Web Magazine for Information Professionals

ECMS: Technology Issues and Electronic Copyright Management Systems

Pedro Isaias looks at the relevant ECMS e-Commerce technology.

Technology issues are of utmost importance in Electronic Copyright Management Systems (ECMS). In fact, these technologies can in part determine the success or failure of these systems. In a traditional environment, consumers enjoy buying with efficient systems and security. This is even truer in the Internet. Thus the need to develop and deploy technologies that are efficient and can assure security.

This work covers these technology issues, illustrating the following points in an objective way:

ECMS: Important Technologies

Most of the technologies referred in this article can be used with the so-called digital objects. A digital object can be defined [1] as being "a logical entity or data structure whose two principal components are digital material ("data"), plus a unique identifier for the material and other information pertaining to the data ("metadata")".

In this section the following technologies will be focused:

Payment Systems

Having payment systems that are both effective and reliable is very important in ECMS and digital libraries. It is commonly accepted that quality information should be paid for, situation in which these systems are more than needed: they are an imperative.

According to several authors [2,3] there are important requirements that electronic payment systems should follow in order to be reliable. The most relevant are:

There are presently two broad categories of electronic payment systems in what concerns their money model [3, 4]:

In token-based or cash-like systems, transactions are performed with tokens that have a certain value (of themselves or from the status of the Institutions that issue them) and must be bought to a central authority before consumers being able to make any transactions. These systems do not support debt.

Notational or credit/debit systems consist of having an account and the central authority keeping a record of the amount in that account. In this particular systems consumers exchange documents that are equivalent of value transfers. These exchanges consist in the debiting of the consumers' account and the crediting of the merchant account. These systems can support debt.

Token-based or cash-like systems

One of the most well known examples of these systems was Ecash (DigiCash). The company has gone out of business and ceased operations (now taken over). The main characteristic of the Digicash system, developed by David Chaum, lay in the possibility of using real electronic money. The value of this system lay in the electronic cash, and not in the possibility of authoring funds transfers between consumers and suppliers (sellers). The main strength of the Ecash system was, however, the possibility of conducting anonymous and secure transactions.

Basically, the Ecash system consisted of the following:

This system presented several advantages:

Ecash used a direct cash like payment model with online validation. The same payment model is used by NetCash [5].

NetCash provides a framework for digital payments. The system is based on a system of distributed issuing currency servers. The NetCash coin has the name of the issuing server and specific serial number.

The currency servers offer several services, being one important service the redemption of coins for cheques (NetCheque digital cheques). NetCash has now been layered into NetCheque.

MilliCent [6] is a strong alternative to other token-based systems. It has been released in Japan (went live on June 1, 1999) and is being applied in several on-line sales. The important aspect of MilliCent is that it covers operations as small as 1/10th of a dollar; this system clearly aims at the micropayments segment. The other important aspect, especially for ECMS, is that with these small amounts, ECMS can sell individual papers, or even parts of papers, for instance. A newspaper publisher can even sell a newspaper article by article.

MilliCent does no use real money but scrip which is like cash because it represents a value but is different from cash because it's only valid with a specific vendor. Scrip is basically a electronic coupon which represents pre-paid value specific to a vendor. Scrip associated with a specific vendor can be exchanged by scrip from other vendors via brokers.

The process of acquiring and using scrip is very straightforward: a customer can acquire it with his or her credit card and then it can be used to make purchases from a specific vendor.

Millicent uses a direct cash like payment model with semi-online validation.

Other relevant token-based systems are available (please refer to appendix for their URLs): CAFE and Mondex.

Notational or credit/debit systems

One of the first examples of a notational system was First Virtual, which has ceased operations. First Virtual system considered the possibility of a user having access to the information before paying for it which was a strong point but also a weakness since users could abuse the system. Its simplicity was also highly regarded.

One of the weakest points was, however, not having cryptography, and therefore not being able to guarantee totally safety transaction.

First Virtual used a credit card payment intermediator notational payment model with online validation.

One of the most relevant systems in this category is CyberCash [7]. This system, which is in fact a system designed to charge the client's credit card, allows transactions with immediate payment between sellers and consumers through a financial institution. The transactions are performed with credit card.

The CyberCash system works according to the following model:

The CyberCash system has the advantage of cryptography, which guarantees security and privacy to the client. CyberCash uses a secure credit card presentation notational payment model with online validation.

Another good example of a notational system is CyberCoin [8], originated in Cybercash. The CyberCoin system has been designed to deal with small transactions (i.e. 25 cent to $10), that are considered small payments. Cybercash has closed CyberCoin accounts (in North America only) and launched InstaBuy [9].

InstaBuy uses, as CyberCoin, a direct account based payment model with online validation.

Another good example of notational systems, specialised in micropayments, is the NetBill system. The Netbill system [10] has been developed by the Carnegie Mellon University, evolving from previous billing service prototypes and being first applied in the digital library of this University, the CMU’s Informedia Digital Video Library.

The NetBill system deals with authentication, verifying credits, controlling accesses and recording transactions. Their goals are: working with open protocols and dealing exclusively with goods that are delivered electronically and services.

The Netbill system works in the following way [11]:

The NetBill systems features the following advantages: transaction security through encryption and digital signatures; the system allows the use of alias from customers in order to remain anonymous from merchants; the costs per transaction are very low.

NetBill uses a direct account based notational payment model with online validation.

One important standard of Notational systems, and especially designed for secure credit card processing in the Internet, is Secure Electronic Transactions (SET) [12]. SET is an initiative of VISA and Mastercard amongst other participants. This initiative followed several other from different companies and organisations; basically none could impose its standard and since then they join efforts to produce a unified standard, SET.

A SET transaction works in the following way [13]:

SET uses a secure credit card presentation notational payment model with online validation.

Other relevant notational systems are available (please refer to appendix for their URLs): NetCheque and eCheck (FSTC Electronic Check).

Security Techniques

There are several techniques that implement concepts of Web security. At the ECMS and digital library level, the following are relevant techniques:

The recipient watermark is the most used technique because it's easier to prevent in this way the re-distribution of the material.

In what concerns the watermark that identifies from who the materials (contents) originate, there are two possibilities of applying it (with different goals):

Importance of these Technologies in ECMS

It is quite obvious of the extreme importance of these technologies in ECMS. The question mark lies more on the more or less appropriateness of some of the solutions presented rather than on the technologies themselves.

For instance, is it more appropriate to use a micropayment system or a macropayment system? It seems from what has been described that for a ECMS is clearly more appropriate a micropayment system. These allow the user to acquire only fragments or an article, or only an article in a journal. It's clearly more flexible.

Another question is related to token-based vs. notational systems. What systems are more suited for ECMS? This is more difficult to answer. It seems obvious that notational systems are taking the lead in disseminating themselves. And banks and credit card issuers back up several of them. But are these systems the ones that really defend customers? The answer is more on the negative side. In fact systems like Ecash (Digicash) really defended the customer by being rigorously anonymous and secure - they were like real money. But the market didn't favour them and they've ended operations. Of course notational systems also have advantages like allowing debt.

And what about security? ECMS require security in the operations in which the consumer engages. Several options are available and being exploited and only the market will tell the methods that will prevail. While the encryption method seems well suited to be used in payment mechanisms, the digital watermarking seems to be an obvious defence for the control of distributed materials.

Conclusions and Future Perspectives

At a technological level, there are several obvious open questions:

The first question is impossible to answer. When hackers enter the Pentagon systems and NASA systems are hacked with some frequency it is difficult to say that there will be 100% safe systems. The bet is more likely to be in minimising the problem and finding alternative ways to address the question. In technological terms is highly difficult to find 100% safe systems.

As for the payment model question, it's difficult to answer because some advantages that the others don't. It depends on several variables like user's bank and specific vendors. As from choosing from several available payment systems it depends on the ECMS that will choose the payment systems that they want to work with. It would be nice to see ECMS presenting alternative payment solutions like we see today in a shop when we want to pay with credit card and several alternatives are often presented.

In future, the tendency is certainly to facilitate the ECMS use by consumers, through the more widespread use of simpler and more efficient technological means. One thing is for granted: future systems will have more and better functionalities and will provide improved features, spoiling consumers with a myriad of possibilities.

Appendix - List of Most Significant Electronic Payment Systems and Their URLs:

CAFE

http://www.cwi.nl/cwi/projects/cafe.html

Cybercash

http://www.cybercash.com

CyberCoin

http://www.cybercash.com/cybercash/services/cybercoin.html

Ecash (DigiCash)

http://www.digicash.com/

eCheck (FSTC Electronic Check)

http://www.echeck.org/

InstaBuy

http://www.instabuy.com/

Millicent

http://www.millicent.digital.com/

Mondex

http://www.mondex.com/

NetBill

http://www.ini.cmu.edu/netbill/

http://www.netbill.com/

NetCash

http://nii-server.isi.edu/info/netcash/

NetCheque

http://gost.isi.edu/info/netcheque/

Secure Electronic Transactions (SET)

http://www.mastercard.com/shoponline/set/set.html

References

[1] Cross Industry Working Team. (1997). Managing access to digital information: an approach based on digital objects and stated operations.
Available from: http://www.xiwt.org/documents/ManagAccess.html [August 4th 1999]
 
 
[2] Costa, J. F., Silva, A. and Delgado, J. (1995). Análise dos sistemas comerciais emergentes na Internet In: Proceedings of I Conferência Nacional WWW - Informação Multimédia na Internet, Minho 1995
 
 
[3] Ferreira, L.; Dahab, R. (1998). A scheme for electronic payment systems. In: Proceedings of the 14th Annual Computer Security Applications Conference, 7-11 December 1998. IEEE, 137-146.
 
 
[4] Weber, R. (1998). Chablis - Market Analysis of Digital Payment Systems. Chablis (TUM-I9819)
 
Available from: http://medoc.informatik.tu-muenchen.de/Chablis/MStudy/x-a-marketpay.html [August 4th 1999]
 
[5] NetCash home page: http://nii-server.isi.edu/info/netcash/ [August 4th 1999]
 
 
[6] Millicent home page: http://www.millicent.digital.com/ [August 4th 1999]
 
 
[7] CyberCash home page: http://www.cybercash.com/ [August 4th 1999]
 
 
[8] CyberCoin home page: http://www.cybercash.com/cybercash/services/cybercoin.html [August 4th 1999]
 
 
[9] InstaBuy home page: http://www.instabuy.com/ [August 4th 1999]
 
 
[10] NetBill home page: http://www.netbill.com/ [August 4th 1999]
 
 
[11] Sirbu, M.; Tygar, J. (1995). NetBill: an Internet system optimized for network delivered services. In: Proceedings of the CompCon Conference, March 1995. IEEE
 
Available from: http://www.ini.cmu.edu/netbill/pubs/CompCon.ps.Z [August 4th 1999]
 
 
[12] Mastercard's SET home page: http://www.mastercard.com/shoponline/set/set.html [August 4th 1999]
 
 
[13] Asokan, N. et al. (1997, September). The state of the art in electronic payment systems. IEEE Computer magazine [Online], Vol. 30 issue 9, 28-35.
 
Available: http://computer.org/computer/co1997/r9028abs.htm [August 4th 1999]
 
 
[14] More details as well as the software (distributed as freeware) can be found at http://web.mit.edu/network/pgp.html [August 4th 1999]
 
 
[15] Mintzer, F. et al. (1997, December). Safeguarding digital library contents and users – digital watermarking. D-Lib Magazine [Online], 44 paragraphs
 
Available from: http://www.dlib.org/dlib/december97/ibm/12lotspiech.html [August 4th 1999]

Author Details

Pedro Isaias
European Projects Manager at ISEGI
New University of Lisbon and Professor at Portuguese Open University
Email: pisaias@mail.telepac.pt