nisms for digital signature, contracting tools or electronic agents for negotiation .... New types of value adding intermediaries will mostly work in the information ...
COPS: A Model and Infrastructure for Secure and Fair Electronic Markets Alexander W. Röhm, Günther Pernul Department of Information Systems University of Essen, Germany {roehm|pernul}@wi-inf.uni-essen.de
Abstract Existing electronic markets in the open network Internet often show a lack of security and fairness. New forms of trading are just coming up and the variety of different market structures and digital goods we will probably see in the future is yet unthinkable. Therefore, an infrastructure for future electronic markets has to support the realization of different market structures by providing secure and fair services in a transparent way and to allow dynamic changes of market structures1. For example it should allow that the market structure changes from an auction to a direct search market on the fly. In this work we first elaborate an electronic market model and use it to describe how an open infrastructure for electronic markets should be realized. Finally we introduce the project COPS (Commercial Protocols and Services) in which we realize an infrastructure for secure and fair electronic markets.
1 Introduction There are lots of advantages in using electronic markets. Electronic markets seen as mechanisms for coordinating the allocation of goods are supposed to reduce the trading immanent transaction costs, especially when the traded goods are digitally represented [6, 14]. As a consequence electronic markets in the Internet are expected to produce lower prices and bigger margins than traditional ways of trading. Why do companies and consumers still hesitate to take part in electronic markets in the Web? If we look closer 1 By structure we mean the way how the market is realized and organized. The concept of market structure is used in a slightly different way in market analysis economics.
into technical details no adequate infrastructure for secure and fair business on the Internet is available. Even if there are solutions in some areas - like EDI for a flexible data exchange, SET for electronic payment, cryptography for ensuring some degree of security and privacy, mechanisms for digital signature, contracting tools or electronic agents for negotiation support - they do not gain the users interest or trust so far. So we have to ask: What do business partners expect from electronic markets? Our hypothesis is that users want to have integrated tools guaranteeing privacy, security and fair trade, that are embedded in a legal system which protects from fraud and larceny. On the other hand users and especially suppliers want to freely choose and eventually change after some time the market structure in which they are trading their digital goods. In our opinion these are electronic markets’ key requirements, which are vital for future electronic markets. In order to meet these key requirements we are developing the infrastructure COPS (Commercial Protocols and Services) for secure and fair electronic markets. Our goals for COPS are first to investigate what appropriate mechanisms are already available, second to integrate them in a common framework, third to develop and include missing but needed mechanisms and finally to build COPS as an extensible system in order to be able to include future requirements which we are currently not aware of. COPS should not be a reference model for electronic markets but should offer an open infrastructure to support electronic markets in fulfilling the above mentioned key requirements for trading with digital goods. The outline of this paper is as follows: In the second section we elaborate a model for electronic markets. In the third section we discuss the mentioned key requirements in more detail. Some insights into the COPS architecture and how a market can be built with the infrastructure services will be given in section 4. Previous and related work on cryptographic issues, security, electronic markets, digital goods and infrastructures for electronic commerce
Copyright 1999 IEEE. Proceedings of the Hawai’i International Conference On System Sciences 32, January 5-8, 1999, Maui, Hawai’i.
is listed with short comments in section 5. Section 6 summarizes the state of current work on the COPS project and gives directions for further research.
(with the dealers holding inventories against which they buy and sell), and the auction markets [8]. From this classification we derive four electronic market player roles: demander, supplier, electronic intermediary (cybermediary) and trusted third party. Together with the information services five roles of participants are considered in the COPS market model:
2 Electronic market model In this chapter we elaborate the COPS market model. After an introductory description of the general model, a more detailed description of the different roles of the participants on electronic markets, of the phases of market transactions and of the concept “digital good“ will follow.
The demander is the driving force of a market transaction. Only in the information phase it is possible that a supplier offers products. All other phases are initiated by the demander. It is on the demander’s side, where an infrastructure has to preserve the open character of an open market. In particular no or less technical or organisational preconditions should exist that hinder a demander to participate. This openness generally includes, that there is no trust relationship between the business partners, which leads to additional security threads [4].
2.1 General model
services
It is common practice to structure a business transaction into three phases: the information phase, the negotiation phase and the execution phase (or settlement phase). Figure 1 shows the general market model. The three levels (I,N,E) show the three phases, while the corner elements are representing the different participants on open markets in an open network.
I demander
I
A
pr
The supplier has the choice to offer her/his goods either on a direct search market, through cybermediaries, or on an electronic auction market. The choice will depend on the suppliers preferences, on the type of the good offered and on other strategic considerations. An electronic intermediary2 is trading information about products like their prices or quality. He offers product evaluation, quality assurance, or special combinations of products (e.g. travel agency). There are quite different understandings of electronic intermediaries. All agree, that intermediaries will survive (despite the fact that direct producer buyer relationships are becoming easier and cheaper) in electronic markets, because they are able to produce an added value to electronic goods [22].
ls co oto
supplier A
E
E
I intermediary
N E informations services
trusted services
I N
I
E
Trusted third parties are participants in electronic markets in whom other participants are forced to trust, because they perform sensible tasks. Such sensible tasks occur in many different situations and there are different reasons to involve a trusted third party in trading. There are two classes of trusted third parties in markets today. First the trusted third parties which are part of the security infrastructure and second trusted third parties who are market participants, too. We propose for example the use of trusted third parties to realise fair electronic auction markets. In this case the difference between cybermediaries and trusted third parties seems to disappear. In our understanding there
N E
Figure 1: COPS Market Model
Within each phase the required services for each participant are supported and protocols handle the cooperation between participants. Besides the two dimensions services and protocols there is another security relevant dimension in electronic markets: different goods need different security. For example, shares or tradable rights have to be original, while copyright protected multimedia documents have to be protected against illegal use.
2
Examples for already existing cybermediaries in the Internet are malls (http://www.emb.ch/), yellow pages (http://www.yahoo.com), information aggregation (www.pricewatch.com), or electronic bookstores (http://www.amazon.com).
2.2 Market Players Market-based co-ordination can be classified into four categories: direct-search markets (where the future partners seek out one another), brokered markets (with the brokers assuming the search function), dealer markets
2
method of shipping. All obligations for all business partners have to be mentioned in this contract.
is a distinguishing mark, that is based on the personal interests and the goals of the party. Consider the example of an anonymous mediated market scenario. To simplify the example we take two parties, S who wants to sell a certain quantity of a good at the price of 100 Euro and D who ordered the same amount and is willing to pay 125 Euro. The intermediary would take the chance and earns 25 Euro. Intermediaries have own interests on the market but trusted third parties are supposed to do something predetermined and transparent to A and B. For example, simply report the offers or in an exchange market meet all matching demands.
The negotiation phase may have different forms. On a direct search market it begins with the direct contact of demander and supplier and it ends, in the case they find an agreement with the completion of a contract. On an electronic auction market the negotiation phase works according to the detailed rules of the auction mechanism and the supplier is generally not involved in the negotiation between the auctioneer and the demander. Also in the other market structures with mediation (dealer and broker markets) the negotiation takes either place between demander and intermediary or between supplier and intermediary.
An important role for trusted third parties as part of a security infrastructure is their use for public-key certification. Due to this they offer an infrastructure to support legal binding of electronic documents [5]. This is practically important for contracting, but also for digital goods which often need authenticity, originality and similar properties.
During the execution phase both the demander and the supplier have to meet the obligations described and fixed in the contract they have made in the negotiation phase. In most markets there are two sub-phases: the payment and the delivery of goods. How they are carried out strongly depend on the type of the good.
For future electronic markets there are a lot of new tasks for trusted third parties. For example, we believe that the mass of communication can result in an increasing amount of lawsuits, so that traditional courts can not cope with it. Fortunately they don’t need to, because in most cases an automatic court of arbitration will be able to judge when enough evidence is available from the used security mechanisms. This „cyberjudge“ is a new role which might appear in the Internet. Of course a legal system has to provide possibilities to appeal against decisions of the cyberjudge.
2.4 Digital Goods There are major changes in thinking on digital goods. Today trading immaterial goods in most cases means sending and receiving documents which describe for example obligations. But there are also new forms of digital goods, which are inherently carrying their value. Examples are digital money or digital represented audio and video data. These examples show that new types of goods with new requirements occur and that others may appear in the near future.
Information services provide technical information about the market infrastructure and the network. Examples are certificate directories [11] or a special host which processes inquiries like: “What is the network address of a trusted third party issuing secure time stamps?“
Most people are not even sure what electronic property is, because it somehow depends on common sense. The worth of a (digital) good depends on the interpretation and the individual opinion on what is valuable and what is not. The same problem people in ancient time had with paper money. But when we talk about digital goods we mean bits that somehow are valuable and that have to be protected from loosing their value. This protection becomes more important then in traditional markets, because the ethic rules of real life are not applicable to the cyberspace and the inherent protection of matter doesn't apply to bits [7].
2.3 Market Transaction Phases The three transaction phases have different properties and requirements. In this subsection we want to discuss the characteristics of the phases in a more detailed way. Information phase: During the information phase the parties search their proper business partners. Demanders, for example, search suppliers who can satisfy their demands. New types of value adding intermediaries will mostly work in the information phases of future electronic market transactions. The business of such an intermediary may be issuing of trustworthy quality certificates or the preparation of product comparisons.
Ownership in general is defined by rights that an owner has: „What is owned are socially recognized rights of action“ [1]. A general definition of digital goods may therefor be the following: A digital good is a good, that allows to transfer its ownership rights in an electronic way. Those rights of the owner have to be protected by an infrastructure for secure electronic market transactions especially during the execution phase.
In the negotiation phase the supplier and the demander have to find an agreement. Many details of the contract have to be fixed like the method of payment and the
3
Digital signatures play the technical part in the solution of this problem. They are usually based on public-key cryptography as introduced by Rivest, Shamir and Adleman in 1978 [21]. A digital signature placed on a digital document indicates, that this document was written by someone who owns a secret-key. If the public-key, which belongs to this secret-key is available the digital signature can be verified. The association of the public-key to a person is usually certified by a trusted third party, the so called certification authority (CA).
3 Key requirements on electronic markets The key requirements on electronic market infrastructures are privacy, security, fair trade, appropriate legal system and the possibility of dynamic market structures. In this work we leave out the problem of dynamic market structures, which we discuss in [17]. In the following sections we resume the definitions of privacy, security and fair trade and, whenever necessary, extent them to better fit in the context of electronic markets for digital goods. Then we discuss which properties an appropriate legal system should have. In the last subsection we describe how secure and fair market transactions will be realized in COPS.
The legal binding of a digital signature depends on the strength of the digital signature algorithm, the reliability of the certification infrastructure [10], and the regulating laws. In Germany the Digital Signature Act includes regulations which allow digital signatures to be a piece of evidence [5].
3.1 Security
Subject of legal binding with digital signatures may be contracts, orders, offers and also guarantees of authenticity, integrity, quality and the value of digital goods. Digital signatures have different semantics. The different possibilities of using digital signatures are the reason for adding labels to digital signatures like it is proposed by the W3C’s digital signature initiative [28, 13].
The term security describes the capability of an IT system to ensure confidentiality, integrity and authenticity of transmitted and stored data against threads or attacks [19]. While the definition of confidentiality and authenticity is obvious integrity depends on the context. Integrity as usually used in a network security context means that a message sent was received unchanged. If we extend it to describe the situation, that a system represents a consistent view of the reality, we get a more adequate definition of integrity in electronic commerce. Providing integrity of digital goods means protecting bits from loosing their value. Each digital good has its own integrity properties and in some cases (like e.g. copyright protection of documents) a whole set of protocols and services of an electronic market infrastructure can be involved to protect the digital good from loosing its value.
There are additional legal aspects of an electronic market infrastructure concerning for example privacy rights. In Germany it is requested by a privacy law, that no data on the user’s identity appears in transactions, except there is no other way to conduct the business transaction (see also 3.3).
3.3 Privacy Several organizations and initiatives like “Free Speech“ were founded as a reaction to the US government, which started attempts to regulate cryptography. This was an impressive expression of the individual’s demand for privacy rights. Furthermore it is expected, that users of electronic payment systems prefer anonymous payment systems [27]. It is obvious that these demands will be made on electronic markets in the Internet, too. Besides public interest anonymity in some cases also has economic relevance, for example when demand and supply have to meet anonymously.
The way how security is realized is responsible how acceptable the system is for the user. If the user has to enter name and password whenever he enters a new market place he will soon demand simpler systems.
3.2 Legal System Today’s legal systems are faced with new challenges. New forms of property, communication and agreements are appearing in the cyberspace. Simultaneously great risks are coming up for the participants of electronic markets. The main problem with digital documents is, that they are easy to forge and to copy. Therefor they do not have a binding character for their authors. For electronic markets additional technical mechanisms and legal regulations for legal binding of digital documents are necessary.
3.4 Fair Trade The term fairness can generally be used for a series of exchanged messages or goods between two parties A and B in which the messages depend on each other, so that neither A nor B has the possibility to cheat. It should not happen in a market transaction, that either A has paid and B does not deliver the paid goods or vice versa. Addition-
4
tion markets. All other markets benefit from protocols that do not involve trusted third parties in the signing process.
ally, sometimes more than two parties are involved. Fairness then means that either each party has received what it has expected at the end of a transaction or no party received anything [2]. An equivalent problem is the requirement of simultaneously signing of a contract and there are some other cases in which those fairness problems have to be solved.
information service
broker
I demander
Fairness also means being informed which security and privacy services are available to perform a transaction and the ability to choose or to negotiate which service will be used. For example, when trading original documents only one party can remain anonymous to the trusted third party but not both [20].
1 I
I
1
N
2 N
issuer
N I
supplier I E N
E
3 E
In most systems fairness is not yet considered. For example, the electronic payment system First Virtual allows the buyer to deny a deal even when the seller has already delivered the goods [24].
N
6,7
E
4,5 E
3.5 Secure and fair market transactions
Figure 2: Market transaction example
In the execution phase the integrity of the digital goods has to be guaranteed and payment has to be conducted in a secure way. A large number of secure electronic payment mechanisms in the Internet were proposed but electronic payment is still an obstacle for electronic commerce [3, 16]. The reason for this is on one side the large number of systems proposed and on the other side the missing experiences with the new payment mechanisms. However, an important part of an infrastructure for electronic markets will be an integrated and secure solution for electronic payment. In 1995 the World Wide Web Consortium started a project called JEPI (Joined electronic Payments Initiative) which claimed to provide a standardised interface to all the different payment systems [29]. But there are no solutions available, yet.
Each phase of a market transaction has special security demands. They can not be generalized, but there are some very common and specific security demands within each phase: In the information phase it is necessary, that a demander can rely on offers he/she has received. Besides this the communication during the information phase sometimes has to be secure against taping or manipulation by competitors. These properties refer to the basic security services integrity, authenticity and confidentiality. An additional requirement is non-repudiation, which refers to the fact that parties can not deny having participated in a communication. The economic importance of the information phase for real markets [15] will lead to further security needs. For example that the supplier has to prove the ownership of the goods he wants to sell to the auctioneer before the goods are offered.
In figure 2 we show an example market transaction in COPS on an open market for free trade with original and anonymous emission permits [20].
In the negotiation phase the legal binding of contracts is an important security demand. For contracts signed with digital signatures this implies, that public-key certification and legal regulations are needed. The legal regulations must describe the way how digital signatures should be applied that they are acceptable as a piece of evidence.
During the steps marked with the 1 the demander and supplier search one another. In step 2 the demander gets a binding offer from the supplier. In step 3, during the negotiation phase, they together complete the contract and the demander sends a session key which is encrypted by the public key of the issuer. The execution phase begins with step 4 in which the supplier sends his original permit together with the encrypted session key to the issuer. The issuer (trusted third party) generates a new original and encrypts it with the session key. Then he sends it to the supplier in step 5, who gives it to the demander in step 6, who pays electronically in step 7.
Besides security also fairness has to be provided by a protocol for contract signing. There are some standards and proposals. Some of them make use of trusted third parties in the signing process some work without trusted third parties [2]. In an auction market the auctioneer is a trusted third party per definition. This enables a technical solution to provide secure, fair and anonymous contracting on auc-
5
4 COPS In order to conduct secure and fair market transactions COPS provides basic security services and fair security protocols. These must be combined to realize a fair and secure market transaction. Those specifications need to be done for all roles that take part in the market transaction by using a workflow like method which allows modeling of application dependent security semantics [18]. Building blocks of this specification (showed as boxes in figure 3) are the COPS services which are described in the first part of this chapter.
demand of offers (2)
demander
decision for supplier (3)
I negotiation s (4)
V
completion of the contract (5)
V
N E
The COPS infrastructure consists of two main parts the services and the protocols. Parties must co-ordinate their activities in order to reach a joint goal including the security requirements. Protocols specify this coordination. They are described with the same method sketched in figure 3 by specifying all roles together in one view. Both, COPS services and protocols are built on the basis of the common COPS prototype architecture, which is described in the second part of this section.
§
final specific. to supplier (6)
delivery (7)
Figure 3: Specification of market transaction
Many things like for example the encryption of a document can be done locally. But besides these local services also services provided by other parties are needed in an electronic market infrastructure. Examples for global services are public key directories, secure time stamp services or registration services for copyright protection of documents.
The third part of this section describes some of the services which realize the marketplace functionality of COPS.
4.1 Services
It is obvious that the distinction between trusted and not trusted services is important when global services are involved in a market transaction.
COPS services can be divided into different classes. Services are either basic or complex, they are either local or part of the global infrastructure and finally they are either trusted or not.
4.2 Prototype Architecture
Basic services are predefined and transparent parts of COPS. They are realized in the COPS prototype architecture which is described in the next subsection. These already defined blocks can be used to build parts of a market transaction or even a complete market transaction. Combining basic services may result in a new security service, which then is a complex COPS service. For example a public key cryptographic mechanism is the basic service and the digital signature is the complex service.
The architecture of the COPS prototype is shown in figure 4. At the lowest level the COPS architecture uses Internet transport protocols for communication, and database systems functionality to store, manage and retrieve data. With the two layers in the middle of the architecture we tried to find abstraction levels, that allow to integrate different security solutions like SSL at the communications layer or to add new cryptographic systems at the security mechanism layer. Up to now the second layer includes the Cryptix library [25] and some additional security mechanisms, that are implemented by our own, but it is planed to use other products at this layer, too. The SMAL (Security Mechanism Abstraction Layer) is the layer that offers security services in a transparent way and allows to use cryptographic mechanisms from the second layer without knowledge about their implementation. This makes it easy to change implementation without changing other parts of software and makes COPS more flexible in the case when
6
new standards will arise or stronger cryptographic mechanisms are found.
ferences the COPS infrastructure is not a monolithic application but is designed in a way that secure services can be combined in order to build specific electronic markets. This is done by allowing the market building party to specify the secure market transaction for the electronic market he/she wants to build. He/She uses a specification language, to describe the information phase, the negotiation phase and the execution phase for the digital good, that will be traded on the electronic market. In this specification the services of COPS can be used.
4.3.1 Direct Search Market The most important characteristic of a direct search market is that there is no market place in the sense of a specific network address. The business partners contact each other autonomously from a third party that builds a market place. To be able to trust each other and to achieve legal binding a trusted third party that provides public-key certificates has to be involved off-line. The technical realisation of a direct search market in the COPS infrastructure consists of several services: the certification authority, the certificate directory, the realisation of the market transaction at the suppliers sides and a corresponding realization of the market transaction for the demander.
C ertific ation
C lient/S erv er AP I S ec ur ity M echa nis m A b stra ction L ay er ( SM A L)
A dd itio nal S ecur ity M ec han ism s
Internet (TC P /IP )
P er sis tence
de ma nder
C ry ptix
Figure 4: General COPS prototype architecture
On top of the application interface CsAPI basic service modules are located on the Basic Services Layer. Some possible modules that realize global services at the Basic Services Layer are shown in figure 4: information service, public-key certificate directory and certification authority are part of the global services infrastructure. At the same layer a further application interface is located: the market place API. Its duty is the interpretation of common message formats and commercial protocols for the market player’s service modules on the market place.
su pplie r
D ire ctor y
Infor m ation
M a rk et P la ce A PI
On top of the SMAL the communication layer is located. It contains the application interfaces for the different COPS services. Presently we are working on this layer on which the CsAPI Client/Server API is located. This API provides secure interfaces for market communication to the upper layers.
TTP
Fig. 6 direct search market
Direct search markets in the open Internet are supposed to first replace existing market structures with either a low number of demanders or a low number of suppliers (oligopoly market), because the search costs are exponentially growing with the number of demanders and suppliers. Up to now this seems to be still a problem even in the Internet.
On top of the Market Place API the Market Application Layer is located. Part of this layer are the implementations of the services, that are specific for a special role on the market. Examples of such roles are the demander on a direct search market or the trusted auctioneer on an electronic auction market.
4.3.2 Mediated electronic marketplace An example of an electronic marketplace with an intermediary is the scenario of publishing an article in an electronic journal. There are four parties involved in this market: first, there is the author who plays the role of the supplier, second, there is a copyright registration service for originals which is provided by the market building trusted third party, third the publisher of an electronic journal who is the intermediary and last the demander who wants to read the article.
4.3 Realization of different market structures In this section we want to show three examples of electronic markets with different market structures in COPS. With these examples we try to show the different technical parts of electronic markets. Because of the dif-
7
Corresponding to the roles on the marketplace there are the technical parts of the market place realization. The author registers his work at the global service for copyright registration, then he hands it to the publisher who sells the product to the readers.
each other to provide fairness in this case. Only when one of the partners does not meet his/her liability the trusted third party has to reveal the identities of supplier and demander. This kind of contraction may be an application of the dual signature which is also used in the SET electronic credit cart payment system [23]. As an example the specification of the part of the trusted third party realizing an english auction negotiation phase is shown in figure 9.
TTP m ark et plac e supp lier s
Figure 9: specification of auctioneers role in the
cyb er m edia rie s
de m an der s
bid_wait.set(500) auction_end.set(false) highest_bid.set(1000) while (auction_end.=?(false)) auction_end.set(true) bid.set(net.async_receive(sender, bit_wait, bid)) if (RSA.verify(sender.pub_key(), MD5.hash(bid), bid)) if (bid.>?(highest_bid)) highest_bid.set(bid) auction_end.set(false) end_if end_while if (sender.=?(false)) this.information_phase() end_if
Figure 7: mediated market
Again different COPS services have to be combined to build this market place. It is organized by a trusted third party and therefore it is located at a specific network address. COPS will allow to replace the implementation of each role by a particular interpretation, because the same communication ports will be used in each of the different scenarios.
negotiation phase of an english auction
Finally the delivery of the good and the payment has to be conducted in the execution phase. In this phase the trusted auctioneer can guarantee that this exchange happens in a fair way. The different services provided by COPS have to be combined similar to the two scenarios described above.
4.3.3 Auction Market As described in chapter 3 auctions are examples of market places where a trusted third party plays the role of the auctioneer and no additional intermediary is involved. The trusted third party provides the interfaces for demanders and suppliers. A transaction begins with the supplier describing her/his offer to the auctioneer. An offer may consist of the product description and the lowest price the supplier would accept. The demanders get the product description and the negotiation phase begins. There are a lot of possibilities for auction services like English, Dutch or Vikrey auctions.
5 Previous and Related Work There are some projects related to the work we do within COPS and that are concerned with open electronic commerce, security and fairness. A consortium of industry as well as academia partners backed by the European Union started in 1995 the project SEMPER (Secure electronic marketplace for Europe). Although SEMPER has a flexible architecture, it does not implement different electronic markets structures. It doesn’t include trusted services so far [26].
TTP au ctione er de man ders
supp lier s
There are some related commercial products that realize secure transactions for specific electronic commerce applications in the Internet. Examples are
Fig. 8: auction market
Brokat (www.brokat.de) offers Internet banking solutions and uses cryptography to secure the communications.
When the auction service has found out the price and the right demander the demander and the supplier sign a contract. Demander and supplier do not need to know
8
OpenMarket (www.openmarket.com) has several products for secure electronic transactions as Transact, LiveCommerce and SecureLink.
was shown in figure 9. The specification language that enables market makers to flexible build secure market places by specifying secure market transactions is under development together with a graphic method that will support the user.
Java electronic Commerce Framework of Sun Microsystems (www.javasoft.com) is planned to be a developer platform which provides security services.
The next steps after that will be: implementing applications and user interfaces,
Commercial solutions are either based on a centralized concept where a server at the supplier side serves as a trusted third party or are designed to be a developer platform that provides secure communication services.
implementing a specification tool for COPS services, and finding out how generic access can be granted to the different services.
In this work we left out the whole field of electronic payment systems. There are a lot of proposals and even commercial products such as SET, CyberCash and eCash. For an overview we refer to [12, 16]. Important for the usability in an infrastructure like COPS will be a common interface like it is proposed by the World Wide Web Consortiums’ JEPI Joined electronic Payment Initiative (www.w3c.org).
The actual progress of COPS can be viewed at the COPS Homepage http://www.wi-inf.uni-essen.de/∼cops
7 References
6 Conclusion and Further Work The status of the COPS-project is as follows: security requirements are collected and evaluated in an electronic commerce scenario focusing on anonymous digital trade of tradable emission permits [20]. Basic cryptographic mechanisms are collected in the SMAL class library. The library will serve in experimenting with certification authorities, labeled digital signatures, confidentiality, privacy issues and will be the basis for the realization of the different COPS services and protocols for secure and fair trade and with digital goods on different electronic market structures. Currently we are implementing COPS modules in JAVA by using the Cryptix 2.0 library [25] which provides basic public-key cryptography (RSA) mechanisms and a collection of cryptographic mechanisms such as DES, IDEA, Blowfish, MD5, MD4, and SHA. All further cryptographic mechanisms in the SMAL are implemented by our own. In the first prototype we will use PGP 2.6.3i message and file formats for compatibility reasons. For the certificate directory we use an Oracle 7.2 database with a jdbc (product of i-kenetics) Java interface and CORBA [9]. The certification authority which currently is under development will provide X.509v3 [11] certificates and support the ISO certification infrastructure [10]. In order to have a flexible infrastructure that can be used for almost any kind of digital product there has to be a generic access for all the services in the infrastructure. Besides that a possibility to specify complex security services and protocols is needed in order to specify secure and fair market transactions for digital goods as it
9
[1]
Alchian, A.; Demsetz, H.: The Property Rights Paradigm. in: Rosenberg, N. (ed.); Journal of Economic History; vol. 33; (1973)
[2]
Asokan, N.; Schunter, M.; Waidner, M.:Optimistic Protocols for fair exchange. IBM Research Report RZ 2858 (#90806) 09/02/96 (1996)
[3]
Asokan, N.; Janson, P.;. Steiner M.; Waidner, M.: Electronic payment systems. (1996) http://www.zurich.ibm.com/Technology/Security/publications/ 1996/AJSW96.ps.gz (last accessed 12/1996)
[4]
Bons, R. W. H.: Designing Trustworthy Trade Procedures for Open electronic Commerce. PhD-Series in General Management 27; Rotterdam School of Management; (1997)
[5]
German Digital Signature Act: Beschluß des Bundeskabinetts: IuKDG Informations- und Kommunikationsdienste Gesetz. DuD Datenschutz und Datensicherheit 21; Verlag Vieweg; Wiesbaden; (1997) (in German)
[6]
Choi, S.Y.; Stahl, D.O.; Whinston, A.B.: The Economics of Electronic Commerce. Mac Millan Technical Publishing; (1997)
[7]
Cox, B: What if there is a Silver Bullet and the Competition gets it first? Journal of Object-oiriented Programming; June '92; (1992) http://www.virtualschool.edu/mon/Cox/CoxWhatIfSilverBullet .html (last accessed 5/1998)
[8]
Gabade, K.: Securities Markets. New York; McGraw-Hill; (1982)
[9]
I-Kinetics Inc.: http://www.i-kinetics.com/ (last accessed 9/1997)
http://www.visa.com/cgi-bin/vee/sf/set/intro.html (last accessed 8/1996)
[10] International Organisation for Standardization (ISO): Information processing systems - Guidelines for the Use and Management of Trusted Third Parties - Part 2: Technical Aspects. International Standard ISO/IEC Working Draft 14516-2; Genf ; (1995)
[24] Stein, L. H.; Stefferud, E. A.; Borenstein, N. S.; Rose, M. T.:The Green Commerce Model: First Virtual Inc. Internet Draft; (1995)
[11] International Telecommunication Union: Information Technology - Open Systems Interconnection - The Directory: Authentication Framework. ITU-T Recommendation X.509; (1993)
[25] Systemics Ltd: www.systemics.com/software/cryptix-java/ (last accessed 9/1997) [26] Waidner, M.: Development of a Secure electronic marketplace for Europe. Proceedings of ESORICS ’96; LNCS; Springer; (1996)
[12] Janson, P.; Waidner, M.: Electronic Payment Systems. Datenschutz und Datensicherheit 6/96; Vieweg-Verlag Wiesbaden; (1996)
[27] Weiler, R.M.: Money, transactions, and trade on the Internet. Imperial College London; (1995) http://graph.ms.ic.ac.uk/results (last accessed 8/1997)
[13] Lipp, P; Sterbenz, A.: The Digital Signature Initiative. In: Katsikas, S. (Ed.) Proceedings of Communications and Multimedia Security ’97; Chapman & Hall; (1997)
[28] World Wide Web Consortium: Dsig 1.0 Signature Lables Using PICS 1.1 Lables for Digital Signatures. W3C Working Draft 5-June-97; (1997) http://www.w3.org/WWW/TR (last accessed 8/1997)
[14] Malone, T.; Yates, J.; Benjamin, R.: Electronic Markets and Electronic Hierarchies. Communications of the ACM, vol. 30, no. 6, (1987), pp. 484-497.
[29] World Wide Web Consortium; ComerceNet: Joint electronic Payments Initiative (JEPI; (1985) http://www.commerce.net/work/taskforces/payments/jepi.html (last accessed 12/1996)
[15] Picot, A.; Bortenlaenger, C.; Roehrl H.: The Automation of Capital Markets. Journal of Computer-Mediated Communication, 1, 3, (1995) http://shum.cc.huji.ac.il/jcmc/vol1/issue3/picot.html (last accessed 8/1997)
[30] Zwass, V.: Electronic Commerce: Structures and Issues. International Journal of electronic Commerce; Volume 1, Number 1, Fall, (1996) http://www.cba.bgsu.edu/ijec/ (last accessed 8/1997)
[16 ] Pernul, G.; Röhm, A. W.: Neuer Markt - Neues Geld? Wirtschaftsinformatik 4/97; Verlag Vieweg; Wiesbaden; (1997) (in German) http://www.wi-inf.uni-essen.de/~ifs/publ_97.html (last accessed 8/1997) [17] Pernul, G.; Röhm, A. W.: Different Electronic Markets Technostructures. Fourth Research Symposium on Electronic Markets’98; (1998) [18] Pernul, G.; Röhm, A. W.: Modelling Secure and Fair Electronic Commerce. Proc. of Annual Computer Security Applications Conference; ACSAC’98; (1998) [19] Pfleeger, C. P.: Security in Computing. Second Edition; Prentice-Hall International; (1997) [20] Röhm, A. W., Gerhard, M.: A Secure electronic market for Anonymous Transferable Emission Permits. In: Proceedings of Thirty-First Hawaii International Conference on System Sciences HICSS-31; (1998) [21] Rivest, Ronald L.; Shamir, Adi; Adleman, Leonard: A Method for obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, vol. 21, no. 2, (1978) [22] Sarkar, M.B.; Butler, B.; and Steinfield, C.: Intermediaries and cybermediaries: a continuing role for mediating players in the electronic marketplace. Journal of ComputerMediated Communication, 1, 3, (1995) http://www.usc.edu/dept/annenberg/vol1/issue3/vol1no3.html (last accessed 8/1997) [23] MasterCard, VISA: Secure electronic Transaction (SET) Spezification. Book 1: Business Description.; (1996)
10
