30 C o M M u n i C at i o n s o f t h e a C M j A.docxtamicawaysmith
30 C o M M u n i C at i o n s o f t h e a C M | j A n U A R Y 2 0 1 2 | V O L . 5 5 | n O . 1
V
viewpoints
T
He eMeRGence of the Internet
has put enormous pressure
on the rights model of U.S.
copyright law. That model
is premised on the notion
that copyright holders are entitled to
control the making of copies of their
works, but technology has made that
control somewhere between fragile
and nonexistent. Content creators
have struggled to restore the control
assumed by copyright law. Two recent
developments, one pending federal
legislation and the second an industry-
wide agreement between Internet ser-
vice providers and content distributors,
provide new looks at this ongoing issue.
Technology and copyright have a
complex relationship. New waves of
technology have created novel expres-
sive opportunities and dramatic im-
provements in the ability to distribute
copyrighted works. But new technol-
ogy rarely asks permission, and with
each technical advance, we have seen
new opportunities and new clashes.
Perforated rolls for player pianos in
the early 1900s came from sheet mu-
sic and roll producers were not eager
to write checks to copyright holders.
Radio saw recorded music as a way to
fill the airways even though disks came
with a legend stating that the music
was not licensed for radio broadcast.
And the VCR introduced a new vocabu-
lary—time shifting—and the chance to
watch TV on your schedule, not broad-
casters’ schedules. It did so without of-
fering any compensation to broadcast-
ers or show producers and even created
the risk that the financing model for
free broadcast TV would be put at risk
by viewers with nimble fingers who
fast-forwarded through commercials.
Since at least the advent of Napster,
the music industry has struggled to find
a strategy to control illegal downloads
of music. Technology made it very easy
to rip CDs and share the results with the
world. The music industry responded
with lawsuits, first against Napster,
Aimster, and Grokster, and then against
individual consumers, leading to prom-
inent examples such as the ongoing
saga of Jammie Thomas-Rasset. The
suits have been on the whole quite suc-
cessful, at least as measured by the stan-
dards that lawyers use. Grokster lost 9-0
on the question of whether it might be
liable for inducing copyright infringe-
ment (there was much more division
on the question of how the U.S. Su-
preme Court’s prior Sony case should
apply to this situation). Thomas-Rasset
has faced juries multiple times and
each time jurors have come back with
damage awards—the first time $1.92
million and second time $1.5 million—
that judges found too high.
Notwithstanding all of that, the
Law and Technology
The Yin and Yang of
copyright and Technology
Examining the recurring conflicts between copyright
and technology from piano rolls to domain-name filtering.
DOI:10.1145/2063176.2063190 Randal C. Picker
...
Glyn moody: ethics of intellectual monopolies - fscons 2010glynmoody
FSCONS 2010 talk about how copyright and patents were created to deal with scarcity; in today’s world of creative and inventive abundance, we need neither. Freeing up knowledge for all to use would cause a positive feedback loop of creativity and invention.
Glyn moody ethics of intellectual monopolies - fscons 2010FSCONS
FSCONS 2010 talk about how copyright and patents were created to deal with scarcity; in today's world of creative and inventive abundance, we need neither. Freeing up knowledge for all to use would cause a positive feedback loop of creativity and invention.
Professional Issues in IT - Intellectual Property Basics
Reference : Tavani, Herman T., “Ethics and technology: controversies, questions, and strategies for ethical computing” , 4th Edition.
Future of Internet Copyrights: Recent Cases and Congressrimonlaw
Congress is currently considering whether copyright law needs to be overhauled for the digital era. Despite the explosion in innovation and creativity on the Internet since passage of the DMCA 15 years ago, tensions have been growing between content owners and technology providers, leading to high profile clashes that will impact the future of the Internet, innovation, and creativity. We will review ongoing Congressional hearings and recent cases that set the stage for these policy discussions and future legislation.
30 C o M M u n i C at i o n s o f t h e a C M j A.docxtamicawaysmith
30 C o M M u n i C at i o n s o f t h e a C M | j A n U A R Y 2 0 1 2 | V O L . 5 5 | n O . 1
V
viewpoints
T
He eMeRGence of the Internet
has put enormous pressure
on the rights model of U.S.
copyright law. That model
is premised on the notion
that copyright holders are entitled to
control the making of copies of their
works, but technology has made that
control somewhere between fragile
and nonexistent. Content creators
have struggled to restore the control
assumed by copyright law. Two recent
developments, one pending federal
legislation and the second an industry-
wide agreement between Internet ser-
vice providers and content distributors,
provide new looks at this ongoing issue.
Technology and copyright have a
complex relationship. New waves of
technology have created novel expres-
sive opportunities and dramatic im-
provements in the ability to distribute
copyrighted works. But new technol-
ogy rarely asks permission, and with
each technical advance, we have seen
new opportunities and new clashes.
Perforated rolls for player pianos in
the early 1900s came from sheet mu-
sic and roll producers were not eager
to write checks to copyright holders.
Radio saw recorded music as a way to
fill the airways even though disks came
with a legend stating that the music
was not licensed for radio broadcast.
And the VCR introduced a new vocabu-
lary—time shifting—and the chance to
watch TV on your schedule, not broad-
casters’ schedules. It did so without of-
fering any compensation to broadcast-
ers or show producers and even created
the risk that the financing model for
free broadcast TV would be put at risk
by viewers with nimble fingers who
fast-forwarded through commercials.
Since at least the advent of Napster,
the music industry has struggled to find
a strategy to control illegal downloads
of music. Technology made it very easy
to rip CDs and share the results with the
world. The music industry responded
with lawsuits, first against Napster,
Aimster, and Grokster, and then against
individual consumers, leading to prom-
inent examples such as the ongoing
saga of Jammie Thomas-Rasset. The
suits have been on the whole quite suc-
cessful, at least as measured by the stan-
dards that lawyers use. Grokster lost 9-0
on the question of whether it might be
liable for inducing copyright infringe-
ment (there was much more division
on the question of how the U.S. Su-
preme Court’s prior Sony case should
apply to this situation). Thomas-Rasset
has faced juries multiple times and
each time jurors have come back with
damage awards—the first time $1.92
million and second time $1.5 million—
that judges found too high.
Notwithstanding all of that, the
Law and Technology
The Yin and Yang of
copyright and Technology
Examining the recurring conflicts between copyright
and technology from piano rolls to domain-name filtering.
DOI:10.1145/2063176.2063190 Randal C. Picker
...
Glyn moody: ethics of intellectual monopolies - fscons 2010glynmoody
FSCONS 2010 talk about how copyright and patents were created to deal with scarcity; in today’s world of creative and inventive abundance, we need neither. Freeing up knowledge for all to use would cause a positive feedback loop of creativity and invention.
Glyn moody ethics of intellectual monopolies - fscons 2010FSCONS
FSCONS 2010 talk about how copyright and patents were created to deal with scarcity; in today's world of creative and inventive abundance, we need neither. Freeing up knowledge for all to use would cause a positive feedback loop of creativity and invention.
Professional Issues in IT - Intellectual Property Basics
Reference : Tavani, Herman T., “Ethics and technology: controversies, questions, and strategies for ethical computing” , 4th Edition.
Future of Internet Copyrights: Recent Cases and Congressrimonlaw
Congress is currently considering whether copyright law needs to be overhauled for the digital era. Despite the explosion in innovation and creativity on the Internet since passage of the DMCA 15 years ago, tensions have been growing between content owners and technology providers, leading to high profile clashes that will impact the future of the Internet, innovation, and creativity. We will review ongoing Congressional hearings and recent cases that set the stage for these policy discussions and future legislation.
Breaking Status Quo – disruptive technologies or the EU?
Is the break-up of control coming from the new monitoring, tracking, and monetising technologies or will it be enforced by EU regulation just as it has been for other industries not considering the user enough?
Technologies for tracking and monetising have been in existence for a long time, but why have they not been successfully implemented?
Sophie Goossens, Senior Attorney-at-Law, August & Debouzy
Intellectual Property: Introduction, Protection of Intellectual Property Copyright, Related Rights, Patents, Industrial Designs, Trademark, Unfair Competition
Information Technology Related Intellectual Property Rights Computer Software and Intellectual Property-Objective, Copyright Protection, Reproducing, Defences, Patent Protection. Database and Data Protection-Objective, Need for Protection, UK Data Protection Act, 1998, US Safe Harbor Principle, Enforcement. Protection of Semi-conductor Chips-Objectives Justification of protection, Criteria, Subject-matter of Protection, WIPO Treaty, TRIPs, SCPA. Domain Name Protection-Objectives, domain name and Intellectual Property, Registration of domain names, disputes under Intellectual Property Rights, Jurisdictional Issues, and International Perspective.
Patents (Ownership and Enforcement of Intellectual Property) Patents-Objectives, Rights, Assignments, Defences in case of Infringement Copyright-Objectives, Rights, Transfer of Copyright, work of employment Infringement, Defences for infringement Trademarks-Objectives, Rights, Protection of good will, Infringement, Passing off, Defences. Designs-Objectives, Rights, Assignments, Infringements, Defences of Design Infringement
Enforcement of Intellectual Property Rights - Civil Remedies, Criminal Remedies, Border Security measures. Practical Aspects of Licencing – Benefits, Determinative factors, important clauses, licensing clauses.
Cyber Law: Basic Concepts of Technology and Law : Understanding the Technology of Internet, Scope of Cyber Laws, Cyber Jurisprudence Law of Digital Contracts : The Essence of Digital Contracts, The System of Digital Signatures, The Role and Function of Certifying Authorities, The Science of Cryptography Intellectual Property Issues in Cyber Space: Domain Names and Related issues, Copyright in the Digital Media, Patents in the Cyber World. Rights of Netizens and E-Governance : Privacy and Freedom Issues in the Cyber World, E-Governance, Cyber Crimes and Cyber Laws
Information Technology Act 2000 : Information Technology Act-2000-1 (Sec 1 to 13), Information Technology Act-2000-2 (Sec 14 to 42 and Certifying authority Rules), Information Technology Act-2000-3 (Sec 43 to 45 and Sec 65 to 78), Information Technology Act-2000-4(Sec 46 to Sec 64 and CRAT Rules), Information Technology Act-2000-5 (Sec 79 to 90), Information Technology Act-2000-6 ( Sec 91-94) Amendments in 2008.
SOPA, OPEN, ACTA and parallel copyright reforms in Europe, The right way to t...beamatinet
Conference Jan. 23 2012, Stanford Law School on SOPA, OPEN, ACTA and parallel copyright reforms in Europe, The right way to tackle online infringement?
(by @beamartinet)
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Breaking Status Quo – disruptive technologies or the EU?
Is the break-up of control coming from the new monitoring, tracking, and monetising technologies or will it be enforced by EU regulation just as it has been for other industries not considering the user enough?
Technologies for tracking and monetising have been in existence for a long time, but why have they not been successfully implemented?
Sophie Goossens, Senior Attorney-at-Law, August & Debouzy
Intellectual Property: Introduction, Protection of Intellectual Property Copyright, Related Rights, Patents, Industrial Designs, Trademark, Unfair Competition
Information Technology Related Intellectual Property Rights Computer Software and Intellectual Property-Objective, Copyright Protection, Reproducing, Defences, Patent Protection. Database and Data Protection-Objective, Need for Protection, UK Data Protection Act, 1998, US Safe Harbor Principle, Enforcement. Protection of Semi-conductor Chips-Objectives Justification of protection, Criteria, Subject-matter of Protection, WIPO Treaty, TRIPs, SCPA. Domain Name Protection-Objectives, domain name and Intellectual Property, Registration of domain names, disputes under Intellectual Property Rights, Jurisdictional Issues, and International Perspective.
Patents (Ownership and Enforcement of Intellectual Property) Patents-Objectives, Rights, Assignments, Defences in case of Infringement Copyright-Objectives, Rights, Transfer of Copyright, work of employment Infringement, Defences for infringement Trademarks-Objectives, Rights, Protection of good will, Infringement, Passing off, Defences. Designs-Objectives, Rights, Assignments, Infringements, Defences of Design Infringement
Enforcement of Intellectual Property Rights - Civil Remedies, Criminal Remedies, Border Security measures. Practical Aspects of Licencing – Benefits, Determinative factors, important clauses, licensing clauses.
Cyber Law: Basic Concepts of Technology and Law : Understanding the Technology of Internet, Scope of Cyber Laws, Cyber Jurisprudence Law of Digital Contracts : The Essence of Digital Contracts, The System of Digital Signatures, The Role and Function of Certifying Authorities, The Science of Cryptography Intellectual Property Issues in Cyber Space: Domain Names and Related issues, Copyright in the Digital Media, Patents in the Cyber World. Rights of Netizens and E-Governance : Privacy and Freedom Issues in the Cyber World, E-Governance, Cyber Crimes and Cyber Laws
Information Technology Act 2000 : Information Technology Act-2000-1 (Sec 1 to 13), Information Technology Act-2000-2 (Sec 14 to 42 and Certifying authority Rules), Information Technology Act-2000-3 (Sec 43 to 45 and Sec 65 to 78), Information Technology Act-2000-4(Sec 46 to Sec 64 and CRAT Rules), Information Technology Act-2000-5 (Sec 79 to 90), Information Technology Act-2000-6 ( Sec 91-94) Amendments in 2008.
SOPA, OPEN, ACTA and parallel copyright reforms in Europe, The right way to t...beamatinet
Conference Jan. 23 2012, Stanford Law School on SOPA, OPEN, ACTA and parallel copyright reforms in Europe, The right way to tackle online infringement?
(by @beamartinet)
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Chapter14.ppt
1. Chapter 14 Electronic Commerce 1
Electronic Commerce
Electronic commerce:
o Growing popularity
o Billions of dollars at stake
o A major proving ground for computer, network,
and Internet security mechanisms
Challenges that electronic commerce must
deal with:
o Protecting intellectual property on the Internet
o Guarding users’ online privacy
o Establishing acceptable electronic payment
systems
2. Chapter 14 Electronic Commerce 2
What is Electronic
Commerce?
Electronic commerce (or e-commerce)
encompasses all business activities that are
conducted using computer-mediated networks
Subcategories:
o Business-to-consumer (a.k.a B2C or e-retail) -
consumers purchasing goods and services (mostly over
the Internet)
According to the Census Bureau, there was $8.7 billion in
e-retail sales in the last quarter of 2000 (~1% of the $856
billion in retail sales)
o Business-to-business (a.k.a. B2B) - transactions between
businesses over computer networks
o Support transactions (e.g. recruiting employees, holding
virtual meetings, managing inventory, etc.)
3. Chapter 14 Electronic Commerce 3
E-Commerce – Benefits and
Challenges
Benefits:
o For businesses:
Increased sales
Decreased costs
o For consumers:
Increased choice
Increased convenience
Decreased prices
Challenges:
o Protecting intellectual property
o Guarding online privacy
o Establishing acceptable electronic payment systems
4. Chapter 14 Electronic Commerce 4
Copyright
Copyright - the notion that the creator of an original work
has certain rights to restrict the work’s duplication or
distribution
Copyright protects:
o Literary works
o Musical works
o Dramatic works
o Sculptures
o Photographs
o Movies
o Any other form expression conveyed using a tangible medium
Copyright does not protect:
o Ideas, processes, concepts, principles, or other non-tangible
articles
5. Chapter 14 Electronic Commerce 5
Copyright (cont)
Rational for copyright:
o In order to encourage people to create new and useful
works, creators must be granted protections that enable
them to control their work and profit from it
Legal status of copyright (in the U.S.):
o Article I, Section 8 of the U.S. Constitution grants
Congress the power to “promote the progress of science
and useful arts, by securing for limited times to authors
and inventors the exclusive right to their respective
writings and discoveries.”
o The Digital Millennium Copyright Act (DMCA) of 1998
Circumvention of technological measures employed by
owners to protect (restrict access and copying) their works
Tampering with copyright management information
6. Chapter 14 Electronic Commerce 6
DMCA Controversy
July, 2001, Dmitry Sklyarov, a Russian Ph.D.
student visiting Las Vegas for a computer
conference
Arrested by U.S. authorities and charged with
violating the DMCA’s provision on circumventing
copyright protection mechanisms
Sklyarov had developed Advanced eBook Processor
software for a Russian company, Elcomsoft
o Enabled users to convert digital files from Adobe
Systems’ protected “eBook” format to the unprotected
PDF
o Product was intended to allow blind people to access
eBooks using a text-to-speech program (which cannot
read eBook files but can read PDF files)
7. Chapter 14 Electronic Commerce 7
DMCA Controversy (cont)
April 2001, a team of researchers led by Princeton
professor Edward Felten sought to publish their
findings on the weakness of the proposed SDMI
digital music access-control technologies
The paper was withdrawn when the recording
industry threatened to pursue legal action under
the DMCA if the group published its methods for
circumventing the SDMI protections
Sklyarov’s case and a challenge by Felten to the
DMCA on the grounds that it violates his First
Amendment rights to freedom of speech are still
pending
8. Chapter 14 Electronic Commerce 8
Intellectual Property
Intellectual Property - the notion that creation of the
mind (whether tangible or intangible) also deserve
protection
Issues:
o Value of intellectual property
Some companies now sell ideas or other intangible products
Depend on intellectual property rights to protect them from unfair
practices by their competitors
o Most countries have laws relating to copyright and intellectual
property, but there are substantial variations from country to
country
The Internet makes protected works available everywhere
Unfair use in countries with weaker protection
Abuse in countries with strong protections
9. Chapter 14 Electronic Commerce 9
Intellectual Property (cont)
Issues (cont):
o The ability of the Internet to widely distribute
digital works quickly and cheaply
Consider analog music albums:
Easy to copy
• Duplication process resulted in degradation of the
recording
Hard to distributing copies widely
Consider digital music files:
Easy to copy
• An exact digital copy can be made which is
indistinguishable from the original
Easy to distribute widely
• The Internet is well suited for wide distribution of
digital files
10. Chapter 14 Electronic Commerce 10
Intellectual Property
Protection
The Paris Convention (1883)
o Protected only patents, trademarks, and industrial
designs
o 14 member states
The Berne Convention (1886)
o Extended protection to various literary, musical, and
artistic works
The World Intellectual Property Organization
(1970)
o A special agency of the United Nations
o Includes nearly ninety percent of the world’s nations as
members states
o Oversees the development and application of
international standards for the protection of intellectual
property
11. Chapter 14 Electronic Commerce 11
Cybersquatting
Cybersquatting - register an Internet domain
name that is a trademark of other people or
companies in hopes of profiting:
o Attracting a large number of Internet users
o Selling the domain name to the rightful owner
Rulings (by WIPO)
o October, 2000: evicted a cybersquatter from the domain
name madonna.com in response to a complain filed by pop
singer Madonna
Other celebrities have won similar cases: Julia Roberts,
Nicole Kidman, and Jimi Hendrix’ estate
o February, 2001, rocker Bruce Springsteen failed in his
attempt to wrest the domain name brucespringsteen.com
from a fan
12. Chapter 14 Electronic Commerce 12
Case Study of Intellectual Property on the
Internet
Napster is music-file sharing software
Created in 1999 by Shawn Fanning
More than 60 million users at it peak in
popularity
Functionality:
o Locate songs
o Download and store a digital (MP3) copy for
free
o Listen to the song as often as desired
13. Chapter 14 Electronic Commerce 13
Case Study: Napster (cont)
Ripping
o Using software known as a ripper, individuals can:
Extract (or rip) tracks from commercial, copyrighted
compact discs
Store them in the MP3 file format
“Share” them with other Napster users
Copyright violation
Results:
o Artists and record companies do not realize a sale each
time one of their songs is transferred from one Napster
user to another
o Fewer people may buy CDs when they can obtain copies of
any song on them for free
14. Chapter 14 Electronic Commerce 14
File Sharers vs. RIAA
July, 2000
o Recording Industry Association of America (RIAA), a
trade group representing most of the record companies
seeks an injunction against Napster in Federal court
o The injunction was granted with the judge ordering
Napster to eliminate all copyrighted material from its
service (Napster appeals)
March, 2001
o Injuction takes effect – Napster ordered to block
trading of copyrighted songs
o Napster vows to comply with the judge’s order and to
continue serving uncopyrighted work while seeking a
settlement with the music industry
15. Chapter 14 Electronic Commerce 15
File Sharers vs. RIAA (cont)
March, 2001 – June, 2001
o Filtering techniques become more effictive
o Napster usage declines markedly
o Napster announces plans to transform into a
paid-subscription service
July, 2001 - present
o Napster song-swapping service defunct
o Other song-swapping services gain popularity
o RIAA sues song swappers
16. Chapter 14 Electronic Commerce 16
The Secure Digital Music Initiative
(SDMI)
SDMI is a consortium of about 200
companies representing:
o The recording industry
o Consumer electronics
o Technology firms
Goal: to develop a voluntary, open
framework for playing, storing, and
distributing digital music in a protected
form
17. Chapter 14 Electronic Commerce 17
SDMI (cont)
Phase I
o Developing standards for SDMI-compliant devices and
watermarking of digital music files
Digital watermarking technologies hide signals in digital
music files that encode copyright information for the song
The watermark cannot easily be removed from the file and
appears in any copies that are made
Phase II
o Adopt a screening technology to filter out pirated music
in SDMI-compliant devices
o New digital recordings will only be able to be played on
SDMI-compliant devices (which will not play pirated
copies of copyrighted songs)
18. Chapter 14 Electronic Commerce 18
Electronic Commerce -
Summary
Electronic commerce encompasses all business
activities that are conducted using computer-
mediated networks
Copyright - the creator of an original work has
certain rights to restrict the work’s duplication or
distribution
Intellectual property - the ownership of creations
of the mind whether tangible or intangible
o Challenges:
Cybersquatting
Song swapping
o Proposed legal solutions: DMCA, WIPO, RIAA lawsuits
o Proposed technical solutions: SDMI
19. Chapter 14 Electronic Commerce 19
Online Privacy
What is online privacy and why is it
important?
Addressing online privacy issues
o Government regulation
o Self-regulation
P3P
TRUSTe
o Technical solutions
The Anonymizer
Crowds
20. Chapter 14 Electronic Commerce 20
Online Privacy
Most people safeguard their:
o Medical history
o Financial records
o Other personal information
In order to avoid:
o Loss of privacy
o Embarrassment
o Inconvenience
o Harm
Legal status of individual privacy (in the U.S.):
o The fourth amendment of the U.S. Constitution grants citizens
the right “to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures” by the
government
o Other statues
21. Chapter 14 Electronic Commerce 21
Effect of the Internet on
Privacy
Increase in the amount of available information
about individuals:
o Online people finders
o Electronic phone books
o Search engines
o E-mail directories
Easy automation of data:
o Collection
o Correlation
o Analysis
o Use
22. Chapter 14 Electronic Commerce 22
Addressing Online Privacy
Issues
Governmental regulation
o Example: library materials and video rentals
Subject to laws which stipulate that records cannot be kept about
which titles (or even which types of titles) a particular person has
borrowed
o Online privacy has been studied by the Senate Judiciary
Committee
Self-regulation
o P3P – a standard format in which a web site can represent its
privacy policy describing what personal information is being
collected and how it will be used
o TRUSTe - utilizes a trusted third party to certify that a web
site adheres to certain basic privacy principles
Technical solutions
o The Anonymizer – protects privacy by acting as proxy for web
requests
o Crowds - simulates the anonymous nature of being part of a
23. Chapter 14 Electronic Commerce 23
The Platform for Privacy
Preferences Project (P3P)
Project by the World Wide Web
Consortium
Goal: to define a standard format in which
web sites can represent their privacy
policies:
o The entity stating the policy
o The types of data collected
o How the data will be used
o Other possible recipients of the data
24. Chapter 14 Electronic Commerce 24
P3P (cont)
User agents:
o Automatically retrieve the privacy policy for sites that users
visit
o Make decisions based on the site’s policy and the user’s
specified privacy preferences
Check that the type information requested is disclosed in the site’s
privacy policy
Verify that requested information is consistent with the user’s
preferences and has been cleared for release
User agents can be implemented:
o In a web browser
o Via a plugin
o With a proxy server
Note: P3P does nothing to ensure that a site abides by its
stated policy
25. Chapter 14 Electronic Commerce 25
TRUSTe
An independent, non-profit organization
founded by the Electronic Frontier
Foundation
Privacy Seal Program:
o A trusted third party certifies that a web site
adheres to certain basic privacy principles
o Trusted third party issues a seal that member
sites can display
o Member sites are subject to ongoing oversight
by that third party for compliance
26. Chapter 14 Electronic Commerce 26
TRUSTe (cont)
Privacy principles:
o Adoption and implementation of an acceptable privacy policy
o Notice and disclosure of information collection and use
practices
o Giving users the opportunity to exercise control over their
information
o Security measures to help protect the privacy and integrity of
personal information
TRUSTe oversight:
o Initial and periodic reviews of the site by TRUSTe or other
third party firms
o Analysis of feedback and complaints from the Internet
community
o Seeding, whereby TRUSTe itself submits fictitious user
information to a member site to verify that the information is
not misused
27. Chapter 14 Electronic Commerce 27
Motivation for the
Anonymizer
A web server learns quite a bit of information when a host
requests a web page:
o The host’s IP address, which could reveal:
The identity of an individual user
The user’s employer
The user’s Internet Service Provider
The user’s approximate physical location
o Other information about the host:
Type, version, and settings of the browser
Type and version of the host’s operating system
o Sometimes, the referring page and the next page the user
visits after leaving the current page
Some people prefer not to reveal all of that information to
every web site that they visit
28. Chapter 14 Electronic Commerce 28
The Anonymizer
A web site that provides a variety of privacy services to
subscribers by acting as proxy for their web requests:
TCP/IP
Intern
et
Client
Serv
er
I. Normal
Request/Reply
Anonymize
r
TCP/IP
Intern
et
Client
Serv
er
II. Request/Reply Using the
Anonymizer
29. Chapter 14 Electronic Commerce 29
The Anonymizer (con)
Caveats:
o The communication channel between a user and the
Anonymizer is not secure
Possible that a user’s ISP or a machine on the path between
the user and the Anonymizer can determine what sites a
user is visiting
The Anonymizer offers a secure tunneling service at an
additional cost
o Subscribers must trust the Anonymizer
It learns a lot about them (including all the sites that they
visit anonymously)
o Requests/replies may follow an inefficient route
o Anonymity can be circumvented by mobile code
E.g. A java applet that opens a network connection from the
machine it runs on back to the server from which it was
downloaded
30. Chapter 14 Electronic Commerce 30
Crowds
Collect users into a group called a crowd which
performs requests on behalf of its members
o User joins crowd by running a process (called a
jondo) on his/her local machine
Learn other current members of the crowd and
cryptographic key shared by the crowd
Current members of the crowd are informed of your
membership
o Crowd members can issue requests through the
crowd such that:
Servers can’t determine which crowd member initiated
the request
Other crowd members can’t determine which crowd
member initiated the request
31. Chapter 14 Electronic Commerce 31
Issuing Requests Through the
Crowd
All requests are sent to the jondo
Jondo randomly chooses another member of the crowd and
sends the request to them
Whenever a crowd member receives a request from another
crowd member it chooses either:
o With probability p (where p>1/2): to send the request to
another randomly selected member of the crowd
o With probability (1-p): to submit the request to the server
Request does not change from one jondo to the next
o Each jondo can tell which other jondo sent it the request
o Each jondo cannot tell whether its predecessor initiated the
request or is just forwarding it
All communications between jondos is encrypted with the
crowd key
32. Chapter 14 Electronic Commerce 32
Receiving a Reply Through the
Crowd
Every request takes some path through the jondos to the
server
Reply follows the same path (in reverse) back through the
jondos and to the initiator
Example:
o Jondo4 joins the crowd consisting of jondo1, jondo2, jondo3,
and jondo5
o Jondo4 constructs a request and sends it to jondo3
o Jondo3 receives the request and sends it to jondo1
o Jondo1 receives the request and sends it to jondo4
o Jondo4 receives the request and sends it to jondo2
o Jondo2 receives the request and sends it to the server
o The server’s reply goes to jondo2, jondo4, jondo1, jondo3, and
finally to jondo4
33. Chapter 14 Electronic Commerce 33
Crowds Paths
Paths through the crowd remain static as long as
possible
o One path through the crowd for each jondo
o Each jondo keeps track of its predecessor and successor
for a given path
o Each jondo knows where to send a request next based on
its path identifier and the jondo from which it was
received
Subsequent requests initiated by the same jondo follow the
same path through the crowd even if the request is bound
for a different server
Example:
Jondo4 generates a new request to a new server
It still travels to the server through jondos 3, 1, 4, and 2
Paths through the crowd only change when jondos join
or leave the crowd at which point all paths are
34. Chapter 14 Electronic Commerce 34
Crowds – Anonymity Properties
No single point at which a passive eavesdropper
can compromise all users’ anonymity
Server obtains no information about who initiated
a request (except that it came from a member of
the crowd)
o Jondo originating the request always forwards it to a
randomly chosen member of the crowd
o Server receives each request from any member of the
crowd with equal likehood
o Sender of request is beyond suspicion (no more likely
than any other member of the crowd to have originated
the request)
35. Chapter 14 Electronic Commerce 35
Crowds – Anonymity Properties
(cont)
No jondo can learn the initiator of a request
(unless it initiated the request itself)
o Messages received from a predecessor on a particular
path may have been originated by the predecessor or
may have just been forwarded
o Sender is probably innocent (no more likely to have
originated a given request than to have not originated it)
No local eavesdropper who can observe all (and
only) communication involving a user’s machine can
determine the eventual destination of a request
(unless the initiator winds up submitting the
request itself)
o Messages are encrypted and cannot be read by the
eavesdropper
36. Chapter 14 Electronic Commerce 36
Crowds – Risks and
Limitations
If your jondo is the last on some path requests
you did not initiate may be attributed to you
o Plausible deniability
No mechanism in crowds to protect the privacy of
the request contents from other crowd members
o E.g. username and password, credit card number
Can be circumvented by mobile code that opens a
network connection back to the server
o E.g. java applets and Active X controls
Increases response times and network traffic
37. Chapter 14 Electronic Commerce 37
Online Privacy - Summary
Problem – privacy and personal information must
be protected
Possible solutions:
o Government regulation
o Self-regulation
P3P – a standard format in which a web site can represent
its privacy policy describing what personal information is
being collected and how it will be used
TRUSTe - utilizes a trusted third party to certify that a
web site adheres to certain basic privacy principles
o Technical solutions
The Anonymizer
Crowds
38. Chapter 14 Electronic Commerce 38
Electronic Payment Systems
Needed for electronic commerce to
thrive
o Desirable properties
o Systems based on credit cards
SSL-encrypted credit card numbers
CyberCash
o Systems based on digital money
Ecash
NetCash
Millicent
39. Chapter 14 Electronic Commerce 39
Desirable Properties
Secure – resistant to forgery or alteration
o Checks – bad; cash – good; credit cards – in between
Buyer anonymity
o Checks and credit cards – bad; cash – good
Two-way – anyone can make or receive payment
o Credit cards – bad; checks and cash – good
Off-line - neither the buyer nor the seller must
communicate with a third party at the time of the
transaction
o Credit cards – bad; cash – good; checks – in between
40. Chapter 14 Electronic Commerce 40
Using SSL and Credit Cards
Advantages:
o Built on an existing infrastructure already used by
merchants and customers)
o Good protection against theft of credit card information
in transit
Disadvantages:
o Not anonymous
o Not off-line
o Not two-way
o Does not support micro-payments
o Merchant learns customer’s credit card number
Used by unscrupulous employees
“Accidental” charges by the merchant
Theft from merchant’s database by an intruder
41. Chapter 14 Electronic Commerce 41
CyberCash
Participants:
o Customer
o Merchant
o CyberCash server (CC)
Overview:
o Customer creates a message containing credit card
number and authorization to charge a specific amount:
(12345678, $37.17)
o Encrypts message using the public key of the CC server:
Encrypt((12345678, $37.17),CCPublic)
o Customer sends encrypted message to the merchant
42. Chapter 14 Electronic Commerce 42
CyberCash (cont)
Merchant receives encrypted message from
customer:
o Encrypt((12345678, $37.17),CCPublic)
Merchant adds identification information to the
message, signs it, and sends it to the CC server:
o Encrypt((M, Encrypt((12345678, $37.17),CCPublic)),MPrivate)
CC server decrypts message, verifies the credit
card number, and returns authorization to the
merchant
The merchant returns a receipt to the customer
Issues:
o Merchant never learns the customers credit card
information
o Does not operate off-line
43. Chapter 14 Electronic Commerce 43
Digital Money
Cash can be:
o Spent anonymously
Buyer need not reveal his/her identity to a merchant
Issuer cannot track where people are spending their money
o Carried out off-line and without authorization from a
third party
o Accepted by anyone as payment (and subsequently use to
make other purchases)
o Used without transaction fees
2-5% for credit cards
1-2% for checks
Problem:
o Currency issued by most governments (paper bills and
metal coins) do not lend themselves easily to electronic
exchange
44. Chapter 14 Electronic Commerce 44
Ecash
In 1990, David Chaum (creator of blind signatures)
founded a company, DigiCash, which developed
digital money called Ecash
Overview:
o Banks convert currency to ecash (and vice versa)
o User has an account with an ecash-enabled bank
o User withdraws ecash from his/her account
o Customer sends ecash to merchant
o Merchant sends ecash to bank for validation
o Merchant sends customer receipt
45. Chapter 14 Electronic Commerce 45
Withdrawing Ecash Coins
Assume:
o Alice has $100 deposited in an Ecash-enabled bank
o Alice has a unique public/private key pair (APublic and APrivate)
o The bank has a unique public/private key pair (BPublic and BPrivate)
Alice wants to withdraw $50 (ten $1 Ecash coins, two $5
coins, and three $10 coins)
Alice generates a random serial number for each coin: s1, s2,
…, s15
o Coin1 = (one dollar, s1) Coin11 = (five dollars, s11)
o Coin2 = (one dollar, s2) Coin12 = (five dollars, s12)
o . Coin13 = (ten dollars, s13)
o . Coin14 = (ten dollars, s14)
o Coin10 = (one dollar, s10) Coin15 = (ten dollars, s15)
46. Chapter 14 Electronic Commerce 46
Withdrawing Ecash Coins
(cont)
Alice chooses a blinding factor, b, and uses it to
blind the serial number of each coin:
o Coin1 = (one dollar, b*s1)
o Coin2 = (one dollar, b*s2)
o …
o Coin10 = (one dollar, b*s10)
o Coin11 = (five dollars, b*s11)
o Coin12 = (five dollars, b*s12)
o Coin13 = (ten dollars, b*s13)
o Coin14 = (ten dollars, b*s14)
o Coin15 = (ten dollars, b*s15)
47. Chapter 14 Electronic Commerce 47
Withdrawing Ecash Coins
(cont)
Alice signs each coin with her private key and
encrypts the result with the bank’s public key:
o Coin1 = Encrypt(Encrypt((one dollar, b*s1), APrivate), BPublic)
o Coin2 = Encrypt(Encrypt((one dollar, b*s2), APrivate), BPublic)
o …
o Coin10 = Encrypt(Encrypt((one dollar, b*s10), APrivate),
BPublic)
o Coin11 = Encrypt(Encrypt((five dollars, b*s11), APrivate),
BPublic)
o Coin12 = Encrypt(Encrypt((five dollars, b*s12), APrivate),
BPublic)
o Coin13 = Encrypt(Encrypt((ten dollars, b*s13), APrivate),
BPublic)
o Coin = Encrypt(Encrypt((ten dollars, b*s ), A ),
48. Chapter 14 Electronic Commerce 48
Withdrawing Ecash Coins
(cont)
Alice transmits the blinded, signed, encrypted
coins to the bank
o Each coin is encrypted with the bank’s public key so only
the bank will be able to decrypt it
The bank decrypts each coin and checks Alice’s
signature
The bank adds up the value of all the coins
requested, and deducts that amount from Alice’s
account
The bank signs each coin with its private key and
encrypts each signed coin with Alice’s public key
49. Chapter 14 Electronic Commerce 49
Withdrawing Ecash Coins
(cont)
The bank sends the blinded, signed, encrypted coins to Alice:
o Coin1 = Encrypt(Encrypt((one dollar, b*s1), BPrivate), APublic)
o Coin2 = Encrypt(Encrypt((one dollar, b*s2), BPrivate), APublic)
o …
o Coin10 = Encrypt(Encrypt((one dollar, b*s10), BPrivate), APublic)
o Coin11 = Encrypt(Encrypt((five dollars, b*s11), BPrivate), APublic)
o Coin12 = Encrypt(Encrypt((five dollars, b*s12), BPrivate), APublic)
o Coin13 = Encrypt(Encrypt((ten dollars, b*s13), BPrivate), APublic)
o Coin14 = Encrypt(Encrypt((ten dollars, b*s14), BPrivate), APublic)
o Coin15 = Encrypt(Encrypt((ten dollars, b*s15), BPrivate), APublic)
Each coin is encrypted with Alice’s public key so only she will
be able to decrypt it
50. Chapter 14 Electronic Commerce 50
Withdrawing Ecash Coins
(cont)
Alice decrypts the coins, checks the bank’s
signature, and unblinds them:
o Coin1 = Encrypt((one dollar, s1), BPrivate)
o Coin2 = Encrypt((one dollar, s2), BPrivate)
o …
o Coin10 = Encrypt((one dollar, s10), BPrivate)
o Coin11 = Encrypt((five dollars, s11), BPrivate)
o Coin12 = Encrypt((five dollars, s12), BPrivate)
o Coin13 = Encrypt((ten dollars, s13), BPrivate)
o Coin14 = Encrypt((ten dollars, s14), BPrivate)
o Coin15 = Encrypt((ten dollars, s15), BPrivate)
51. Chapter 14 Electronic Commerce 51
Spending Ecash Coins
Alice selects goods she wishes to purchase at an online
merchant who accepts Ecash as payment
Alice selects a set of Ecash coins with which to pay
Example:
o Alice’s bill comes to $7
o Alice selects a set of Ecash coins valued at $7:
Coin12 = Encrypt((five dollars, s12), BPrivate)
Coin2 = Encrypt((one dollar, s2), BPrivate)
Coin8 = Encrypt((one dollar, s8), BPrivate)
Alice encrypts this set of coins with the merchant’s public
key, MPublic, and transmits them to the merchant:
o Encrypt((Coin12, Coin2, Coin8), MPublic)
52. Chapter 14 Electronic Commerce 52
Spending Ecash Coins (cont)
The merchant receives the coins and:
o Uses his private key to decrypt them
o Checks to see that their value equals the amount owed by
Alice
The merchant attempts to redeem the coins with
the issuing bank:
o The merchant encrypts the coins using the bank’s public
key and sends them to the bank:
Encrypt((Coin12, Coin2, Coin8), BPublic)
o The bank decrypts the message and checks each coin:
Its signature is valid
Checks its database of serial numbers for all coins it has
issued that have already been spent
53. Chapter 14 Electronic Commerce 53
Spending Ecash Coins (cont)
Double spending - a common problem with many
digital money schemes)
A bank must insure that a user cannot spend the
same coin twice (in payments to two different
merchants)
o A bank maintains a database of serial numbers for all
coins it has issued that have already been spent
o When a merchant attempts to redeem coins (before
accepting them as payment), the bank checks to see that
each coin’s serial number is not already in the database
Yes – add the serial numbers to the bank’s database, credit
the merchant’s account for the value of the coins, notify
the merchant that the payment has been accepted
No – notify the merchant that the payment has not been
accepted
54. Chapter 14 Electronic Commerce 54
Ecash - Properties
Ecash coins are:
o Secure - users have very little chance of forging coins that a
bank will accept or of altering coins issued by the bank to
increase their value
o Valid - anyone can use the bank’s public key to verify the
signature on them
o Unlinkable - the bank cannot link any coin to a blinded coin that
it signed
o Anonymous - when coins are returned to the bank it will not be
able to determine:
Buyer is not required to disclose his or her identity to the seller
The issuing bank cannot link a payment to a specific user
No merchant, bank, or other third party can link two separate
payments to the same user
Limitations:
o Does not operate off-line
o A bank must maintain a database of the serial number of every
55. Chapter 14 Electronic Commerce 55
NetCash
Developed by Information Sciences Institute of
the University of Southern California
Overview:
o Currency servers (CS) convert between anonymous
electronic currency and non-anonymous instruments
o Each CS has a unique public/private key pair and a
certificate for minting currency
o CS services:
Conversion between coins and non-electronic currency
Coin verification
Coin exchange (for untraceability)
56. Chapter 14 Electronic Commerce 56
NetCash – Coin Verification
Encrypt((CS_name, CS_addr, exp_date,
serial_num, value),CSPrivate), where
o CS_name is the name of the issuing currency server
o CS network address is the IP address of the issuing CS
o Exp_date is the expiration date
o Serial_num is the unique serial number of the coin
o Value is the denomination of the coin
CS keeps track of serial numbers of all
outstanding coins to prevent double spending:
o Serial number in database = coin is valid (remove serial
number from database)
o Serial number not in the database = coin is invalid
57. Chapter 14 Electronic Commerce 57
NetCash – Coin Exchange
Anonymity
o An issuing CS could store identity of the person to whom a coin
was issued along with the coin’s serial number
o When a merchant redeems coins the CS could determine who
spent them
NetCash addresses this problem by allowing users to
perform coin exchange:
o Users can go to any currency server and anonymously exchange
valid coins for new ones (issued by that CS)
CS1 issues coins to Alice
Alice takes those coins those coins to CS2
CS2 contacts CS1 to make sure the coins are valid (CS1 doesn’t tell
CS2 to whom the coins were issued)
CS2 issues Alice new coins
58. Chapter 14 Electronic Commerce 58
Comparison of Ecash and
NetCash
Anonymity
o Ecash uses blind signatures
o NetCash uses coin exchange (must trust issuing
CS)
Storage requirements
o Banks must store serial numbers of all ecash
ever spent
o Currency server must store serial numbers of
all outstanding NetCash
59. Chapter 14 Electronic Commerce 59
MilliCent
Developed by Compaq Computer Corporation
A micropayment scheme for transactions involving
less than one cent:
o Examples: stock quotes, online news stories, search
engine queries
Based on scrip, currency that has intrinsic value
but only with a particular merchant
o Example: a pre-paid phone card has a set value, but it
cannot be used to buy a hamburger or anything other
than phone time from the issuer
60. Chapter 14 Electronic Commerce 60
MilliCent Scrip
MilliCent scrip has the following fields:
o Merchant_name – identifies the merchant that created the
scrip
o Value – the value of the scrip
o Serial_number – unique identifier for this piece of scrip
o Owner_ID – used to ensure that scrip can only be spent by the
rightful owner
o Expiration_date – the date on which the scrip expires
o Properties – some general properties of the customer (e.g. age,
state of residence, etc.)
o Certificate – allows validation of the scrip
A one-way hash of the contents of the scrip and a secret known
only to the merchant
Certificate = Hash(Merchant_name, Value, Serial_number,
Owner_ID, Expiration_date, Properties, Scrip secreti)
61. Chapter 14 Electronic Commerce 61
Scrip Secrets
A merchant may have many different scrip secrets
Some group of bits in the serial number determine
which scrip secret to use to create the certificate
Example:
o Merchant has four different scrip secrets:
scrip_secret0, scrip_secret1, scrip_secret2,
scrip_secret3
o The first two bits in the serial number select which
secret to use to generate the certificate:
00 = scrip_secret0
01 = scrip_secret1
10 = scrip_secret2
11 = scrip_secret3
62. Chapter 14 Electronic Commerce 62
Generating Scrip
Merchant generates a serial number
o Assume that the first two binary digits in the
serial number are 10
Merchant generates a certificate:
o Certificate = Hash(Merchant_name, Value,
Serial_number, Owner_ID, Expiration_date,
Properties, Scrip_secret2)
The merchant records the serial number in
its database of outstanding scrip
63. Chapter 14 Electronic Commerce 63
Using Scrip
Customer purchases a certain amount of scrip
The merchant generates the scrip and sends it to
the customer:
o Scrip = (Merchant_name, Value, Serial_number,
Owner_ID, Expiration_date, Properties, Certificate)
Later, the customer submits scrip to the merchant
as payment:
Merchant checks that the customer has not
tampered with the scrip
o Use the scrip’s serial number to select the proper scrip
secret
o Recreate the certificate and check for a match
64. Chapter 14 Electronic Commerce 64
Using Scrip
Merchant checks that the scrip has not
already been spent:
o The merchant checks to see that the serial
number for that piece of scrip is in its
database:
Yes – removed the serial number from the database
and accept the scrip
No – scrip is not accepted (it has already been spent
or has expired)
65. Chapter 14 Electronic Commerce 65
Brokers
Customers would not normally buy scrip directly
from merchants
Customers would buy scrip from intermediaries
called brokers
o Customers buy broker scrip from brokers
o Brokers buy merchant scrip in bulk (and at a discount)
from various merchants
o Customers exchange broker scrip for scrip issued by a
specific merchant
Result - the total number of accounts required is
greatly reduced (especially for customers and
merchants )
66. Chapter 14 Electronic Commerce 66
MilliCent - Properties
Secure
Somewhat anonymous (brokers know what
merchant a customer is requesting scrip for)
Lower overhead costs = better suited for
micropayments
o The signature on scrip is created by a merchant, and its
authenticity and integrity need only to be verified by
that same merchant
o A merchant need not communicate with any third party
to validate the digital money being spent by a customer
o A one-way hash function (rather than a public-key
cryptosystem) can be used to produce the signature
67. Chapter 14 Electronic Commerce 67
Electronic Payment Systems -
Summary
Desirable properties – security, buyer anonymity, two-
way, off-line
Using credit cards:
o SSL-encrypted credit card numbers
Some security, but merchant learns customer’s credit card
number
o CyberCash
Merchant does not learn customer’s credit card number, but
requires transaction to be cleared by a CyberCash server
Using digital money:
o Ecash – a digital money scheme based on blind signatures
o NetCash – a digital money scheme based on currency
servers
o Millicent – a micropayment scheme based on scrip