The following news story appeared in Wired News on 26 March 1997 about C-SET or "chip secured electronic transactions.  This article is of interest in view of the foregoing comments contained in Appendix 1 & 2 regarding the plans to convert to a cashless society.  Note the application of this technology for tax collection and as a secure means of card holder "identification."



France Adopts E-Commerce Security Protocol
by Jerome Thorel

5:06 a.m. Mar. 26, 1997 PST

France is adopting a protocol for secure electronic payments that will make the nation's banks the "trusted third parties" that hold encrypted information about online buyers - and the repository of personal information to be made available to police pursuing criminal investigations.

The French protocol, known as chip-secured electronic transaction, or C-SET, will also tie into Europe's "smart" credit-card system that allows for more reliable identification of card users than the signature method employed in the United States.

The European Commission has also agreed to test the system as a possible future standard, and Europe's major economic powers, including Germany and the United Kingdom, also intend to test it.

French security officials agreed earlier this month to accept C-SET because it is compatible with future trusted-third-party systems, dedicated to assuring national governments that all encrypted communications will be key-escrowed.

In France and other European countries, credit cards are "smartcards." Embedded with microchips, smartcards are a more secure way to authenticate - and identify - the buyer than a handwritten signature. The French Groupement des Cartes Bancaires "CB", a consortium of more than 200 French banks, was not fully satisfied by the US security standard, which relies solely on software and certificates stored on a user's hard drive.

C-SET adds a hardware component outside the user's computer: a US$100 numeric pad that an online buyer must use to key in a personal identification number as part of every purchase. Online accounts used in C-SET would be tied to the smart credit-cards issued by banks.

Online transactions will take place on a server owned by the card-issuing bank. The same bank plays the role of the trusted third party that will hold the encryption key that can be used to unlock the user's transaction records.

Under the French proposal, the banks will have to keep records of all transactional data for law-enforcement purposes.

Claude Meggle, director of security for the French banking consortium, said the PIN-pad-based identification system could also be used as a way to identify users who send encrypted messages in private communications. The trusted third parties will have to keep a record of connections - as all banks are doing today to officially fight fraud - and give a user's private key to police authorities if called upon to do so.

Meggle also noted that C-SET will give the authorities a means to levy taxes on online transactions.

"The French Finance Ministry has not yet decided to apply taxes and duties for online transactions, but C-SET is an adequate system for that," Meggle said. 


Next Page

Hit back button on your browser to return to previous page