资源目录
压缩包内文档预览:
编号:512708
类型:共享资源
大小:669.82KB
格式:ZIP
上传时间:2015-11-11
上传人:QQ28****1120
认证信息
个人认证
孙**(实名认证)
辽宁
IP属地:辽宁
6
积分
- 关 键 词:
-
毕业设计
- 资源描述:
-
IC卡食堂售饭机的开发,毕业设计
- 内容简介:
-
Computer Law & Security Report Vol. 18 no. 4 2002ISSN 0267 3649/02/$22.00 2002 Elsevier Science Ltd. All rights reserved235Electronic Payments the Smart CardThis article in three parts examines the legal issues raised by the development of the smart card. It explorescontractual, liability and intellectual property rights issues and assesses whether a suitable legal frameworkexists in which smart card use can flourish and grow.ELECTRONIC PAYMENTS THE SMART CARDSMART CARDS, E-PAYMENTS, & LAW PART IDr Simon Newman and Gavin Sutter, Queen Mary College, University of LondonA. INTRODUCTION TO SMART CARDS ANDELECTRONIC PAYMENTS SYSTEMSA smart card is simply a plastic rectangle containing an elec-tronic chip, and holding a certain amount of readable data.One common consumer use in the UK is in digital television,where they are used as security devices to unscramble theincoming digital television signal. They are also now com-monly used in GSM standard digital mobile phones asSubscriber Identity Module (SIM) cards. However,most atten-tion focuses on their potential as an independently carried,easily portable, means of both identification and electronicpayment - for example as an “e-purse” holding electroniccoins for low-value transactions, either held solely on thecard,1or linked to a central database. Smart card technologyis not new, but at least until very recently it has largely failedto achieve widespread use within the countries of theEuropean Union. This is now beginning to change as smartcards become increasingly ubiquitous, although as yet theirprofile remains low amongst the general public - many peo-ple may carry around one or more smart-chipped credit cardsin their wallet or purse without being aware that it holdsmore than the usual magnetic strip.Previous European smart cards development centred onmultiple national systems,2all non-compatible, which havenever achieved good customer take-up. Even where a largenumber of cards have been circulated, as with Proton inBelgium, the frequency of use has remained discouraginglylow. The European Commissions eEurope Smart CardCharter, after a shaky start in 2000, is trying to rectify this bymoving from its originally technology-oriented stance towardsa much more customer-centred approach. Previously itfocused on technological development of competing systems,with interoperability a distant goal. This has changed. A new“user-centric” approach to all aspects of smart cards is intend-ed to help enfranchise the citizen and give him/her fulleraccess to the Information Society which is developing in allaspects of daily life, including government and local authorityapplications.3It acknowledges in particular the need for easy“anytime anywhere”access, in order to achieve the mass take-up of smart cards that is currently lacking.It seems that the principal customers pushing develop-ment in this instance are not individual consumers, nor eventhe banking corporations, but the European Unions nationaltransport networks. Transport has proven to have a key roleto play in this area as it has the mass cross-cultural user com-munity and relatively simple, extremely high-volume applica-tions4that are needed to make smart cards part of everyonesdaily life. Particularly prominent in this field is Transport forLondon.5Inspired by the success of the Octopussmart cardin the Hong Kong transit system, their Prestige Project hasdeveloped a smart card system for easy automated ticketing.This is a contactless card, initially intended as a season tick-et, with an expiry date recorded in the card, allowing anunlimited number of journeys up to that date. Contactlesssmart card readers have already as of September 2001 beeninstalled at some London Underground stations, and the sys-tem is likely to be in general use by the end of 2002. An e-purse facility card is intended to be added shortly thereafter,with no time limit, but with prepaid electronic tokensdeducted from the card on each journey,that can be refilledwith tokens through occasional payment at an electronicticketing machine. Inter-operability with other national andEuropean transport networks is a high priority - ultimatelyallowing the same card to be used on rail,bus and other masstransport systems from London to Madrid to Helsinki andbeyond.As with all network systems, from mobile phones to theInternet, smart card applications must be interoperable withcommon standards in order to benefit exponentially fromwider use throughout the EU and beyond. It is therefore crit-ical both that suitable technological standards are reached,and that a suitable legal framework exists in which smart carduse can flourish and grow.One question raised by the multi-functional nature ofsmartcards is one of ownership: standard, single use mag-netic strip cards are commonly understood to be issued by,for instance,a bank,to be used by the customer but remain-ing the property of the issuer. Multi-functional cards mayhave several different applications from several differentsources loaded on them banking details,credit card,healthCLSR1804.qxd 7/3/02 2:54 PM Page 235nts236Electronic Payments the Smart Cardrecords so who owns the card? Is there a single cardowner, or will each interested party be said to own onlytheir own application stored on the card? A related questionasks who is permitted to issue an “electronic purse” smartcard.Will this be limited to banks? Will personal data cardsbe issued solely by government? Especially in countriessuch as, for instance, Germany or France where a govern-ment-issued ID card is a necessity, could the government insuch a state issue its own smart cards for ID purposes whichthe user would then add other applications such as paymentfacilities to? Government owned cards would raise the fur-ther issue of citizens rights to access government informa-tion as relating to themselves.Alternatively, will it be legally,as it is technically,possible for a company simply to produceand sell empty smartcards which the user can then add his own details to? Or must the issuer be a licensed person,real or legal? A further important issue requiring analysis is whetherthe user of a card will be permitted to add and remove appli-cations from the smartcard at will, or whether it will carryfixed applications as installed by the relevant companies withwhich the user may not tamper. The voluntary nature of suchsystems must be emphasized - the multi-application “smartwallet” may contain software from numerous different organ-isations,but its contents must be under the users control,justlike a physical wallet. If it is to be commercially successful itmust be seen as both safe and convenient for the end user.This is likely to require easy notification procedures in case ofloss or theft, with the card and its contents being made quickand easy to replace.The contractual issues involved require consideration. Forinstance, the contractual relationship between issuer anduser will remain substantially similar as for the issue of a stan-dard magnetic strip single use card. However, a multi-func-tional card raises a number of other relationships such as thatbetween card issuer and application provider, or betweenone application and another.An area of great significance is liability. Liability for loss,damage, fraudulent usage, etc of a standard magnetic strippayment card (credit, debit, etc) is subject to a clear con-tract between the issuer and the user. However, when amulti-functional smart card is involved, the issues becomemuch more complex. For example, in the case of loss ortheft, who bears the responsibility if not the user? Is there asingle application which will be responsible for ensuringadequate security for the cards general functions, for exam-ple, prevention of fraudulent use of the card in payment, orof a digital signature encoded into it in order to identify therightful user? Security, fraud prevention, and so on will alsoarise as issues of consumer protection provisions. Theapplication of data protection requirements will be of greatsignificance in ensuring adequate consumer protectionstrategies are in place.This is likely to entail the use of somemethod of encryption,raising further issues as to availabilityof decryption information.Lastly,intellectual property rights (IPR) in the smartcardtechnology will be analyzed in the study. How will the pro-tection of such rights be achieved will it be primarily bypatents, rather than copyright? How are those commercialinterests involved in the production of smartcards current-ly protecting their interests in the technology?1.The Development of Smart CardsRapid growth in electronic business has led to the develop-ment of payment systems tailored to meet the needs of onlinepurchasing.Although credit cards have proved the most pop-ular method for online payments so far, they may not be themost appropriate method in all transactions. For example,they may prove too costly for the purchase of low valuegoods and services, and are not suitable for making paymentsto consumers.The increased interest in auction schemes suchas eBay6leads to an increasing need for systems which allowfor the transfer of value between consumers, rather than onlybetween consumers and businesses. The perceived securityrisks of sending credit card details online have also proved abarrier to their use, leading to an interest in developing moresecure alternatives.A vast array of electronic payment systems have been(and are being) developed around the world.These are eithersmartcard systems, where the value is stored on a chip on amultipurpose card, or software systems where the value isstored as electronic tokens in the memory of the computer.However,although some of these systems have been availableto the consumer for several years none has become universal-ly accepted. Furthermore, because the various systems andtechnologies are not interoperable, consumers and mer-chants are forced to choose which or how many of the sys-tems to use. Many online buyers and sellers have thereforeelected to use the traditional credit card due to its greater uni-versal acceptance.Many systems have been developed in trial form but havenot immediately been followed up by commercial exploita-tion, and others have been changing and modifying their ser-vices to meet the needs of the market. It seems therefore thatthe market is still in a state of flux and that commercial barri-ers are hindering the adoption of these new systems.Varioussteps have been taken towards remedying the lack of interop-erability such as the development of a standard protocolwhich may overcome the commercial difficulties.As far as thelegal issues are concerned these have to a degree been over-shadowed by the commercial problems although in theEuropean Union the creation of a regulatory framework forelectronic money issuers is underway. However, other issuessuch as the contractual relationship between the issuer andthe consumer have not been addressed.2. Electronic Payment Systems: Software(a) Credit and Debit CardsCredit and debit cards may be grouped together as examplesof debt transference systems.The use of either in making pay-ments associated with online purchase is broadly similar tothe other main methods of carrying out distance card pur-chases by mail, fax or by telephone in that the actual carditself and the signature thereon are not handled or seen by thepayee, but the details (number and expiry date) are transmit-ted over the internet, either via a website or by email. Curr-ently such incorporation of traditional credit card systemsinto electronic commerce remains the most popular methodof payment over the internet, presumably at least in part be-cause its use does not require investment of time and moneyinto acquiring and becoming familiar with new systems.CLSR1804.qxd 7/3/02 2:54 PM Page 236nts237Electronic Payments the Smart CardAlso, there is a perceived comfort factor in the securityoffered by an established brand such as Visa.There still exists,however,some degree of concern among consumers generallyabout the security of making such transactions.While the riskof interception of credit card information by a third party, or arecord of it being made by an unscrupulous sales assistant,andsubsequent fraudulent usage does little to deter most frommaking such purchases by telephone or in person, fearsabound that this will happen if they do so over the internet.Governments have a clear interest in such issues,as wider con-sumer spending in internet sales will serve to bolster the newdigital economy.Technological methods may give consumersthe confidence to take advantage of what the new market-place has to offer.They may also help to prevent credit cardfraud, thus contributing to reduction of such crimes, anotherattractive feature for governments.(b) Secure Socket Layer (SSL) ProtocolThe SSL protocol creates a secure channel for the transmis-sion of encrypted payment card details between retailer andconsumer and is in wide usage across the internet, incorpo-rated into many different software systems. Patented byNetscape and submitted to the World Wide Web Consortium(W3C) early in 1998 as a standard, it has now become thenorm for secure communication of payment card informationover the internet. In operation, SSL utilizes a mix of publicand private key encryption. Private key encryption involvesthe use of one single key an algorithmic code whichallows a message to be encrypted. Once encrypted, the mes-sage can only be reopened with the key.Access to a messagecan thus be controlled by controlling distribution of the key.The public key technique is broadly similar, however, there isa separate, public key which is given to B to either decodemessages which have been encrypted using As private key orto encrypt a message to send to A which can then only beopened with the private key. It is a version of this systemwhich online retailers generally use.The public key is madefreely available to the consumer via the website: the paymentdetails are automatically encrypted using the public keybefore being sent to the retailer, who is the only party able todecrypt the message, by means of the private key.This helps to minimize the risk of interception and subse-quent fraudulent usage by third parties, thus encouragingconsumer confidence in making transactions this way. It doesnot, however, do anything to address the problem of thepotential for fraud on the part of either the consumer or theretailer. For instance, the retailer has no way of knowingwhether the person he is dealing with is the legitimate card-holder or a thief who has stolen the card, or even someonewho has fraudulently acquired the necessary credit cardinformation (online transactions do not require the actualpossession of the card itself, or the holders signature.All thatis needed is the entry into the order form of the card numberand expiry date.) Equally, where the retailer is a brand whichthe consumer has never seen before, SSL offers no guaranteethat the company really exists and is not, for example, merelya front designed to illicitly acquire the consumers credit cardinformation. Nor can it do anything to stop unscrupulousretailers or employees of retailers from recording the infor-mation once decrypted and fraudulently using it. This maywell dissuade smaller scale retailers who either cannot affordthe risk of having to absorb loss due to such fraud, or find itdifficult to establish an online market due to consumer reluc-tance to trust an unestablished or unfamiliar brand.(c) Secure Electronic Transaction (SET) Standard By way of a response to the potential fraud problem with theSSL protocol, the SET standard was jointly developed byNetscape, Visa and MasterCard. SET standard provides bothidentification of parties to a transaction,and a means of estab-lishing the integrity of a communication. It operates on thebasis of a public/ private key encryption system.A transmis-sion encrypted by the consumer using the public key distrib-uted by the retailers bank can only be deciphered using thecorresponding private key.Thus only the bank can access theconsumers credit card details, which are passed on in anencrypted form by the retailer seeking payment.This methodeffectively prevents an unscrupulous retailer from acquiringand fraudulently using the consumers credit card details.The SET standard also guarantees by means of a digital sig-nature that the communication containing the consumerspayment authorization has originated with the cardholderand that it has not been intercepted and altered by any thirdparty while in the process of transmission.The SET standard,then,prevents fraudulent usage of cred-it card information, protecting the interests of retailers andbanks as well as those of the consumer.The security of trans-actions in the SET standard can also be improved by using itin tandem with an SSL channel. However, while there are sys-tems available which are compatible with the SET standard(e.g. CyberCashs CashRegister), it has yet to be used by com-mercial enterprises on the internet as it is not the most con-venient method of ensuring a secure transmission.This is dueto the fact that before an SET transaction may be made, notonly must both the retailer and the card holder be registeredwith SET,but also they must hold digital certificates,issued bya third party certification authority, which authenticate thecredit card holder and the retailer to whom payments will bemade.(d) Proprietary Online SystemsIn addition to SSL and SET, which may be used by retailerswith merchant accounts for the acceptance of credit cardpayments, there are also several systems under which pay-ments may be made through a third party intermediary.Thiscan involve payment by credit card without requirement ofactually forwarding the credit card information with everysingle transaction, the details being securely
- 温馨提示:
1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
2: 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
3.本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
人人文库网所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
川公网安备: 51019002004831号