WWW Fall 94 Commercial Transaction papers

The list of company names in the Commercial Transactions on the WWW looked looked like it had been created with something like

echo {Cyber,Digi,Net}{Cash,Bill}

Only a couple of the six posibilities are left unused. I'd suggest registering these net domains as quickly as possible.

Here's how these things are going to work:

The banking industry has, for some five hundred years, given us a model for financial transactions where the parties don't have to lug bags of gold around with them, e.g., checks. So this is the model to keep in mind.
The modern banking industry has been using computers for fewer years, but has been no less successful in solving the problems of security, accuracy, and so forth. All Internet ``banks'' will actually act as middlemen between internet users and existing electronic banking systems.

Having said this, there are actually a number of different twists on the general idea.

The most real of the systems is David Chaum's DigiCash, which was officially unleashed on the world at the conference (see my discussion of it in the vendors section). This company has been doing things like electronic smart cards, electronic toll systems where the car needn't slow down, and other such serious applications.

DigiCash's Ecash system uses encryption technology to the extreme, allowing for anonymous cash transactions. Generally, you ``check out'' cash from a bank, keep it for as long as necessary, and then give it to a supplier, who returns it to the bank in exchange for real money. Their scheme employs some terribly clever crypotographic techniques that allow the bank to identify its money, but doesn't allow it to identify who checked it out. Even more cleverly, if the money is duplicated (``counterfeited''), this anonymity is lost and the bank can catch the counterfeiter.

The bottom line is this: these guys have their act together now, and it's a good act.

At the other end of the spectrum is First Virtual, which was presented by a very enthusiastic Nathaniel Borenstein. Completely unlike DigiCash, it does not rely on elaborate cryptographic schemes, and does not have bulletproof security.

Instead, they wish to address only the problem of selling information, which, they assert, is fundamentally different from other goods because to evaluate its quality, you must get a copy of it. Once you have a copy of it, however, you have it for all intents and purposes, so there's this problem of irreversibility.

They address this problem by simply not worrying about it: information manufacturers really don't loose anything directly if their information is copied.

They use an email scheme for authentication. When you request to buy something, the producer sends your request to First Virtual, who then emails you a confirmation. If you accept the charge, you return the confirmation (with a randomly-generated number, so confirmations would be difficult to spoof, but not impossible), and the money is transfered. If you turn down too many requests, First Virtual gets suspicious and cancels your account. If you receive too many confirmations for things you didn't request, First Virtual gets suspicious and looks at the supplier generating those requests.

They admit there are many little security holes, but point out that there are still far fewer than those in the existing credit card schemes.

Somewhere in the middle of this is CyberCash, another fairly heavyweight system which was promised to us by next year.