Cheshire Henbury - Page Content No Longer Maintained

eBusiness and eWork Conference Web Pages

The content that you are looking for in no longer maintained and is kept here as archived material. When finished close window or move to eBusiness and eWork Conference home page:

www.cheshirehenbury.com/ebew

e2000 - Abstracts

Abstracts of Papers Published in the Conference Proceedings - Section 2: Legal, Regulatory, Security, Trust and Confidence

Section 2: Legal, Regulatory, Security, Trust and Confidence
The amalgam of Service Providers names: implication on Internet (liability) regulation?
K. Bodard
The Influence of the Legal Environment on Internet Security
I. Gil Pechuan, R.I. Navarro Varela, R.D. Franco
The Influence of the Legal Environment on Internet Security
M. Lehmann
Online Intermediary Liability Framework
M. Välimäki, P. Martikainen
Managing legal paperwork: an integration effort
R. Gagliardi, P. Fiorenzani, S. Montanari, G. Mazzini
FILIGRANE: an electronic copyright framework
P. Vannel, G. Tsobgni
Security for E-Commerce Applications
A. Königer
Facilitating Administrative Services for Mobile Europeans with Secure Multi-Application Smartcards
R. Riedl
Smart Cards Technologies for the Internet: Security and Interoperability Issues
D. Ankri
PKI case study: Bank of Sabadell
J. Buch
A New Standard For Security In E-Commerce
A. Elsaleh
Digital Signature for Administrative Simplification and for E-Commerce Development (Digisec Project)
A. Schena
Co-Ordination of Security Activities between Chambers of Commerce
N. Kyrloglou, D. Polemi, P. Forret, S. Grufferty, P. Landrock, J. Leerling, O. Mueller, S. Rytlig, D. Spinellis
Authenticating Web-Based Virtual Shops Using Verifiable Visual Seals
H. Yoshiura, T. Shigematsu, S. Susaki, T. Saito, H. Toyoshima, C. Kurita, S. Tezuka, R. Sasaki
A Security Chain for Trust and Confidence
L. Beslay
Nsafe.no: A Norwegian on-line business certification and quality label scheme for
e-commerce

A.B.S. Fosse
Business Models and Regulation in the Electronic Distribution of Music
M. Kretschmer, R. Wallis
Copyright Description Language for Distribution of Digital Contents
H. Hoshino, A.Yamada
Digital Rights Management and E-Commerce Applications
A. Torrubia, L.J. Martí, F.J. Mora
Digital Signatures for Web Content
C. Geuer-Pollmann, C. Ruland, P. Sklavos, M. Moula
A PKI Scenario for High-Security Communications: Re-issued Certificates
O. Cánovas, A.F. Gómez, G. Martínez
Mediating and Monitoring Electronic Commerce
T. de Bree, V. Furundarena

The amalgam of Service Providers names: implication on Internet (liability) regulation?
Katia BODARD
Vrije Universiteit Brussel, Faculty of Law,
Department for Development of Law, Comparative Law and European Law,
Centre for Interaction Law & Technology
Brussel, Belgium

A lot of uncertainty has been created by using different names to indicate persons or entities providing services on the Internet. This is complicated by the fact that those service providers combine different functions. The result is that different names can be used for one and the same function or one and the same name for different functions. Does this confusion have an impact on Internet regulation? Yes and no! Yes, in so far one has first to define clearly the function a provider has taken up in a specific case when conflicts arise. No, in so far Internet regulation like the EC-proposal on e-commerce and the DMCA are focusing on the function itself to establish liability rules.

 

Top of Page
The Influence of the Legal Environment on Internet Security
Ignacio GIL PECHUÁN(1), Rosa I. NAVARRO VARELA(2) and Rubén Darío FRANCO(3)
(1) Universidad Politécnica de Valencia, Dpto. Organización de Empresas , Spain
(2) Universidad Politécnica de Valencia, Dpto. Organización de Empresas, Spain
(3) Universidad Politécnica de Valencia, Dpto. Organización de Empresas, Spain

Security concerns are delaying the definitive takeoff of the electronic commerce. In this work, the influence of the legal environment in its evolution and development was analyzed. In order to achieve this, we studied the technical and legal aspects surrounding the emergence of electronic signature like the difficulty that presents the legal evidence on electronic transactions, its probatory effectiveness and its capacity to prevent information damage, among others. The international initiatives on Internet security are also revised especially the European Union Directive and the Spanish Royal Law-Decree on Electronic Signature. Finally, we select a subset of the Metric for the Information Society in Spain indicators, proposed by SEDISI, that let us to track the electronic commerce and security infrastructure evolution.

Top of Page
The Influence of the Legal Environment on Internet Security
Electronic Commerce and Consumer Protection in Europe
Michael LEHMANN
University and MPI Munich, Germany

On May 4, 2000 the European Parliament approved the Directive on Electronic Business in Europe which deals primarily with the possibility of advertising on the Internet, especially in the World Wide Web (www), with commercial communications, with the formation of a contract with a one click scheme, order and confirmation and with the new rules of liability, civil and criminal, for all net service providers. Hosting services e.g. are free of any responsibility if they react immediately upon given notice and take down from their server or block any entrance to the incriminated contents, e.g. pirated music. This paper explains the main objectives of this new European Directive and critizises it under the aspects of adequate consumer protection in Europe and the international standards of protection of industrial and intellectual property given by the Treaty on trade related aspects of property rights (TRIPs) of the world trade organization (WTO-Geneva).

Top of Page
Online Intermediary Liability Framework
Mikko VÄLIMÄKI and Petri MARTIKAINEN
Helsinki Institute for Information Technology, Finland

The article describes a conceptual framework, which can be used to detect and analyze online intermediary liabilities. The presentation is divided in three parts: (1) liability regarding the role of the transacting parties, (2) liability regarding the transaction itself and (3) liability regarding the application in use. The first part identifies various intermediaries and their roles. A starting point for analysis is the identification of weak points in the transaction chain. The second part of the issue is the object of the transaction. Examples include copyrighted or patented content and private customer data. The third part of the problem is based on the application. Basic issue is the protection of digital property rights, which has a number of implications. Finally, the adequacy of the developed three-step framework is illustrated in Napster and DeCSS cases.

Top of Page
Managing legal paperwork: an integration effort
Roberto GAGLIARDI, Paolo FIORENZANI, Sergio MONTANARI, Giacomo MAZZINI
Consorzio Pisa Ricerche, Pisa, Italy

Within the framework of "one-stop desk points" - still a complex challenge for both traditional and electronic government - an infrastructural and functional architecture is proposed for e-bureau networks, where information and transaction services have to be distributed and their legal validity has to be guaranteed. An outlook is given of faced problems and proposed solutions to fulfil the basic requirements of such "administrative portals". Whereas performance can be deferred to secondary technological improvements, development prospects impose at least protection of data integrity and authentication of communications, besides high architectural scalability, flexibility and interoperability with legacy systems, software platform independence. Moreover, information - distributed in a scaleable manner - has to be widely and easily accessible, consistently available, standardised and structured.

Top of Page
FILIGRANE: an electronic copyright framework
Pierre VANNEL(1) and Guy TSOBGNI(2)
(1)Gemplus Labs, Gémenos, France
(2)Gemplus Services Europe, MARSEILLE, France

Filigrane is a Java framework proposing a secure system for mobile software trading through networks (Internet, GSM…). It well fits the needs of the emerging market of the application service providing, including agent-based services. It aims both the application service provider and the consumer device manufacturer (PC, e-book, PDA…). To the application provider, it provides packaging services to protect the IPRs (Intellectual Property Right) of the software to deliver, according to a license agreement with the end-user. An IPMP (Intellectual Property Management and Protection) system specific to the software producer, plugged into the framework, coordinates the packaging services. Inside the client device, the corresponding IPMP system interprets the execution rules set and coordinates the previous operations. It could be split in two parts: one in the device and the other inside a multi-application smart card (i.e. a JavaCard) as an IPMP card applet.

Top of Page
Security for E-Commerce Applications
Axel KÖNIGER
Infineon Technologies AG, Security and Chip Card ICs, Munich, Germany

Doing business dramatically changed with the last few years due to the emergence of the internet and related applications. Not only private customers but also business customers and organisations face completely new ways to exchange information, conduct financial transactions and to deliver respectively receive goods. Two main features are essential to enable a broad spread of e-commerce. These are ease of use for the user together with a mature niveau of security. With the development of technology more and more portals open the way to the electronic world of doing business. Whereas PCs are the most common platform for e-commerce today, portals like set-top boxes and especially mobile devices (phones and PDAs) will clearly dominate in 3 to 4 years. Secure hardware is a key feature to enable a trust relationship between customers and service/content providers. Modern cryptography based on public key algorithms together with the possibility store private keys in a tamperproof device as well as performing critical operations in a trusted environment will be the basic requirements for future e-commerce applications. Infineon Technologies is proactively thinking on future applications in order to provide security components right in time.

Top of Page
Facilitating Administrative Services for Mobile Europeans with Secure Multi-Application Smartcards
Reinhard RIEDL
Department of Computer Science, University of Zurich, Zurich, Switzerland,

We discuss how JavaCard technology may be exploited for facilitating better administrative services for a broad class of inter-organizational and brokerage processes. Particular emphasis is given to the required interdisciplinarity of the engineering process.

Top of Page
Smart Cards Technologies for the Internet: Security and Interoperability Issues
David ANKRI
Smart IS Marketing
Neuilly, France

This paper will address the strategic issues related to smart cards technologies and security infrastructure for Internet applications, and will present the main European initiatives and international actions in progress to standardize the concept of electronic identity by smart cards for all Internet end users.

Top of Page
PKI case study: Bank of Sabadell
Jordi BUCH
Safelayer Secure Communications, Spain

Bank of Sabadell, is the first Spanish Bank to offer their clients PKI technology using smart card in order to secure the operations of Internet Banking. This paper describes the application of this technology in the Bank of Sabadell. After an introduction of the characteristics of the PKI and several aspects to consider, the author explains how the final "home banking" solution was implanted in the Bank of Sabadell. The model is based in a Certification Authority that generates lots of digital signature and authentication certificates in smart cards support. The generated certificates are not associated to any client in particular. This association is carried out later. This characteristic permits that the clients get everything is needed for doing "Home Banking" in one time and they should not came back for completing the registration procedure as is habitual in other PKI systems. The emission of this type of digital certificates is based on the fact that a private key and a digital signature and authentication certificate are provided. Their strength and viability was based on three technological aspects:

  • 1024 bits key sizes.
  • Smart card only support.
  • PKCS#11 and Crypto Service Provider allows Netscape Communicator and Microsoft Internet Explorer applications the use of Bank of Sabadell digital Certificates.

Top of Page
A New Standard For Security In E-Commerce
Amin ELSALEH
Managing Director EDIAUDIT
Bourg-La-Reine, France

We believe that the new generation of servers for e-commerce are basically oriented towards three standards association: XML-EDI-JAVA. This association enabled us to build a certification tool for EDI messages supported by a knowledge database that is unique for each business type and a dynamic routing engine to provide communications with on-line users. During the last two years we populated one of those knowledge databases dedicated to the Insurance sector and we built in parallel a new security standard based on two concepts: the data interception in a structured document and their verification according to security rules applied to the intercepted data. This security standard consists of a set of expressions which allow to populate the knowledge database for any commercial sector (namely Insurance, Distribution, Banking and others). It also allows consequently to migrate any type of traditional business to e-commerce with that guarantee of full data reliability exchanged between the involved partners in a business transaction and a full tracing of all the documents exchanged during the business transaction lifecycle with the supply of automatic reporting including those who might trigger the rejection of non-coherent or fraudulent documents. We believe with that new standard we would be able to provide a valuable type of content to all proposed Portal solutions; the knowledge database for each business type associated to a new type of security; the business rules which are not public and are exclusively under the control of the executive management within a given company.

Top of Page
Digital Signature for Administrative Simplification and for E-Commerce Development (Digisec Project)
Alberto SCHENA
InfoCamere, Roma, Italy

The DIGISEC project represents the trial phase of a wider project aiming at a massive introduction of the digital signature as an instrument helping both administrative simplification and e-commerce development. The proposers have to provide for the Italian Chambers of Commerce and their users (the enterprises) a service of Certification Authority (CA), suitable for 2 millions of digital signature devices (smart cards) by the end of 2001. Secure identification, non-repudiability of documents, electronic payments, will assure simple, secure and inexpensive interchange between enterprises and Public Administration and for e-commerce transactions. Existing technologies have not yet been tested and proved in a real operative situation with a massive initial user base. The trial, involving about 100,000 subjects, will support the final choice between the "traditional" smart card and the new "Java card", very promising for the future but still lacking in concrete applications.

Top of Page
Co-Ordination of Security Activities between Chambers of Commerce
Nikolaos KYRLOGLOU(1), Despina POLEMI(2), Peter FORRET(3), Sharon GRUFFERTY(4), Peter LANDROCK(5), Jan LEERLING(6), Otto MUELLER(7), Steen RYTLIG(8), Diomidis SPINELLIS(9)
(1)Athens Chamber of Commerce and Industry; Greece
(2)Institute of Communications and Computer Systems; Greece
(3)GlobalSign NV/SA;
(4)Baltimore Technologies Ltd.; Ireland
(5)Cryptomathic A/S; Denmark
(6)Amsterdam Chamber of Commerce and Industry; The Netherlands
(7)Zurich Chamber of Commerce and Industry; Switzerland
(8)Danish Chamber of Commerce; Denmark
(9)University of Aegean; Greece

E-Commerce is now a new challenge for the Chambers of Commerce (CoCs) world-wide. On the one hand, the traditional business based on paper documents is diminishing and must be supported by electronic documents and communication. On the other hand, the replacement of paper documents by electronic files offers new opportunities for the CoCs to act as Trusted Third Parties. The necessary technical infrastructure and the tools to cope with this challenge already exist and can be implemented. The European Commission under the Telematics Applications Programme for Administrations has funded a two-year project entitled COSACC (Co-Ordination of Security Activities between the Chambers of Commerce). It started in July 1998 and it aimed to identify current and future business scenarios for CoCs, which can be handled electronically, to permit the CoCs to act as a vehicle for international electronic commerce and to provide a secure link between CoCs in order to enable them to take their primary business into an electronic realisation. The project concluded successfully in June 2000 and arrived at a set of services to be offered to the CoC members.

Top of Page
Authenticating Web-Based Virtual Shops Using Verifiable Visual Seals
Hiroshi YOSHIURA, Takaaki SHIGEMATSU, Seiichi SUSAKI, Tsukasa SAITO, Hisashi TOYOSHIMA, Chikako KURITA, Satoru TEZUKA, Ryoichi SASAKI
Hitachi, Yokohama, Japan

Authenticating virtual shops is critical to establishing consumer trust in e-commerce, and one way to authenticate these shops is to use guarantee seals pasted on their Web pages. The effectiveness of this method, however, depends on the reliability of the seals. This paper therefore describes a verifiable seal system based on embedding the digital signatures of authorities into seals by using digital watermarking. This system can guarantee that the seal on a shop's Web page was issued to that shop by the designated authority, that the seal has not been forged or tampered with, and that the seal has not expired. The consumer can therefore trust honest shops and avoid fake shops.

Top of Page
A Security Chain for Trust and Confidence
Laurent BESLAY
Institute for Prospective Technological Studies - European Commission - Joint Research Center, Sevilla, Spain

The primary parameter for a sustained growth of E-commerce is the institution of trust relationships into the virtual world. Making this trustworthy environment a reality will not only depend on new technologies but also on management of privacy and security. I will present a new methodology to manage and reduce the risk in information technology systems: the security chain that is supported by the C.I.A (confidentiality-integrity-Authentication) concept and the HACCP (Hazard Analysis Critical Control Point) method. Based on a strong parallelism between the cold chain in the food sector, the security chain involves the entire group of actors in the same objective: the security of the raw material (information) for the benefits of all and not only for the consumer.

Top of Page
Nsafe.no: A Norwegian on-line business certification and quality label scheme for e-commerce
Agnes Beathe Steen FOSSE,
Stiftelsen eforum.no, Oslo, Norway

Nsafe is a Norwegian on-line business certification and quality label scheme for
e-business. The scheme includes a seal, code of conduct, directory of seal holders and an appeal board all combined into one system. Nsafe.no was launched on 24 November 1999. Nsafe is set up to improve the relationship between e-businesses and consumers to make e-commerce easier and safer. The code of conduct is of course based on the Norwegian law. The code of conduct and the law are at some points with EU regulations harmonised, but we have still further steps to go. The Nsafe system can easily be adjusted, so it can be used in other countries and areas. It can e.g. be adjusted for greater areas, as we will do when Scansafe are developed and launched in the Nordic Countries.

Top of Page
Business Models and Regulation in the Electronic Distribution of Music
Martin KRETSCHMER(1) and Roger WALLIS(2)
(1)Centre for Intellectual Property Policy & Management, School of Finance & Law
Bournemouth University, Dorset, United Kingdom
(2)Dept. of Media Technology and Graphic Arts, Royal Institute of Technology (KTH), Stockholm, Sweden

Drawing on more than 100 interviews conducted between 1996 and 2000 with multinational and independent music companies in 10 markets, strategies of the major players, current business models and regulatory responses to the on-line distribution on music files are reported and analysed.

Top of Page
Copyright Description Language for Distribution of Digital Contents
Hiroshi HOSHINO, Atsushi YAMADA
Kyoto 600-8813 JAPAN

In order to protect copyrights of digital contents, the standard of copyrights description is needed as well as watermark, encryption, and accounting technologies. We have developed copyright description language (called CMF) which can describe complex copyrights in the compound contents. CMF is based on XML and can define contents information, right holder information and use conditions which includes offered terms, agreed terms and charge rules of the contents. The agreed terms are selected by the user of the contents from the use conditions which the author has offered. As author declares the price of contents in the charge rules, users can calculate the cost of the contents.

Top of Page
Digital Rights Management and E-Commerce Applications
Andrés TORRUBIA(1), Luis J. MARTÍ(2) and Francisco J. MORA(3)
(1) Alicante, Spain
(2) Alicante, Spain
(3) Universidad Politécnica de Valencia, Dpto. Ingeniería Electrónica, Camino de Vera, Valencia, Spain

In the present environment, an increasing number of e-commerce applications are continuously appearing, offering many possibilities to worldwide online customers, among which sales of intangible assets are a significant part. The management of intangible assets sets some questions that must be solved. An effective Intangible Assets Management (IAM) system must take into account several security issues, such as privacy, confidentiality and intellectual property rights, which must be protected. The use of cryptographic techniques in Digital Rights Management (DRM) systems helps achieving these objectives, assuring that copyrights are fully respected. Another important issue is the interoperability of e-commerce systems. Any e-commerce solution must take into account that easy-to-use systems are more likely to become standards over the Internet than complex and not user-friendly solutions.

Top of Page
Digital Signatures for Web Content
Christian GEUER-POLLMANN(1) and Christoph RULAND(1) , Panagiotis SKLAVOS(2) and Marina MOULA(3)
(1) University of Siegen, Institute for Data Communications Systems, Siegen, Germany,
(2)EXPERTNET S.A., Athens, Greece
(3)PROODOS S.A. - New Telematic Services, Products and Applications Co S.A., Athens, Greece

The eXtensible Markup Language (XML) will form the basis for information interchange between the next generation of computer systems, especially in the field of business-to-business-communications. It will make the electronic exchange of documents and other exchangeable information much easier and less expensive. Security (e.g. integrity, authenticity of the message and/or signer authentication) of exchanged information and documents will be provided by the XML Signatures. Main goal of the ISIS project <WebSig> is to develop a publicly available library for embedding digital signatures in XML in compliance to the W3C standard "XML Digital Signature" in order to assure the integrity and authenticity of exchanged documents. The second goal is to use an existing e-commerce application (ERMIS) as a demonstrator. ERMIS is an electronic system on the Internet promoting tourism in the Aegean Region and allowing on-line booking and payment. Tourist companies, hotels and other agencies participate in the ERMIS network. <WebSig> enhances the security of ERMIS system. Digitally signed reservation vouchers are sent by the system to the hotel owner and the customer.

Top of Page
A PKI Scenario for High-Security Communications: Re-issued Certificates
Oscar CÁNOVAS(1), Antonio F. GÓMEZ(2) and Gregorio MARTÍNEZ(2)
(1)Dpto. de Ingeniería y Tecnología de Computadores
(2)Dpto. de Informática, Inteligencia Artificial y Electrónica
University of Murcia, Campus de Espinardo, Murcia, Spain

There are certain communications based on the X.509 standard, which we denominate of high-security, requiring a high reliability about the status of the involved certificates. The X.509 standard provides suitable mechanisms for cached operation, certificate revocation lists (CRLs), but CRLs have specific lifetimes and they are not suitable for systems needing a near-instantaneous statement about the validity of the involved certificate. However, online mechanisms for real-time confirmation create the need for a high bandwidth, and also decrease the overall performance introducing a great amount of new messages on the network. We propose a system for high-security communications based on signed statements establishing the validity of the concerning certificates. This proposal is based on trusted elements, which communicate each other using SSL connections, and transmit signed sentences that can be validated by any other system entity. The essential signed statement, the re-issued certificate, provides a standard method for validation, since all the applications based on SSL, S/MIME, SET, or other widely used protocols, work with X.509 certificates.

Top of Page
Mediating and Monitoring Electronic Commerce
Tony DE BREE(1) and Víctor FURUNDARENA(2)
(1)ABN Amro Bank NV, The Netherlands
(2) Federation for Enterprise Knowledge Development, Spain

The purpose of the Mediating and Monitoring Electronic Commerce (MeMo) Project is to construct a safe and trusted environment dedicated to the promotion of international electronic commerce activities for SMEs. MeMo, as an Electronic Commerce Broker Service (ECBS), will stimulate the electronic commerce transactions and interactions among SMEs in different European countries beyond the typical purchase of catalogue products ("posted pricing") and the e-auction models. The MeMo system basically covers the complete flow from Searching to Fulfilment although the project focuses on the Search, Negotiate and Deal Making stages. The whole workflow is supported by XML-formatted messages. The first case covers the Construction Industry. Due to its powerful partner and product searching based on Concept Navigating, negotiation, and contracting mechanisms, MeMo will allow SMEs to identify opportunities for business and co-operation, establish solid and trustworthy relationships, and trade value added services over the Internet; something that is usually only possible through large investments of time and face to face interactions. Trust services provided by financial services institutions like ABN AMRO will increase the level of trust in their marketplaces.

Top of Page