Ads by Google

Thursday, September 17, 2009

Alternative Systems of E-cash


Systems of E-cash


Technically electronic or digital money is a representation, or a system of debits and credits, used to exchange value, within another system, or itself as a stand alone system, online or offline. Also sometimes the term electronic money is used to refer to the provider itself.

A private currency may use gold to provide extra security, such as digital gold currency. Also, some private organizations, such as the US military use private currencies such as Eagle Cash.


Many systems will sell their electronic currency directly to the end user, such as Paypal and WebMoney, but other systems, such as Liberty Reserve, sell only through third party digital currency exchangers. In the case of Octopus Card in Hong Kong, deposits work similarly to banks’. After Octopus Card Limited receives money for deposit from users, the money is deposited into banks, which is similar to debit-card-issuing banks redepositing money at central banks.

Some community currencies, like some LETS systems, work with electronic transactions. Cyclos Software allows creation of electronic community currencies.

Ripple monetary system is a project to develop a distributed system of electronic money independent of local currency.

Off-line ‘anonymous’

Off-line ‘anonymous’ electronic money

In the use of off-line electronic money, the merchant does not need to interact with the bank before accepting a coin from the user. Instead he can collect multiple coins Spent by users and Deposit them later with the bank. In principle this could be done off-line, i.e. the merchant could go to the bank with his storage media to exchange e-cash for cash.

Nevertheless the merchant is guaranteed that the user’s e-coin will either be accepted by the bank, or the bank will be able to identify and punish the cheating user. In this way a user is prevented from spending the same coin twice (double-spending). Off-line e-cash schemes also need to protect against cheating merchants, i.e. merchants that want to deposit a coin twice (and then blame the user).

Using cryptography, anonymous ecash was introduced by David Chaum. He used blind signatures to achieve unlinkability between withdrawal and spend transactions. In ryptography, e-cash usually refers to anonymous e-cash. Depending on the properties of the payment transactions, one distinguishes between on-line and off-line e-cash. The first off-line e-cash system was proposed by Chaum and Naor. Like the first on-line scheme, it is based on RSA blind signatures.

SMART CARDS


SMART CARDS


A smart card, chip card, or integrated circuit card (ICC), is in any pocket-sized card with embedded integrated circuits which can process data. This implies that it can receive input which is processed — by way of the ICC applications — and delivered as an output.


There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally PVC, but sometimes ABS. The card may embed a hologram to avoid counterfeiting. Using smartcards also is a form of strong security authentication for single sign-on within large companies and organizations.

DIMENSIONS


DIMENSIONS


A “smart card” is also characterized as follows

• Dimensions are normally credit card size. The ID-1 of ISO/IEC 7810 standard defines them as 85.60 × 53.98 mm. Another popular size is ID-000 which is 25 × 15 mm (commonly used in SIM cards). Both are 0.76 mm thick.

• Contains a security system with tamper-resistant properties (e.g. a secure cryptoprocessor, secure file system, human-readable features) and is capable of providing security services (e.g. confidentiality of information in the memory).

• Asset managed by way of a central administration system which interchanges information and configuration settings with the card through the security system. The latter includes card hotlisting, updates for application data.

• Card data is transferred to the central administration system through card reading devices, such as ticket readers, ATMs etc.
Benefits
Smart cards can be used for identification, authentication, and data storage.

Smart cards provide a means of effecting business transactions in a flexible, secure, standard way with minimal human intervention.

Smart card can provide strong authentication for single sign-on or enterprise single sign-on to computers, laptops, data with encryption, enterprise resource planning platforms such as SAP, etc.

DETAILS ABOUT SMART CARD

DETAILS ABOUT SMART CARD


The automated chip card was invented by German rocket scientist Helmut Gröttrup and his colleague Jürgen Dethloff in 1968; the patent was finally approved in 1982. The first mass use of the cards was for payment in French pay phones, starting in 1983 (Télécarte). Roland Moreno actually patented his first concept of the memory card in 1974.

In 1977, Michel Ugon from Honeywell Bull invented the first microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. Three years later, the very first “CP8” based on this patent was produced by Motorola. At that time, Bull had 1200 patents related to smart cards. In 2001, Bull sold its CP8 Division together with all its patents to Schlumberger. Subsequently, Schlumberger combined its smart card department and CP8 and created Axalto. In 2006, Axalto and Gemplus, at the time the world’s no.2 and no.1 smart card manufacturers, merged and became Gemalto.

A smart card, combining credit card and debit card properties. The 3 by 5 mm security chip embedded in the card is shown enlarged in the inset. The contact pads on the card enables electronic access to the chip.

The second use was with the integration of microchips into all French debit cards (Carte Bleue) completed in 1992. When paying in France with a Carte Bleue, one inserts the card into the merchant’s terminal, then types the PIN, before the transaction is accepted. Only very limited transactions (such as paying small autoroute tolls) are accepted without PIN.

Smart-card-based electronic purse systems (in which value is stored on the card chip, not in an externally recorded account, so that machines accepting the card need no network connectivity) were tried throughout Europe from the mid-1990s, most notably in Germany (Geldkarte), Austria (Quick), Belgium (Proton), France (Moneo), the Netherlands (Chipknip and Chipper), Switzerland (“Cash”), Norway (“Mondex”), Sweden (“Cash”), Finland (“Avant”), UK Mondex”), Denmark (“Danmønt”) and Portugal (“Porta-moedas Multibanco”).

The major boom in smart card use came in the 1990s, with the introduction of the smart-card-based SIM used in GSM mobile phone equipment in Europe. With the ubiquity of mobile phones in Europe, smart cards have become very common.

DETAILS ABOUT SMART CARD

DETAILS ABOUT SMART CARD

The international payment brands MasterCard, Visa, and Europay agreed in 1993 to work together to develop the specifications for the use of smart cards in payment cards used as either a debit or a credit card. The first version of the EMV system was released in 1994. In 1998 a stable release of the specifications was available. EMVco, the company responsible for the long-term maintenance of the system, upgraded the specification in 2000 and most recently in 2004. The goal of EMVco is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version.

With the exception of countries such as the United States of America there has been significant progress in the deployment of EMV-compliant point of sale equipment and the issuance of debit and or credit cards adhering the EMV specifications. Typically, a country’s national payment association, in coordination with MasterCard International, Visa International, American Express and JCB, develop detailed implementation plans assuring a coordinated effort by the various stakeholders involved.

The backers of EMV claim it is a paradigm shift in the way one looks at payment systems. In countries where banks do not currently offer a single card capable of supporting multiple account types, there may be merit to this statement. Though some banks in these countries are considering issuing one card that will serve as both a debit card and as a credit card, the business justification for this is still quite elusive. Within EMV a concept called Application Selection defines how the consumer selects which means of payment to employ for that purchase at the point of sale.

For the banks interested in introducing smart cards the only quantifiable benefit is the ability to forecast a significant reduction in fraud, in particular counterfeit, lost and stolen.

The current level of fraud a country is experiencing, coupled with whether that country’s laws assign the risk of fraud to the consumer or the bank, determines if there is a business case for the financial institutions. Some critics claim that the savings are far less than the cost of implementing EMV, and thus many believe that the USA payments industry will opt to wait out the current EMV life cycle in order to implement new, contactless technology.

Smart cards with contactless interfaces are becoming increasingly popular for payment and ticketing applications such as mass transit. Visa and MasterCard have agreed to an easy-to-implement version currently being deployed (2004-2006) in the USA. Across the globe, contactless fare collection systems are being implemented to drive efficiencies in public transit. The various standards emerging are local in focus and are not compatible, though the MIFARE Standard card from Philips has a considerable market share in the US and Europe.

Smart cards are also being introduced in personal identification and entitlement schemes at regional, national, and international levels. Citizen cards, drivers’ licenses, and patient card schemes are becoming more prevalent; For example in Malaysia, the compulsory national ID scheme MyKad includes 8 different applications and is rolled out for 18 million users. Contactless smart cards are being integrated into ICAO biometric passports to enhance security for international travel.

SIGNAL DESCRIPTION


SIGNAL DESCRIPTION


VCC : Power supply input


RST : Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card). If internal reset is implemented,
the voltage supply on Vcc is mandatory.


CLK : Clocking or timing signal (optional use by the card).


GND : Ground (reference voltage).


VPP : Programming voltage input (deprecated / optional use by the card).


I/O : Input or Output for serial data to the integrated circuit inside the card.


NOTE - The use of the two remaining contacts will be defined in the appropriate application standards.

ELECTRONIC DATA INTERCHANGE

ELECTRONIC DATA INTERCHANGE


Electronic Data Interchange (EDI) refers to the structured transmission of data between organizations by electronic means. It is used to transfer electronic documents from one computer system to another (ie) from one trading partner to another trading partner. It is more than mere E-mail; for instance, organizations might replace bills of lading and even checks with appropriate EDI messages. It also refers specifically to a family of standards, including the X12 series. However, EDI also exhibits its pre-Internet roots, and the standards tend to focus on ASCII(American Standard Code for Information Interchange)-formatted single messages rather than the whole sequence of conditions and exchanges that make up an inter-organization siness process.


In 1992, a survey of Canadian businesses found at least 140 that had adopted some form of EDI, but that many (in the sample) “[had] not benefited from implementing EDI, and that they [had] in fact been disadvantaged by it.”

The National Institute of Standards and Technology in a 1996 publication defines Electronic Data Interchange as “the computer-to-computer interchange of strictly formatted messages that represent documents other than monetary instruments. EDI implies a sequence of messages between two parties, either of whom may serve as originator or recipient. The formatted data representing the documents may be transmitted from originator to recipient via elecommunications or physically transported on electronic storage media.”. It goes on further to say that “In EDI, the usual processing of received messages is by computer only.



Human intervention in the processing of a received message is typically intended only for error conditions, for quality review, and for special situations. For example, the transmission of binary or textual data is not EDI as defined here unless the data are treated as one or more data elements of an EDI message and are not normally intended for human interpretation as part of online data processing.”

EDI can be formally defined as ‘The transfer of structured data, by agreed message standards, from one computer system to another without human intervention’. Most other definitions used are variations on this theme. Even in this era of technologies such as XML web services, the Internet and the World Wide Web, EDI is still the data format used by the vast majority of electronic commerce transactions in the world.

Wednesday, September 16, 2009

EDI STANDARDS

EDI STANDARDS


Generally speaking, EDI is considered to be a technical representation of a business conversation between two entities, either internal or external. Note, there is a perception that EDI" constitutes the entire electronic data interchange paradigm, including the transmission, message flow, document format, and software used to interpret the documents. EDI is considered to describe the rigorously standardized format of electronic documents.

The EDI standards were designed to be independent of communication and software technologies. EDI can be transmitted using any methodology agreed to by the sender and recipient. This includes a variety of technologies, including modem (asynchronous, and bisynchronous), FTP, Email, HTTP, AS1, AS2, etc. It is important to differentiate between the EDI documents and the methods for transmitting them. When they compared the bisynchronous protocol 2400 bit/s modems, CLEO devices, and value-added networks used to transmit EDI documents to transmitting via the Internet, some people equated the non-Internet technologies with EDI and predicted erroneously that EDI itself would be replaced along with the non-Internet technologies. These non-internet transmission methods are being replaced by Internet Protocols such as FTP, telnet, and E-mail, but the EDI documents themselves still remain.

As more trading partners use the Internet for transmission, standards have emerged. In 2002, the IETF published RFC 3335, offering a standardized, secure method of transferring EDI data via e-mail. On July 12th, 2005, an IETF working group ratified RFC4130 for MIME-based HTTP EDIINT (aka. AS2) transfers, and is preparing similar documents for FTP transfers (aka. AS3). While some EDI transmission has moved to these newer protocols the providers of the value-added networks remain active.

EDI documents generally contain the same information that would normally be found in a paper document used for the same organizational function. For example an EDI 940 ship-from-warehouse order is used by a manufacturer to tell a warehouse to ship product to a retailer. It typically has a ship to address, bill to address, a list of product numbers and quantities. It may have other information if the parties agree to include it. However, EDI is not confined to just business data related to trade but encompasses all fields such as medicine (e.g., patient records and laboratory results), transport (e.g., container and modal information), engineering and construction, etc. In some cases, EDI will be used to create a new business information flow (that was not a paper flow before). This is the case in the Advanced Shipment Notification (856) whichwas designed to inform the receiver of a shipment, the goods to be received and how the goods are packaged.

major sets of EDI standards

Major sets of EDI standards


There are four major sets of EDI standards


1. The UN-recommended UN/EDIFACT is the only international standard and is predominant outside of North America.


2. The US standard ANSI ASC X12 (X12) is predominant in North America.


3. The TRADACOMS standard developed by the ANA (Article Numbering Association) is predominant in the UK retail industry.


4. The ODETTE standard used within the European automotive industry


All of these standards first appeared in the early to mid 1980s. The standards prescribe the formats, character sets, and data elements used in the exchange of business documents and forms. The complete X12 Document List includes all major business documents, including purchase orders (called "ORDERS" in UN/EDIFACT and an "850" in X12) and invoices (called "INVOIC" in UN/EDIFACT and an "810" in X12).

The EDI standard says which pieces of information are mandatory for a particular document, which pieces are optional and give the rules for the structure of the document. The standards are like building codes. Just as two kitchens can be built "to code" but look completely different, two EDI documents can follow the same standard and contain different sets of information. For example a food company may indicate a product’s expiration date while a clothing manufacturer would choose to send color and size information.

Advantages of using EDI over paper systems


Standards are generally updated each year


Advantages of using EDI over paper systems


EDI and other similar technologies save a company money by providing an alternative to, or replacing information flows that require a great deal of human interaction and materials such as paper documents, meetings, faxes, etc. Even when paper documents are maintained in parallel with EDI exchange, e.g. printed shipping manifests, electronic exchange and the use of data from that exchange reduces the handling costs of sorting, distributing, organizing, and searching paper documents. EDI and similar technologies allow a company to take advantage of the benefits of storing and manipulating data electronically without the cost of manual entry. Another advantage of EDI is reduced errors, such as shipping and billing errors, because EDI eliminates the need to rekey documents on the destination side. One very important advantage of EDI over paper documents is the speed in which the trading partner receives and incorporates the information into their system thus greatly reducing cycle times. For this reason, EDI can be an important component of just-in-time production systems.

According to the 2008 Aberdeen report "A Comparison of Suppler Enablement around the Word", only 34% of purchase orders are transmitted electronically in North America. In EMEA, 36% of orders are transmitted electronically and in APAC, 41% of orders are transmitted electronically. They also report that the average paper requisition to order costs a company $37.45 in North America, $42.90 in EMEA and $23.90 in APAC. With an EDI requisition to order costs are reduced to $23.83 in North America, $34.05 in EMEA and 14.78 in APAC.

Examples of Disadvantages of EDI


Examples of Disadvantages of EDI

United States Health Care Systems

The United States health care system consists of thousands of different companies and other entities. In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted. In short, it set down standard transaction sets for specific EDI transactions and mandated electronic support for every insurance company in the United States for these transactions. While the benefits of EDI are numerous and only increase with increased volume, the drawbacks, though not directly related to EDI itself, include managerial problems in the support, maintenance and implementation of EDI transactions.

1. Though an EDI standard exists for health care transactions, the standard allows for variation between implementation, which gives way to the existence of Companion Guides, detailing each company’s variation.

2. Each entity may have a different method of delivery, ranging from dial-up BBS systems; mailing hard media such as a CD-ROM or tape backup; or FTP. Some entities may elect not to support different methods of elivery depending on a trading partner’s expected volume.
3. Due to varying implementation on nearly all points of EDI including contact, egistration, submission and testing of transactions between different entities n US health care, the existence of EDI clearinghouses has sprung up. An DI clearinghouse is one entity agreeing to act as a middle-man between ultiple entities and their end-clients, such as between medical providers and insurance companies they accept coverage from. They may act as a value-added network and attempt to conform their different supported entities to one submission standard. One such example is Emdeon. An EDI clearinghouse will not cover all health care entities, though they may cover a large portion, and they may not cover all HIPAA-mandated transactions for all of their supported entities.

4. Because of the above points, one single computer application cannot handle all health care entities. Though this may not be necessary, it can lead to an obvious management headache as a company attempts to register itself with vario


us EDI partners

This all comes at a massive cost in time and management as a company may attempt to support a broad range of transactions with a broad range of entities. This example is an extension of the lack of strict standards across implementations, transactions and methods.