Mandate final Report

səhifə	1/6
tarix	26.06.2016
ölçüsü	0.83 Mb.

1 2 3 4 5 6

MANDATE FINAL REPORT V2.0

MANDATE Final Report

Draft Version 2.0 dated 24/2/98

Prepared by the MANDATE II Consortium

This report has been prepared for the European Union’s DGXIII/07 under ETS contract No. 962085. The views expressed in this report do not necessarily represent the views and legislation for the European Union in general, nor DGXIII/07 in particular

ETS

Signed on behalf of the Mandate II Consortium by Cryptomathic A/S

Signed on behalf of the Mandate II Consortium by Marinade Ltd.

MANDATE Final Report 1

Executive Summary 4

2. The Project 5

2.1 Background 5

2.2 Objectives 5

2.2.1 Document transactions 5

2.2.2 Inter-Domain Communication 5

2.2.3 Key Management 5

2.2.4 To achieve functionality with a European Perspective 6

2.2.5 Create a pan European Functional Design 7

2.2.6 Define Assessment Criteria to Judge the Effectiveness, economics and acceptability 7

3. The Mandate Concept 8

3.1 Security Aspects 8

3.1.1 Replication of paper functionality 8

3.1.2 Prevention of double encashment 8

3.1.3 Increased security 9

3.1.4 Public Key Certificates 9

3.2 Key Management and Key recovery 10

3.2.1 Produce the MandateTM 10

3.2.2 Issue Public Key Certificates 10

3.2.3 Directory Services 12

3.2.4 Cheque recovery 12

3.2.5 Key Management/Key recovery 13

3.2.6 Management of Multiple accounts 13

4. The Mandate Implementation 15

4.1 The MandateTM 15

4.1.1 Bank Functionality 16

4.1.2 User Functionality 16

4.2 Pilot Scenarios 16

4.2.1 Use of Signatures 17

4.2.2 Endorsement 17

4.2.3 Stopped cheques 17

4.2.4 Returned cheques 17

4.2.5 Mystery Error 18

4.2.6 Breakdown of MandateTM 18

4.2.7 Cheque Validity Period 18

4.3 Evaluation 18

4.3.1 Security Issues 18

4.3.2 Key Management 19

4.3.3 Technical Issues 19

4.3.4 Business Issues 20

4.3.5 Cost Issues 21

4.3.6 Pan European Functionality 21

4.3.7 Customer Benefits 21

4.3.8 Legal Acceptance 21

5. Legal Evaluation 22

5.1.1 Legal Structure 22

5.1.2 Reasons for using cheques: the requirements of the commercial parties 23

5.1.3 Summary of Mandate I conclusions on legal structure 28

5.1.4 The MANDATE contractual structure 29

6. Conclusions 30

6.1 Commercial 30

6.2 TTP 30

6.3 Legal conclusions 31

Executive Summary

Taking the Mandate concept for creating generic negotiability implemented on tamper-proof hardware (smartcards) as its basis, Mandate II implemented an electronic cheque using a public key infrastructure to support it for pan-European business-to-business use.

The architecture, and even more importantly, the security features implemented through the Mandate concept provided a means by which the functionality of the paper cheque could be replicated. A system of digital signatures and public key certificates enabled the users and banks to be assured of the origin of a cheque and only permitted the recipient to whom the cheque was made out, to receive it . The digital signatures also prevented any individual electronic cheque being cashed more than once. Mandate can also be implemented to provide an increased level of security by requiring two passwords to access and activate the digital signature.

Key management and key recovery issues are central to the support of the Mandate functionality. A number of TTP functions were defined within the project, these being:

Production and personalisation of the Mandate^TM (the tamper-proof hardware on which the electronic cheques are stored)
Issue of certificates corresponding to public keys on the Mandate^TM’s
Directory services
Key recovery procedures

These functions could be carried out by the banks, but could alternatively be provided through another neutral TTP service.

The pilot implementation involved three banks in different European countries and pilot users. The pilot was run over a period of weeks and demonstrated the full functionality of the Mandate^TMand the security and back-up procedures, whilst also identifying areas which would need more development in a commercial environment. On completion of the pilot the bank participants carried out an evaluation looking into the business, technical, security and legal aspects and offering comment on where they saw the Mandate application fitting in and adding value to their and their customers’ business environment.

Legal support for the project was completed with a legal evaluation of the issues, concluding that, until there is a legal structure to support electronic negotiable documents, the concept should be incorporated into a contractual structre, which should not affect the overall marketability of the project.

The conclusions to be drawn from a commercial perspective were that the concept was technically sound and could add value to both bank and customer, but that further integration would be required into both business and banking systems to make it commercially viable. This is probably not the right time for the banks to be taking on such development work, unless a strong customer demand was felt.

From a TTP perspective, Mandate would need a public key management infrastructure in enable it to become an open and easily usable system, but that most of this functionality could be obtained through a generic CA/key management system.

1 2 3 4 5 6