The "Internet" is a worldwide network of computer networks. Although precise figures are difficult or impossible to obtain, best estimates at the time of writing are that there are more than 30 million users linked to the network via some 6 to 7 million host computers. Numbers are said to be growing at 15% per month.[1]
The "World Wide Web" has opened the Internet to use by ordinary computer users. The Web provides graphics, sound, animation and hypertext which allows even the inexperienced user to "navigate" the Internet. Establishing "pages" of information on the net using the Web is inexpensive and provides an opportunity to reach millions of users.
The commercial potential of the Web is obvious. Products may be attractively presented at small cost. Information products may be delivered via the Internet so that music, pictures, software and text may be provided directly to users at a delivery cost which is a fraction of any other method. Customers are not limited to any geographical area.[2]
In order to realise the full commercial potential of the Internet, it must be possible to make secure payments via the Internet itself. A useful Internet payment system must satisfy several criteria:
If we think for a moment about the characteristics of a cheque which have made it a useful payment mechanism the problem will become clearer. In one sense, the cheque is a message sent from the drawer to the drawee and then on to the drawee bank. The physical characteristics of paper guarantee that the message has not been altered. The signature of the drawer guarantees that the message is authentic.[4]
The problem for an Internet payment system is to devise an electronic message form that shares these characteristics. Surprisingly, it can be done. The solution requires a short digression into the world of spies, lovers and coded messages.
One of the world's oldest and simplest coding systems can be used to illustrate the problems and potential of cryptography. The Caesar Cipher operates with the usual alphabet and a "shift" of the alphabet.[5] So, using a shift of 3, we can use the following "pad" to encode messages.
ABCDEFGHIJKLMNOPQRSTUVWXYZNote that the alphabet contains a "blank". Now suppose that Brandon wishes to send Cynthia a message in code. The message is "I LOVE YOU". Brandon sends "LCORYHCARX". Cynthia, who knows the "key" can decode the message. They live happily ever after.
CDEFGHIJKLMNOPQRSTUVWXYZ AB
Here is the lesson. There is a process which is used to encode and a process which is used to decode. If both parties know the process being used and both know the key, in this case the offset of the alphabet, then coding and decoding are mechanical tasks.
Notice several other characteristics of the process. Cynthia can be fairly certain that the message has come from Brandon since only he knows the key. Furthermore, any attempt to meddle with the message will be immediately apparent since the decoded message will be faulty.
The system breaks down in two ways. First is that the code is too easy to break.[6] Albert breaks the code, intercepts and changes the message to "LCORDWKCARX"[7]. Brandon is rejected, Albert steps in and true love is thwarted.
The second problem with the Caesar Cipher is that both parties must know the key. How are we to distribute keys securely? Since they cannot be sent by the message network, they must be sent by trusted messenger. Brandon sends his trusted messenger, Albert, with the key, leading to the same unfortunate results as above.
The first problem with the Caesar Cipher is relatively easy to deal with. Sophisticated coding methods are available which are secure even from the most determined code-breaker. These coding methods may be embedded in chips which can then be placed in ATMs or in other machinery to provide secure transmission of messages.[8]
The solution to the key distribution problem is more interesting and rests on a remarkably clever idea: might it not be possible to use one key for encoding and an entirely different key for decoding? The surprising answer is "yes" and the resulting methods are known as Public Key Cryptography.[9]
In Public Key Cryptography each person has two keys, a public and a secret key. The public key is actually published in a directory. The encoding and decoding processes have the following remarkable characteristics: a message encoded with a person's private key can only be decoded with the same person's public key; and a message encoded using a person's public key can only be decoded with the person's private key. Encoding with the secret key is often called a "digital signature" since it uniquely identifies the sender.
Public Key Cryptography allows for tamper-proof authenticated messages to be sent. In the above example, Brandon encodes the message with his secret key. Cynthia decodes the message using the only means available for decoding, Brandon's public key: see Figure 1. The message cannot have been altered since it would then be unintelligible. Further, it can only have come from Brandon since it was decoded with his public key. True love triumphs!
The simplest form of providing for Internet payments takes us back to an earlier time in banking, when banks issued bank notes for general circulation. In the Internet literature, these methods are usually referred to as "digital coins" or "virtual coins". The reference to "coins" rather than notes emphasises the fact that payments may be for very small amounts.
A "digital coin" is a message issued by a bank and encrypted with its private key.[10] The message will contain the following information: the serial number of the coin, the identity of the bank and its Internet address, the amount of the coin, and an expiry date. Because the "coin" is encoded with the bank's secret key it may only be read by using the bank's public key. It cannot be altered without destroying it. The bank keeps a record of the serial number of the "coin".
When a customer wishes to be issued with "coins" he or she sends a request to the bank. The request must be encoded with the customer's secret key. The bank may then decode the message with the customer's public key and have confidence that the request is what it appears to be and that it originated with the customer.
The "coins" are "issued" to a particular customer by encoding the coin with the customer's public key. This message is then sent to the customer who decodes it using his or her private key. Even if the message is intercepted it would be worthless since only the customer to whom the "coins" are issued can read the message. The "coins" thus received are stored on the customer's private system.
A customer who wishes to purchase something on the Internet may send the "coin" to the merchant. The "coin" should be encrypted with the merchant's public key to prevent interception. The merchant decodes using his or her private key and then does two things with the received message: first, the message is decoded using the bank's public key to verify that it is a "coin" for the appropriate amount of the payment. Secondly, the merchant must ascertain that the "coin" has not already been spent. This is done by asking the bank to verify that the serial number of the coin is still current.
Assuming that the "coin" is valid, the simplest scenario is that the bank credits the merchant's account and then cancels the serial number so that the "coin" may not be spent again. Alternatively, the bank cancels the serial number and issues a new "coin" to the merchant that is identical in all respects save the serial number.
The same techniques can be used to provide for electronic cheques and bills of exchange. The "cheque" is a message which contains all of the ordinary information appearing on a paper cheque and which is then "signed digitally", that is, it is encoded by encrypting with the "drawer's" secret key. It is then sent to the "payee". The "payee" may further "indorse" the instrument by encoding the already encoded message with his or her private key. A complete "chain" of signatures may be built up so that none of the "indorsers" may deny that it is their indorsement. For the usual reasons, any alteration is apparent.
When the instrument is paid by the "drawee" it is so marked and the resulting message is encoded with the bank's secret key thus providing proof of payment. In order to avoid duplication, each "cheque" must have a unique serial number.
The schemes described here allow for a complete record of payment to be maintained. In that sense they are not like "cash". In the next article in the series I will discuss schemes which permit anonymous transactions. These may be implemented so that the issuing institution cannot maintain information about the purchases of its customers. Extended versions would allow anonymous transactions between customers and merchants and between customer and customer.
Electronic cash, like real bank notes, represent a liability of the issuing institution on which no interest is paid. To the extent that these methods of payment replace cash they detract from the governmental income ("seigniorage") derived from the issue of legal tender. In this regard, the various Internet payment schemes raise issues similar to those raised by stored value cards and discussed in "Smart Cards", (1995) 6 JBFLP XXX.
To be continued.
Please send inquiries & questions to alan@austlii.edu.au.
Copyright © 1997 Alan L Tyree
Last modified: Sun Mar 30 16:59:14 EST 2003