Electronic commerce is a relatively new term used to describe any form of computerized financial transaction between business trading partners, both by consumers and from company to company. These financial transactions are performed by the exchange of electronic versions of commerce instruments and documents. Examples of commerce instruments include credit cards, checks, and forms of currency. Examples of commerce documents include receipts, bills of lading, purchase orders, contracts, and Letters of Credit. Generally, the computerized exchange of a commerce instrument and/or document is implemented through the transfer of structured data by electronic means from one computer application to another computer application over some type of network, such as a local area network (LAN), wide area network (WAN), or the Internet, using mutually agreed upon message standards.
A growing number of financial applications are migrating to networks, such as the Internet. Some applications, like home banking and bill payment, are already commonly conducted as electronic transactions over networks. Other newer applications, like brokerage account management and business-to-business purchasing, are being adapted for implementation over the Internet. In each of these applications, there is a common need to protect certain interests of the trading partners and minimize the risks to all participants in regard to the following concerns.
If electronic transactions over public networks are to be accepted, there must be some assurance that the participants are authentic (each participant must be who they claim to be), and the documents and instruments electronically exchanged between parties must have integrity. Further, all participants must have a reasonable expectation that the transaction may not be repudiated at a later date. There is also a need for privacy, so that the knowledge of a transaction may be kept solely among the participants and not accessible by any unauthorized party. Furthermore, a financial application must coexist with the existing legacy electronic financial systems.
Historically, most of these requirements were met in legacy systems by the employment of a proprietary and closed electronic commerce system that had a high security protocol. In such a system, the participants and the electronic instruments and documents are authentic and private by definition and by the steps taken to prevent access to the secure system by others. Further, the integrity of instruments and documents and their non-repudiation were controlled by the proprietary nature of the closed commerce system. However, interaction with other secure commerce systems was typically not provided.
The transition from closed commerce systems to transactions conducted over a public network such as the Internet has been eased by the availability of public-key cryptography. Virtually all web servers and client browsers support secure-channel protocols and public-key authentication, at least on the server. With the recent deployment of the Secure Sockets Layer (SSL) protocol, public-key authentication by the client is now also widely available. Thus, many of the requirements noted above to enable the use of financial applications on the Internet (or other public access network) are becoming commonplace protocols, which are readily available.
However, as the number for electronic financial transactions conducted over public networks continues to increase, there has developed a need for a simplified (computationally less intensive) method or meta-protocol that will facilitate two-party financial transactions between trusted and non-anonymous trading partners. In financial transactions, “trust” does not have a moral connotation. Instead, financial trust indicates that a trading partner has shown either by previous activities or submission of documents/instruments that the trading partner will be responsible for financial obligations arising from the transaction. Trusted trading partners can provide each other with a reasonable expectation of integrity, privacy and non-repudiation. Since the amount of encryption required to guarantee integrity and privacy for a two-party transaction between trusted partners is less than transactions between strangers, the computational overhead should be reduced. Thus, there is a need in the financial community for a simplified method or protocol that will facilitate two-party electronic commerce transactions between trading partners connected on a public network. This method should enable two parties to become trusted trading partners by defined series of steps that provide the required assurance of authenticity, privacy, and non-repudiation.