Nowadays customers already possess one or cards used in payment systems (eg MasterCard VISA eu- the transmission rocheque customer cards of different organisations) One of these cards in G~~~~~ is the card which today is in use by nearly 50 Mio customers All these eu- rocheque cards will be replaced in the end of 1996 with the new eurocheque card with chip including the application electronic purse

net The security mechanisms prevent manipulations during

Some functions which are implementes in the merchant terminal have to be implemented in special client applica- tions for the customers pes are

0 display of transactions amount

0 start of debiting command by the customer Almost every citizen in Germany will possess an eu-

rocheque card with chip in 1997 One requirement for a 0 logging of payment transactions

potentially widely spread payment system on the Internet will be given the payment system is highly available on the customer side

The clearing of the transaction data of the electronic purse is performed in the same manner for payments at shops or on the Internet

92

The integrity of data and commands is given by the con- struction of the payment system It is not reduced by using it on the Internet Even the clearing process remains the same The requirement for the integrity of the correspond- ing transfer of data and money is fulfilled

234 Anonymity of the parties

When incorporating a GeldKarte which does not have any relation to the card holders banking account the require- ment of anonymity is fulfilled anyway In the other case a merchant is not able to read out the identity of a customer from the data stored in the merchant card Therefore the anonymity of a customer against the merchant is guaran- teed

During the processing of the transaction data by the clearing centers the payments are related to the clearing ac- count

By combining data of the clearing account the banking account and the personal data of the customer the clearing center might generate data related to the customers shop- ping behaviour Therefore the anonymity of a customer is possibly affected

235 Restrictions

There are some restrictions of the German electronic purse for payments on the Internet

The German electronic purse is a national payment sys- tem Its currency is the Deutsche Mark (Deutsch Mark) Therefore the use of the German electronic purse is mainly limited to business within Germany

On the other hand the system is not limited to german merchants International merchants offering products in the german market can provide this payment service to the ger- man customers They can apply for a merchant card at the issuer bank and need an account in a clearing center

At the moment the field test supports only the function electronic purse with a chip It has to be decided whether the described system will be introduced for payments on the Internet However there are no technical restrictions

References

[ l ] Dr Brigitte Nebelung debis Systemhaus GEI IT- Sicherheit Dr Albert Glade Giesecke amp Devrient GmbH Die elektronische Geldborse als innovative Zahlungsmittel im Internet Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online- Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[2] Dr Riidiger Grimm GMD - Forschungszentrum Infor- mationstechnik GmbH Darmstadt Secure Shopping

Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online-Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[3] D Chapman and E Zwicky November 1995 Building Internet Firewalls OReilly amp Associates

[4] HickmanElGamal The SSL Protocol Internet Draft Netscape Communications

[5] Statistic of the Internet society httpwwwnwcom httpwwwmastercardcomsetsethtml

[6] Secure Electronic Transaction (SET) SpeciJication httpwwwmastercardcomsetsethtm

[7] CAFE httpwwwdigicashcomproducts proj ectslproj ects html httpwwwcwinlcwiprojectscafehtml

[8] Mondex httpwwwmondexcommondexnethtml httpwwwmondexcomndexhomehtml

[9] Ecash httpwwwdigicashcom httpwwwdigicashcomecashl httpwwwdigicashcompublishl

[ 101 Cybercash httpwwwcybercashcoondexnet html ftpftpcybercashcompub

[ 1 11 Christian Huitema IPv6 The New Internet Protocol Prentice Hall PTR 1996

[ 121 Financial Institution Retail Message Authentication Amercican Bankers Association August 13 X919

1986

[ 131 Schnittstellenspeziaktion fur die GeldKarte mit Chip debis Systemhaus GEI August 91995

93

The integrity of data and commands is given by the con- struction of the payment system It is not reduced by using it on the Internet Even the clearing process remains the same The requirement for the integrity of the correspond- ing transfer of data and money is fulfilled

234 Anonymity of the parties

When incorporating a GeldKarte which does not have any relation to the card holders banking account the require- ment of anonymity is fulfilled anyway In the other case a merchant is not able to read out the identity of a customer from the data stored in the merchant card Therefore the anonymity of a customer against the merchant is guaran- teed

During the processing of the transaction data by the clearing centers the payments are related to the clearing ac- count

By combining data of the clearing account the banking account and the personal data of the customer the clearing center might generate data related to the customers shop- ping behaviour Therefore the anonymity of a customer is possibly affected

235 Restrictions

There are some restrictions of the German electronic purse for payments on the Internet

The German electronic purse is a national payment sys- tem Its currency is the Deutsche Mark (Deutsch Mark) Therefore the use of the German electronic purse is mainly limited to business within Germany

On the other hand the system is not limited to german merchants International merchants offering products in the german market can provide this payment service to the ger- man customers They can apply for a merchant card at the issuer bank and need an account in a clearing center

At the moment the field test supports only the function electronic purse with a chip It has to be decided whether the described system will be introduced for payments on the Internet However there are no technical restrictions

References

[ l ] Dr Brigitte Nebelung debis Systemhaus GEI IT- Sicherheit Dr Albert Glade Giesecke amp Devrient GmbH Die elektronische Geldborse als innovative Zahlungsmittel im Internet Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online- Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[2] Dr Riidiger Grimm GMD - Forschungszentrum Infor- mationstechnik GmbH Darmstadt Secure Shopping

Workshop Cybermoney Sichere Zahlungssysteme im Internet und Online-Diensten debis Systemhaus GEI IT-Sicherheit Mai 1996

[3] D Chapman and E Zwicky November 1995 Building Internet Firewalls OReilly amp Associates

[4] HickmanElGamal The SSL Protocol Internet Draft Netscape Communications

[5] Statistic of the Internet society httpwwwnwcom httpwwwmastercardcomsetsethtml

[6] Secure Electronic Transaction (SET) SpeciJication httpwwwmastercardcomsetsethtm

[7] CAFE httpwwwdigicashcomproducts proj ectslproj ects html httpwwwcwinlcwiprojectscafehtml

[8] Mondex httpwwwmondexcommondexnethtml httpwwwmondexcomndexhomehtml

[9] Ecash httpwwwdigicashcom httpwwwdigicashcomecashl httpwwwdigicashcompublishl

[ 101 Cybercash httpwwwcybercashcoondexnet html ftpftpcybercashcompub

[ 1 11 Christian Huitema IPv6 The New Internet Protocol Prentice Hall PTR 1996

[ 121 Financial Institution Retail Message Authentication Amercican Bankers Association August 13 X919

1986

[ 131 Schnittstellenspeziaktion fur die GeldKarte mit Chip debis Systemhaus GEI August 91995

93