Electronic Commerce of Digital Goods

1
Electronic Commerce of Digital Goods

• Adapted from a talk by Martin Sirbu
• Carnegie Mellon University

2
Internet-Based Payment Models

• Secure transmission of credit card information
• Digital cash
• Digital checks
• Centralized online transactions

3
Credit Card Info Sent Direct to Merchant
(Netscape Model)
Merchant
Private Line
Credit Card Acquirer
Encrypted tunnel through the Internet

• Consumer sends card direct to merchant
• Similar to todays phone order
• Must trust merchant with card info
• High transaction costs

Internet
Consumer
4
Third Party Intermediary Model(CyberCash)

• Protects consumers card info
• Use Internet for reaching Cybercash gateway to
  acquirers
• Adds to credit card card cost

Merchant
Encrypted tunnel through the Internet
Internet
CyberCash
Consumer
5
Credit Card Acquirer On the Net (STTSEPPSET)

• Protects consumers card info
• Use Internet for reaching acquirer
• Still uses expensive credit card transactions

Merchant
Encrypted tunnel through the Internet
Internet
Consumer
6
Green Commerce Model(First Virtual)

• Messages sent in clear
• Credit card number stored at FV
• User must agree to pay after receiving
  information goods
• Credit Card transaction costs

Merchant
First Virtual
Internet
Consumer
7
Digicash Model

• 1- Consumer asks Bank for Digicash
• 2- Bank sends Digicash bits to consumer
• 3- Consumer sends Digicash to merchant in payment
• 4- Merchant checks that Digicash has not been
  double spent
• 5- Bank verifies that Digicash is valid
• Advantages
• Privacy, Scalability
• Disadvantages
• Complexity
• Detecting double spending
• Robustness against failure
• Accountability

Merchant
5
4
3
Bank
2
1
Consumer
8
Approach Digital Checks

• Consumers issue signed drafts on online bank
  accounts
• Merchants may do online or delayed clearing
• Examples NetCheque, FSTC NetAccount

9
Approach Online Transactions

• Funds transfer between accounts at a central
  server
• All accounts at the central server
• Prepaid or postpaid consumer accounts
• Advantages
• Low transaction overhead cost
• Disadvantages
• Scalability server may become a bottleneck
• Requires arrangement with accounting server
• Example NetBill, CompuServe, AOL, MSN

10
The NetBill Concept

• An electronic accounting server to enable network
  based commerce
• Accounts maintained at NetBill for rapid,
  inexpensive payment clearing (1 transaction cost
  for a 10 item)

Network
Service
Provider
End
User
NetBill
Server
Bank
11
Aggregation

• Users and Merchants create NetBill aggregation
  accounts.
• Each purchase transaction moves funds from the
  users NetBill account to the merchants NetBill
  account
• Money transferred into or out of the aggregation
  account using conventional money transfers
• credit card charge
• ACH
• Fixed cost of conventional transfers amortized
  over many microtransactions
• Aggregation account can be run as a prepaid or as
  a credit account
• Prepaid conventional debit in advance of
  micro-transaction
• Credit charge user after aggregated
  transactions reach a threshold

12
The Business Model

• Consumers establish an account with NetBill
• NetBill provides software libraries to
  incorporate NetBill support into client and
  server code
• Independent of client server protocol.
• e.g. Mosaic/WWW client and server using http
• Informedia client server using MPEG-2

13
NetBill Aware Application
14
The Business Model

• Consumers establish an account with NetBill
• NetBill provides software libraries to
  incorporate NetBill support into client and
  server code.
• e.g. Mosaic/WWW client and server
• In support of a client-server interaction,
  NetBill provides
• authentication
• credit checking
• access control
• transaction recording and receipt

15
More Than a Payment System

• The NetBill software supports
• price negotiation
• goods delivery
• payment
• For the consumer
• Online account creation
• Online statements
• Online account management
• For the merchant
• Flexible and efficient subscription management
  system
• transaction protocol optimizations for
  subscription goods
• Support for site licenses and group discounts
• Ability to support virtually any pricing rules
• Customizeable logging at the merchant server
• Online statements and custom reports

16
Automate To Reduce Costs

• User and merchant account administration via web
  browser
• account creation via web forms
• use browser to query account balance or
  transaction register
• web forms for customer service inquiries

17
NetBill Transaction Protocol

• Support for three phases
• price negotiation
• goods delivery
• payment
• Linkage of delivery and payment
• Efficiency enhancements for subscription goods
• Authorization control

18
NetBill Protocol
1

• 1. Client Requests a Price Quote
• 2. Service Provider Makes an Offer
• 3. Client Accepts Offer
• 4. Goods delivered encrypted
• 5. Receipt acknowledged
• 6. Transaction submitted
• 7. Transaction approved
• 8. Key delivered

2
3
service provider
client
4
5
8
6
7
NetBill
19
Strong Service Guarantees

• Money atomic money cannot be lost or created
  due to machine or network failure
• digicash coins can be lost
• Goods atomic Customer is guaranteed to be
  charged if and only if information goods are
  delivered successfully
• Uses certified delivery
• Non repudiation
• Merchant can prove what the consumer ordered
• Consumer can prove what the merchant delivered

20
Message Security

• Each message in the NetBill transaction protocol
  is encrypted for privacy
• A session key is generated the first time a
  consumer initiates a NetBill purchase with a
  particular merchant
• The session key is valid for a few hours and can
  be used for repeated purchase interactions.
• In technical terms
• Kerberos session tickets used to establish
  security and identity for each interaction
• Tickets are issued directly by the merchant
  acting as its own Ticket Granting Service (TGS)
  based on a Public Key Ticket Granting Ticket
  (PKTGT) generated by the consumer.
• Centralized KDC replaced by Certificate Authority

21
Privacy

• Consumers may elect to use pseudonyms to remain
  anonymous to merchant
• to benefit from customer specific discounts,
  customers may choose to disclose identity
• NetBill must know the identity of the parties and
  the amount of the transaction, but not
  necessarily what goods were ordered.
• EPO contains only a hash of goods order
• Sufficient records are kept to detect fraud and
  resolve disputes

22
Subscription Management System

• Consumer buys a subscription
• Subscription info is logged at SMS
• Client software gets token from SMS

Request token
3.
Subscription Management Server
Consumer
Record Subscription
Buy a subscription
2.
1.
Merchant
23
Subscription Management System

• Subscriber presents token when requesting goods
  to show she is a subscriber
• Tokens expire and must be (invisibly) refreshed
• Client software remembers which merchantsaccept
  tokens and where to get them

Request token
Subscription Management Server
Consumer
Present token
Merchant
4.
24
Site Licenses and Third Party Discounts

• Supported using same technology (Credentials)
• Credential server operated by unrelated entity
  (e.g. UCSB for goods supplied from UC Berkeley)

Request Credential
Consumer
Present Credential
Merchant
25
Credential Examples

• Server at UC Berkeley provides digital library
  content to all nine UC campuses
• each campus maintains credential database of who
  is a student entitled to library content under
  site license
• IEEE arranges discount for its members when
  buying IEEE publications from a digital library
• IEEE maintains credential database of members
• Corporate personnel office maintains database of
  employees allowed to access content from
  Corporate web servers
• Optimized protocol for zero priced (e.g.
  subscription) goods
• If willing to give up receipt, skip interaction
  with NetBill server 8 steps gt 4 steps
• If willing to give up certified delivery gt 2
  steps

26
Demonstration Testbed

• Partnering with Visa, Mellon Bank
• legally, only a bank can offer payment services
• Provide payment services to
• Digital Libraries
• Scholarly publishers
• Commercial publishers
• Schedule
• Alpha system 1Q, 1996
• CMU library as provider
• bibliobucks
• CMU students as users
• Beta system 2Q 1996
• 5-10 information providers
• U.S.
• students and staff at participating campuses

27
Standards Issues

• Which phases to standardize?
• If there will be multiple payment methods, need a
  payment method selection protocol
• Standardization of payment presentation versus
  payment clearing
• Standardization of component technologies
• e.g. Certificates
• Role of secure hardware

28
Issues of Trust in Electronic Commerce

• What does a merchant need to know about a
  customer?
• name? demographics?
• that the merchant will be (has been) paid?
• Who to trust
• financial intermediaries
• public key certificate authorities
• credential authorities
• The theory of reliable transactions has been
  based on premise that errors are accidental not
  deliberate.
• New mechanisms needed to protect against errors
  deliberately introduced with intent to defraud.

29
Summary

• The Internet is becoming the Global Information
  Infrastructure
• All phases of commerce can be supported by
  networks
• Organization of electronic information markets is
  currently limited by lack of Internet payment
  systems
• Numerous payment models are being developed
• For information goods, delivery and payment
  should be linked as a single atomic transaction
  at low cost.