Multifunctional Smart Cards for Electronic Commerce-Application of the Role and Task-Based Security Model

Electronic commerce demands different security requirements for its many different applications. In the near future one smartcard may be used for many electronic commerce applications, such as payment systems, access to banking services and financial transactions over the Internet. A role and task based security model (R&T model) can ensure a secure access to many different services through an application based security framework. It can be used and implemented in a multifunctional smartcard in order to ensure both the users personal need for application based security and his right to informational self determination as the fundamental right of privacy is defined in the German legal system. A successful application of the model can help the user navigate a secure way through the jungle of electronic commerce. 1 Electronic commerce The ever increasing growth of the virtual business world will lead to more and more electronic based payment systems. The present day use of credit and debit card based payment is already widespread. It will become more commonplace, because of the increasing acceptance of such cards within the retail trade. The number of businesses accepting electronic payment is steadily growing. The introduction of the „electronic wallet“ in Germany will increase the use of electronic money and therefore decrease the use of conventional currency. In the future one or more cards will be used for a wide variety of purposes, not only in electronic commerce. In general, the probability is high that one multifunctional card will achieve wider acceptance than a large number of single function cards. Although the Internet was never designed for secure transactions, it has become the technical medium for network based financial transactions. The need for the development of secure payment systems has therefore become blatantly apparent. The multitude of payment media, including credit and debit cards, cheques and traditional currency, has spawned a corresponding number of technical systems which support them. Even though many of them are already in use, no single system has become accepted as the de facto standard. A review of different electronic payment systems and their security aspects can be found in [1], [2] and [3]. One special property of conventional currency should not be neglected: Anonymity. Transactions cannot be traced back to individual customers, the identity of which therefore remains unknown. The billing and accounting systems related to cheques and credit cards presuppose a direct link between customer and transaction. The anonymity property cannot therefore apply to these media. Electronic payment systems need to preserve the anonymity property of traditional currency while also offering a payment mode which links individuals and their transactions. Unfortunately, most electronic wallet systems do not support anonymous use. These systems protocol individual transaction data, which allow them to reidentify individual users. The transactions are protocoled by a separate clearing house, which allows the electronic wallet transactions to be treated as a different account. Financial institutions claim that this system, by which the bank and the clearing house both store transaction data, makes checks for misuse possible and therefore more secure. The loss of anonymity may, however, affect the behaviour of the consumer and infringe on personal rights. The right to informational self determination is endangered, unless an anonymous payment system is not available. There is a trend within the financial community towards offering services, such as money transfer, checking the status of accounts, etc., as so-called „home banking“. Home banking services can be accessed directly („online“) from the users home computer via the Internet. As homebanking becomes more and more widespread, additional services, such as stock market trading or investment information, will also be made available. In addition to this, automatic teller machines (ATM) will eventually provide access to all banking services. Personal contact between the customer and the bank employee will be reduced and finally substituted by the networked based direct banking services. This shift in emphasis towards online banking services may not always be of advantage to the customer. These risks and other global digital commerce problems are discussed in [4]. Developments to date show that, in order to support the large number of existing electronic commerce applications, many different cards are required. A typical (physical) wallet contains a variety of cards, including bank and credit cards, social security cards, telephone cards, customer cards. This ever increasing multitude of „plastic“, with its associated volume of personal identification numbers (PIN), already tends to confuse the user. Not only does the risk of forgetting PINs increase, but also the danger of associating a card with the wrong PIN. This causes added risks, such as the customer may be tempted to write down the PINs and keep them in the wallet. Most of these applications, such as electronic payment systems, network based financial transactions and electronic banking services, will use a smartcard for their implementation. This paper presents an electronic commerce application of the role and task based security model (R&T model) for multifunctional smartcards [5]. One multifunctional card implementation of the R&T model model could support not only several different electronic commerce applications, but also non-financial functions. For each application the user will have an individual security level, which is already wellknown from single application cards. For a specific application the user can choose the required security level, which may e.g. offer an anonymous use. Before describing the R&T model in a semi-formal way, some requirements are mentioned.