[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(Fwd) Internet electronic checking



This was forwarded to me by a friend in the UK.  I don't know whether this guy
knows about digital cash.  I will forward Mr. Mullally the DigiCash
announcement, and ask him onto the list.

It's not anonymous, but uses crypto.  It's good to see more attention being
paid to commerce mechanisms on the net.

-Russell


--- Forwarded mail from [email protected]

--------------------------------- cut here -----------------------------

Path: capital.demon.co.uk!demon!uknet!EU.net!howland.reston.ans.net!
news.cac.psu.edu!news.pop.psu.edu!psuvax1!news.cc.swarthmore.edu!
netnews.upenn.edu!msuinfo!news
From: [email protected] (Sean Mullally)
Newsgroups: alt.cyberspace
Subject: Internet electronic checking
Date: 25 May 1994 00:28:11 GMT
Organization: msu
Lines: 101
Message-ID: <[email protected]>
Reply-To: [email protected]
NNTP-Posting-Host: via-annex4-6.cl.msu.edu
X-Newsreader: WinVN 0.90.4

                             *  Net Check FAQ  *

-----------------------------------------------------------------------------
                                a concept by
                  Sean Mullally ([email protected])
           Telecommunications student, Michigan State University
-----------------------------------------------------------------------------
What is a net check?
        Simply put, net checking is to standard paper bank checks what email
        is to the postal service. It is a way for internet users to perform
        person-to-person electronic monetary transactions. The closest thing
        to it today is to give a credit card number on which the amount of the
        transaction is charged. This has two obvious disadvantages. First, the
        payer must trust the recepiant not to overcharge the account. Second,
        the recepiant must be set up to accept credit cards. This rules out the

        average user. Net checks are a more secure, more practical protocal
        for person-to-person transactions.


Is this going to mean I have to pay for my Internet use?
        No, this will allow you to send money instantly to any fellow internet
        user for whatever reason you or he want.

How does it work?
        It is fundementaly the same as writing a paper check.  You send a net
        check to your recepiant via internet email. The recepiant then "cashes
        the check" by forwarding it via email to his financial institution,
        with instructions on where to put the money.  The recipiant's bank then

        transfers the funds from the payer's account at his bank.

What good is it?
        A net check provides a way for users of the internet to engage in
        person-to-person monetary transactions with out the hassle of (not to
        mention the time requirements of) "snail-mailing" paper checks.

No really, technically, how does it work?
        OK, heres the details.  Every time you send a net check, you send a
        copy to your recipiant and a copy to your bank. Both copies are
        encrypted with public key encription to make sure only the right
        people recieve them. They also have digital signatures, so both the
        bank and your recipiant are sure you are indeed the sender. Upon
        reciept, the recipiant (or his daemon) submits  the check to his
        bank via email to be cashed. If the payer and recideant have the
        same bank, the  money is transfered then, if not, the banks use the
        existing mechanism used today to transfer the funds for standard
        checks.  A net check is basicly a text email message with 5 parts
        which  is then encrypted with a public key method and given a digital
        signature. The 5 parts are as follows:

1.  SENDERS ID
       The senders full legal name, email address, and possibly his account
 number at his
       bank
2. RECEPIANTS ID
       The senders full legal name and email address.
3. $ AMOUNT OF CHECK
       (This should be obvious)
4. SEQUENCE NUMBER OF CHECK
       Same as standard checks. 101,102,103,104...ect
       Each net check has a unique sequential number, and each number has one
       corrosponding check.
5. SECURITY ARGUMENT.
       This is what makes the system work.  The security argument is a very
 large random
       number. Upon recieving their copy of your check, the bank uses this
 number to
       varify the authenticity of  checks trying to be cashed.

It would look something like this:
-------------------------------------------------------
From: [email protected] (Tomas Smith)   143-3234-52214-3
Seq: 104
To: [email protected] (Fred Jones)
Amount: US$75.00
Sec-arg:1243865710710298749127849123874921048721097421
-------------------------------------------------------

Is this system secure?
   If impleminted properly, this system should be secure. Lets consider
   various attempts at fraud. Someone you never wrote a check to tries to
   make up a check from you and cash it. This one is easy, if he uses a
   sequental number you have already used the check is rejected. If he uses a
   sequential number you have used on a check that is outstanding, the bank
   has a copy of the check and will not pay out to anyone put who it is written

   to, for the amount it is written. He cannot use a sequential number  that
   you have not reached, since the bank must recieve a copy of the check from
   you for it to be accepted. Also he cannot forge a check copy to your bank
   in your name, thanks to the digital signature technology that will be used
   with all copies of the check. Thus the system is as secure as the digital
   signature algorithim that is used. The intended recipiant cannot recieve
   more than intended since you have authorized the bank only to pay out X
   amount to this person. And since the bank will honor one and only one check
   with a given sequential number, the recipiant cannot submit multiple copies.

   Like many any secure system, it's weakest point it the human interface.
   Assuming good public key encryption and digital signature schemes, this
   system could be make nearly fraud proof.

   Anything else?

   Yea, if you have any ideas or suggestions email me and let me know. I'm
   trying to get some discussion going on what would be a good format for this.



--------------------------------- cut here -----------------------------



--- End of forwarded mail from [email protected]

--
Russell Earl Whitaker			    [email protected]
Silicon Graphics Inc.
Technical Assistance Center / Centre D'Assistance Technique /
  Tekunikaru Ashisutansu Sentaa
Mountain View CA     			    (415) 390-2250
================================================================
#include <std_disclaimer.h>