IC卡食堂售饭机的开发

ELECTRONICPAYMENTS—THESMARTCARDSMARTCARDS,E-PAYMENTS,&LAW–PARTIDrSimonNewmanandGavinSutter,QueenMaryCollege,UniversityofLondonThisarticleinthreepartsexaminesthelegalissuesraisedbythedevelopmentofthesmartcard.Itexplorescontractual,liabilityandintellectualpropertyrightsissuesandassesseswhetherasuitablelegalframeworkexistsinwhichsmartcardusecanflourishandgrow.A.INTRODUCTIONTOSMARTCARDSANDELECTRONICPAYMENTSSYSTEMSAsmartcardissimplyaplasticrectanglecontaininganelectronicchip,andholdingacertainamountofreadabledata.OnecommonconsumeruseintheUKisindigitaltelevision,wheretheyareusedassecuritydevicestounscrambletheincomingdigitaltelevisionsignal.TheyarealsonowcommonlyusedinGSMstandarddigitalmobilephonesasSubscriberIdentityModule(SIM)cards.However,mostattentionfocusesontheirpotentialasanindependentlycarried,easilyportable,meansofbothidentificationandelectronicpayment-forexampleasan“e-purse”holdingelectroniccoinsforlow-valuetransactions,eitherheldsolelyonthecard,1orlinkedtoacentraldatabase.Smartcardtechnologyisnotnew,butatleastuntilveryrecentlyithaslargelyfailedtoachievewidespreadusewithinthecountriesoftheEuropeanUnion.Thisisnowbeginningtochangeassmartcardsbecomeincreasinglyubiquitous,althoughasyettheirprofileremainslowamongstthegeneralpublic-manypeoplemaycarryaroundoneormoresmart-chippedcreditcardsintheirwalletorpursewithoutbeingawarethatitholdsmorethantheusualmagneticstrip.PreviousEuropeansmartcardsdevelopmentcentredonmultiplenationalsystems,2allnon-compatible,whichhaveneverachievedgoodcustomertake-up.Evenwherealargenumberofcardshavebeencirculated,aswithProtoninBelgium,thefrequencyofusehasremaineddiscouraginglylow.TheEuropeanCommission’sEuropeSmartCardCharter,afterashakystartin2000,istryingtorectifythisbymovingfromitsoriginallytechnology-orientedstancetowardsamuchmorecustomer-centredapproach.Previouslyitfocusedontechnologicaldevelopmentofcompetingsystems,withinteroperabilityadistantgoal.Thishaschanged.Anew“user-centric”approachtoallaspectsofsmartcardsisintendedtohelpenfranchisethecitizenandgivehim/herfulleraccesstotheInformationSocietywhichisdevelopinginallaspectsofdailylife,includinggovernmentandlocalauthorityapplications.3Itacknowledgesinparticulartheneedforeasy“anytimeanywhere”access,inordertoachievethemasstakeupofsmartcardsthatiscurrentlylacking.Itseemsthattheprincipalcustomerspushingdevelopmentinthisinstancearenotindividualconsumers,noreventhebankingcorporations,buttheEuropeanUnion’snationaltransportnetworks.Transporthasproventohaveakeyroletoplayinthisareaasithasthemasscross-culturalusercommunityandrelativelysimple,extremelyhigh-volumeapplications4thatareneededtomakesmartcardspartofeveryone’sdailylife.ParticularlyprominentinthisfieldisTransportforLondon.5Inspiredbythesuccessofthe‘Octopus’smartcardintheHongKongtransitsystem,theirPrestigeProjecthasdevelopedasmartcardsystemforeasyautomatedticketing.Thisisa‘contactless’card,initiallyintendedasaseasonticket,withanexpirydaterecordedinthecard,allowinganunlimitednumberofjourneysuptothatdate.ContactlesssmartcardreadershavealreadyasofSeptember2001beeninstalledatsomeLondonUndergroundstations,andthesystemislikelytobeingeneralusebytheendof2002.Anepursefacilitycardisintendedtobeaddedshortlythereafter,withnotimelimit,butwithprepaidelectronictokensdeductedfromthecardoneachjourney,thatcanbe‘refilled’withtokensthroughoccasionalpaymentatanelectronicticketingmachine.Inter-operabilitywithothernationalandEuropeantransportnetworksisahighpriority–ultimatelyallowingthesamecardtobeusedonrail,busandothermasstransportsystemsfromLondontoMadridtoHelsinkiandbeyond.Aswithallnetworksystems,frommobilephonestotheInternet,smartcardapplicationsmustbeinteroperablewithcommonstandardsinordertobenefitexponentiallyfromwiderusethroughouttheEUandbeyond.Itisthereforecriticalboththatsuitabletechnologicalstandardsarereached,andthatasuitablelegalframeworkexistsinwhichsmartcardusecanflourishandgrow.Onequestionraisedbythemulti-functionalnatureofsmartcardsisoneofownership:standard,singleusemagneticstripcardsarecommonlyunderstoodtobeissuedby,forinstance,abank,tobeusedbythecustomerbutremainingthepropertyoftheissuer.Multi-functionalcardsmayhaveseveraldifferentapplicationsfromseveraldifferentsourcesloadedonthem–bankingdetails,creditcard,healthrecords–sowhoownsthecard?Isthereasinglecardowner,orwilleachinterestedpartybesaidtoownonlytheirownapplicationstoredonthecard?Arelatedquestionaskswhoispermittedtoissuean“electronicpurse”smartcard.Willthisbelimitedtobanks?Willpersonaldatacardsbeissuedsolelybygovernment?Especiallyincountriessuchas,forinstance,GermanyorFrancewhereagovernment-issuedIDcardisanecessity,couldthegovernmentinsuchastateissueitsownsmartcardsforIDpurposeswhichtheuserwouldthenaddotherapplicationssuchaspaymentfacilitiesto?Governmentownedcardswouldraisethefurtherissueofcitizens’rightstoaccessgovernmentinformationasrelatingtothemselves.Alternatively,willitbelegally,asitistechnically,possibleforacompanysimplytoproduceandsell‘empty’smartcardswhichtheusercanthenaddhisowndetailsto?Ormusttheissuerbealicensedperson,realorlegal?Afurtherimportantissuerequiringanalysisiswhethertheuserofacardwillbepermittedtoaddandremoveapplicationsfromthesmartcardatwill,orwhetheritwillcarryfixedapplicationsasinstalledbytherelevantcompanieswithwhichtheusermaynottamper.Thevoluntarynatureofsuchsystemsmustbeemphasized-themulti-application“smartwallet”maycontainsoftwarefromnumerousdifferentorganisations,butitscontentsmustbeundertheuser’scontrol,justlikeaphysicalwallet.Ifitistobecommerciallysuccessfulitmustbeseenasbothsafeandconvenientfortheenduser.Thisislikelytorequireeasynotificationproceduresincaseoflossortheft,withthecardanditscontentsbeingmadequickandeasytoreplace.Thecontractualissuesinvolvedrequireconsideration.Forinstance,thecontractualrelationshipbetweenissueranduserwillremainsubstantiallysimilarasfortheissueofastandardmagneticstripsingleusecard.However,amulti-functionalcardraisesanumberofotherrelationshipssuchasthatbetweencardissuerandapplicationprovider,orbetweenoneapplicationandanother.Anareaofgreatsignificanceisliability.Liabilityforloss,damage,fraudulentusage,etcofastandardmagneticstrippaymentcard(credit,debit,etc)issubjecttoaclearcontractbetweentheissuerandtheuser.However,whenamulti-functionalsmartcardisinvolved,theissuesbecomemuchmorecomplex.Forexample,inthecaseoflossortheft,whobearstheresponsibilityifnottheuser?Isthereasingleapplicationwhichwillberesponsibleforensuringadequatesecurityforthecard’sgeneralfunctions,forexample,preventionoffraudulentuseofthecardinpayment,orofadigitalsignatureencodedintoitinordertoidentifytherightfuluser?Security,fraudprevention,andsoonwillalsoariseasissuesofconsumerprotectionprovisions.Theapplicationofdataprotectionrequirementswillbeofgreatsignificanceinensuringadequateconsumerprotectionstrategiesareinplace.Thisislikelytoentailtheuseofsomemethodofencryption,raisingfurtherissuesastoavailabilityofdecryptioninformation.Lastly,intellectualpropertyrights(IPR)inthesmartcardtechnologywillbeanalyzedinthestudy.Howwilltheprotectionofsuchrightsbeachieved–willitbeprimarilybypatents,ratherthancopyright?Howarethosecommercialinterestsinvolvedintheproductionofsmartcardscurrentlyprotectingtheirinterestsinthetechnology1.TheDevelopmentofSmartCardsRapidgrowthinelectronicbusinesshasledtothedevelopmentofpaymentsystemstailoredtomeettheneedsofonlinepurchasing.Althoughcreditcardshaveprovedthemostpopularmethodforonlinepaymentssofar,theymaynotbethemostappropriatemethodinalltransactions.Forexample,theymayprovetoocostlyforthepurchaseoflowvaluegoodsandservices,andarenotsuitableformakingpaymentstoconsumers.TheincreasedinterestinauctionschemessuchaseBay6leadstoanincreasingneedforsystemswhichallowforthetransferofvaluebetweenconsumers,ratherthanonlybetweenconsumersandbusinesses.Theperceivedsecurityrisksofsendingcreditcarddetailsonlinehavealsoprovedabarriertotheiruse,leadingtoaninterestindevelopingmoresecurealternatives.Avastarrayofelectronicpaymentsystemshavebeen(andarebeing)developedaroundtheworld.Theseareeithersmartcardsystems,wherethevalueisstoredonachiponamultipurposecard,orsoftwaresystemswherethevalueisstoredaselectronictokensinthememoryofthecomputer.However,althoughsomeofthesesystemshavebeenavailabletotheconsumerforseveralyearsnonehasbecomeuniversallyaccepted.Furthermore,becausethevarioussystemsandtechnologiesarenotinteroperable,consumersandmerchantsareforcedtochoosewhichorhowmanyofthesystemstouse.Manyonlinebuyersandsellershavethereforeelectedtousethetraditionalcreditcardduetoitsgreateruniversalacceptance.Manysystemshavebeendevelopedintrialformbuthavenotimmediatelybeenfollowedupbycommercialexploitation,andothershavebeenchangingandmodifyingtheirservicestomeettheneedsofthemarket.Itseemsthereforethatthemarketisstillinastateoffluxandthatcommercialbarriersarehinderingtheadoptionofthesenewsystems.Variousstepshavebeentakentowardsremedyingthelackofinteroperabilitysuchasthedevelopmentofastandardprotocolwhichmayovercomethecommercialdifficulties.AsfarasthelegalissuesareconcernedthesehavetoadegreebeenovershadowedbythecommercialproblemsalthoughintheEuropeanUnionthecreationofaregulatoryframeworkforelectronicmoneyissuersisunderway.However,otherissuessuchasthecontractualrelationshipbetweentheissuerandtheconsumerhavenotbeenaddressed.2.ElectronicPaymentSystems:Software(a)CreditandDebitCardsCreditanddebitcardsmaybegroupedtogetherasexamplesof‘debttransferencesystems’.Theuseofeitherinmakingpaymentsassociatedwithonlinepurchaseisbroadlysimilartotheothermainmethodsofcarryingoutdistancecardpurchases–bymail,faxorbytelephone–inthattheactualcarditselfandthesignaturethereonarenothandledorseenbythepayee,butthedetails(numberandexpirydate)aretransmittedovertheinternet,eitherviaawebsiteorbyemail.Currentlysuchincorporationof‘traditional’creditcardsystemsintoelectroniccommerceremainsthemostpopularmethodofpaymentovertheinternet,presumablyatleastinpartbecauseitsusedoesnotrequireinvestmentoftimeandmoneyintoacquiringandbecomingfamiliarwithnewsystems.Also,thereisaperceived‘comfort’factorinthesecurityofferedbyanestablishedbrandsuchasVisa.Therestillexists,however,somedegreeofconcernamongconsumersgenerallyaboutthesecurityofmakingsuchtransactions.Whiletheriskofinterceptionofcreditcardinformationbyathirdparty,orarecordofitbeingmadebyanunscrupuloussalesassistant,andsubsequentfraudulentusagedoeslittletodetermostfrommakingsuchpurchasesbytelephoneorinperson,fearsaboundthatthiswillhappeniftheydosoovertheinternet.Governmentshaveaclearinterestinsuchissues,aswiderconsumerspendingininternetsaleswillservetobolsterthenewdigitaleconomy.Technologicalmethodsmaygiveconsumerstheconfidencetotakeadvantageofwhatthenewmarketplacehastooffer.Theymayalsohelptopreventcreditcardfraud,thuscontributingtoreductionofsuchcrimes,anotherattractivefeatureforgovernments.(b)SecureSocketLayer(SSL)ProtocolTheSSLprotocolcreatesasecurechannelforthetransmissionofencryptedpaymentcarddetailsbetweenretailerandconsumerandisinwideusageacrosstheinternet,incorporatedintomanydifferentsoftwaresystems.PatentedbyNetscapeandsubmittedtotheWorldWideWebConsortium(W3C)earlyin1998asastandard,ithasnowbecomethenormforsecurecommunicationofpaymentcardinformationovertheinternet.Inoperation,SSLutilizesamixofpublicandprivatekeyencryption.Privatekeyencryptioninvolvestheuseofonesingle‘key’–analgorithmiccode–whichallowsamessagetobeencrypted.Onceencrypted,themessagecanonlybereopenedwiththekey.Accesstoamessagecanthusbecontrolledbycontrollingdistributionofthekey.Thepublickeytechniqueisbroadlysimilar,however,thereisaseparate,publickeywhichisgiventoBtoeitherdecodemessageswhichhavebeenencryptedusingA’sprivatekeyortoencryptamessagetosendtoAwhichcanthenonlybeopenedwiththeprivatekey.Itisaversionofthissystemwhichonlineretailersgenerallyuse.Thepublickeyismadefreelyavailabletotheconsumerviathewebsite:thepayment