This was forwarded to me by a friend in the UK. I don't know whether this guy knows about digital cash. I will forward Mr. Mullally the DigiCash announcement, and ask him onto the list. It's not anonymous, but uses crypto. It's good to see more attention being paid to commerce mechanisms on the net. -Russell --- Forwarded mail from igeldard@capital.demon.co.uk --------------------------------- cut here ----------------------------- Path: capital.demon.co.uk!demon!uknet!EU.net!howland.reston.ans.net! news.cac.psu.edu!news.pop.psu.edu!psuvax1!news.cc.swarthmore.edu! netnews.upenn.edu!msuinfo!news From: mullally@studentm.msu.edu (Sean Mullally) Newsgroups: alt.cyberspace Subject: Internet electronic checking Date: 25 May 1994 00:28:11 GMT Organization: msu Lines: 101 Message-ID: <2ru62r$n7q@msuinfo.cl.msu.edu> Reply-To: mullally@studentm.msu.edu NNTP-Posting-Host: via-annex4-6.cl.msu.edu X-Newsreader: WinVN 0.90.4 * Net Check FAQ * ----------------------------------------------------------------------------- a concept by Sean Mullally (mullally@studentm.msu.edu) Telecommunications student, Michigan State University ----------------------------------------------------------------------------- What is a net check? Simply put, net checking is to standard paper bank checks what email is to the postal service. It is a way for internet users to perform person-to-person electronic monetary transactions. The closest thing to it today is to give a credit card number on which the amount of the transaction is charged. This has two obvious disadvantages. First, the payer must trust the recepiant not to overcharge the account. Second, the recepiant must be set up to accept credit cards. This rules out the average user. Net checks are a more secure, more practical protocal for person-to-person transactions. Is this going to mean I have to pay for my Internet use? No, this will allow you to send money instantly to any fellow internet user for whatever reason you or he want. How does it work? It is fundementaly the same as writing a paper check. You send a net check to your recepiant via internet email. The recepiant then "cashes the check" by forwarding it via email to his financial institution, with instructions on where to put the money. The recipiant's bank then transfers the funds from the payer's account at his bank. What good is it? A net check provides a way for users of the internet to engage in person-to-person monetary transactions with out the hassle of (not to mention the time requirements of) "snail-mailing" paper checks. No really, technically, how does it work? OK, heres the details. Every time you send a net check, you send a copy to your recipiant and a copy to your bank. Both copies are encrypted with public key encription to make sure only the right people recieve them. They also have digital signatures, so both the bank and your recipiant are sure you are indeed the sender. Upon reciept, the recipiant (or his daemon) submits the check to his bank via email to be cashed. If the payer and recideant have the same bank, the money is transfered then, if not, the banks use the existing mechanism used today to transfer the funds for standard checks. A net check is basicly a text email message with 5 parts which is then encrypted with a public key method and given a digital signature. The 5 parts are as follows: 1. SENDERS ID The senders full legal name, email address, and possibly his account number at his bank 2. RECEPIANTS ID The senders full legal name and email address. 3. $ AMOUNT OF CHECK (This should be obvious) 4. SEQUENCE NUMBER OF CHECK Same as standard checks. 101,102,103,104...ect Each net check has a unique sequential number, and each number has one corrosponding check. 5. SECURITY ARGUMENT. This is what makes the system work. The security argument is a very large random number. Upon recieving their copy of your check, the bank uses this number to varify the authenticity of checks trying to be cashed. It would look something like this: ------------------------------------------------------- From: smith@puter.org (Tomas Smith) 143-3234-52214-3 Seq: 104 To: jones@hayes.com (Fred Jones) Amount: US$75.00 Sec-arg:1243865710710298749127849123874921048721097421 ------------------------------------------------------- Is this system secure? If impleminted properly, this system should be secure. Lets consider various attempts at fraud. Someone you never wrote a check to tries to make up a check from you and cash it. This one is easy, if he uses a sequental number you have already used the check is rejected. If he uses a sequential number you have used on a check that is outstanding, the bank has a copy of the check and will not pay out to anyone put who it is written to, for the amount it is written. He cannot use a sequential number that you have not reached, since the bank must recieve a copy of the check from you for it to be accepted. Also he cannot forge a check copy to your bank in your name, thanks to the digital signature technology that will be used with all copies of the check. Thus the system is as secure as the digital signature algorithim that is used. The intended recipiant cannot recieve more than intended since you have authorized the bank only to pay out X amount to this person. And since the bank will honor one and only one check with a given sequential number, the recipiant cannot submit multiple copies. Like many any secure system, it's weakest point it the human interface. Assuming good public key encryption and digital signature schemes, this system could be make nearly fraud proof. Anything else? Yea, if you have any ideas or suggestions email me and let me know. I'm trying to get some discussion going on what would be a good format for this. --------------------------------- cut here ----------------------------- --- End of forwarded mail from igeldard@capital.demon.co.uk -- Russell Earl Whitaker whitaker@csd.sgi.com Silicon Graphics Inc. Technical Assistance Center / Centre D'Assistance Technique / Tekunikaru Ashisutansu Sentaa Mountain View CA (415) 390-2250 ================================================================ #include <std_disclaimer.h>