[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(Fwd) Internet electronic checking
This was forwarded to me by a friend in the UK. I don't know whether this guy
knows about digital cash. I will forward Mr. Mullally the DigiCash
announcement, and ask him onto the list.
It's not anonymous, but uses crypto. It's good to see more attention being
paid to commerce mechanisms on the net.
-Russell
--- Forwarded mail from [email protected]
--------------------------------- cut here -----------------------------
Path: capital.demon.co.uk!demon!uknet!EU.net!howland.reston.ans.net!
news.cac.psu.edu!news.pop.psu.edu!psuvax1!news.cc.swarthmore.edu!
netnews.upenn.edu!msuinfo!news
From: [email protected] (Sean Mullally)
Newsgroups: alt.cyberspace
Subject: Internet electronic checking
Date: 25 May 1994 00:28:11 GMT
Organization: msu
Lines: 101
Message-ID: <[email protected]>
Reply-To: [email protected]
NNTP-Posting-Host: via-annex4-6.cl.msu.edu
X-Newsreader: WinVN 0.90.4
* Net Check FAQ *
-----------------------------------------------------------------------------
a concept by
Sean Mullally ([email protected])
Telecommunications student, Michigan State University
-----------------------------------------------------------------------------
What is a net check?
Simply put, net checking is to standard paper bank checks what email
is to the postal service. It is a way for internet users to perform
person-to-person electronic monetary transactions. The closest thing
to it today is to give a credit card number on which the amount of the
transaction is charged. This has two obvious disadvantages. First, the
payer must trust the recepiant not to overcharge the account. Second,
the recepiant must be set up to accept credit cards. This rules out the
average user. Net checks are a more secure, more practical protocal
for person-to-person transactions.
Is this going to mean I have to pay for my Internet use?
No, this will allow you to send money instantly to any fellow internet
user for whatever reason you or he want.
How does it work?
It is fundementaly the same as writing a paper check. You send a net
check to your recepiant via internet email. The recepiant then "cashes
the check" by forwarding it via email to his financial institution,
with instructions on where to put the money. The recipiant's bank then
transfers the funds from the payer's account at his bank.
What good is it?
A net check provides a way for users of the internet to engage in
person-to-person monetary transactions with out the hassle of (not to
mention the time requirements of) "snail-mailing" paper checks.
No really, technically, how does it work?
OK, heres the details. Every time you send a net check, you send a
copy to your recipiant and a copy to your bank. Both copies are
encrypted with public key encription to make sure only the right
people recieve them. They also have digital signatures, so both the
bank and your recipiant are sure you are indeed the sender. Upon
reciept, the recipiant (or his daemon) submits the check to his
bank via email to be cashed. If the payer and recideant have the
same bank, the money is transfered then, if not, the banks use the
existing mechanism used today to transfer the funds for standard
checks. A net check is basicly a text email message with 5 parts
which is then encrypted with a public key method and given a digital
signature. The 5 parts are as follows:
1. SENDERS ID
The senders full legal name, email address, and possibly his account
number at his
bank
2. RECEPIANTS ID
The senders full legal name and email address.
3. $ AMOUNT OF CHECK
(This should be obvious)
4. SEQUENCE NUMBER OF CHECK
Same as standard checks. 101,102,103,104...ect
Each net check has a unique sequential number, and each number has one
corrosponding check.
5. SECURITY ARGUMENT.
This is what makes the system work. The security argument is a very
large random
number. Upon recieving their copy of your check, the bank uses this
number to
varify the authenticity of checks trying to be cashed.
It would look something like this:
-------------------------------------------------------
From: [email protected] (Tomas Smith) 143-3234-52214-3
Seq: 104
To: [email protected] (Fred Jones)
Amount: US$75.00
Sec-arg:1243865710710298749127849123874921048721097421
-------------------------------------------------------
Is this system secure?
If impleminted properly, this system should be secure. Lets consider
various attempts at fraud. Someone you never wrote a check to tries to
make up a check from you and cash it. This one is easy, if he uses a
sequental number you have already used the check is rejected. If he uses a
sequential number you have used on a check that is outstanding, the bank
has a copy of the check and will not pay out to anyone put who it is written
to, for the amount it is written. He cannot use a sequential number that
you have not reached, since the bank must recieve a copy of the check from
you for it to be accepted. Also he cannot forge a check copy to your bank
in your name, thanks to the digital signature technology that will be used
with all copies of the check. Thus the system is as secure as the digital
signature algorithim that is used. The intended recipiant cannot recieve
more than intended since you have authorized the bank only to pay out X
amount to this person. And since the bank will honor one and only one check
with a given sequential number, the recipiant cannot submit multiple copies.
Like many any secure system, it's weakest point it the human interface.
Assuming good public key encryption and digital signature schemes, this
system could be make nearly fraud proof.
Anything else?
Yea, if you have any ideas or suggestions email me and let me know. I'm
trying to get some discussion going on what would be a good format for this.
--------------------------------- cut here -----------------------------
--- End of forwarded mail from [email protected]
--
Russell Earl Whitaker [email protected]
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
Tekunikaru Ashisutansu Sentaa
Mountain View CA (415) 390-2250
================================================================
#include <std_disclaimer.h>