Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : CheckFree (CKFR) -- Ignore unavailable to you. Want to Upgrade?

To: Kurt Peterson who wrote (1613)	2/11/1998 11:13:00 AM
From: Chemsync	Respond to of 8545

Banks test 'Net' <<'We may learn a lot about enhancements to the ACH networks'.>> Big U.S. banks are teaming up to put digital certificate technology through its paces. By Ellen Messmer Network World, 2/9/98 Internet-based electronic commerce could get a huge boost this spring when five of the largest U.S. banks band together to test six companies' digital certificate technologies. If the results are good, the banks could begin shifting billions of dollars in payment transactions onto the Internet and off of proprietary fund transfer networks such as the Automated Clearinghouse (ACH) system. This would be welcome news for Web-based businesses, as well as corporate treasurers and purchasing departments looking to send payment and debit instructions to their banks securely over the 'Net. Using the Internet rather than proprietary fund transfer systems would be less expensive and easier because companies could use popular Web browsers to conduct transactions rather than custom fund transfer software. The test will focus on X.509-based digital certificates, which are essentially electronic identification cards. The certificates allow users to digitally sign electronic forms, such as payment requests, using Web browsers from the likes of Microsoft Corp. and Netscape Communications Corp. The certificates also allow the receiving party to confirm the sender's identity and make sure no one has tampered with the information. The pilot is expected to run several months and will involve ABN AMRO North America, Inc., Bank of America, Citibank, Mellon Bank Corp. and Zions Bank. Each bank will use a public-key infrastructure (PKI) product set from a different vendor, such as IBM or Entrust Technologies, Inc. The banks will set up servers that can act as certificate repositories to validate and process signed payment requests off the Internet. The banks will test interoperability among the products by exchanging information with one another. Eventually, the banks would like to become certificate authorities (CA), organizations that dole out certificates to 'Net users. ''The goal here is to define business practices for banks so they will understand what to do in this environment,'' said David Merritt, a vice president at Mellon Bank. ''We don't have much experience with certificates.'' The Internet banking pilot is being coordinated under the aegis of the National Automated Clearinghouse Association (NACHA), the Herndon, Va., group that sets the rules banks follow for using the ACH system. ''We're trying to develop some models for how to use the Internet for ACH payments,'' said Julie Foster, NACHA's director of network products. 'We may learn a lot about enhancements to the ACH networks'. For financial institutions, we'll be learning a lot about what it takes to make a business selling CA services,'' she said. If the PKI products prove interoperable, then certificates could be seen as legitimate electronic commerce tools. If PKI products fail the interoperability test, then hopes for high-powered banking on the Internet could diminish. Take Wells Fargo Bank, for instance. The bank already lets customers move money between their personal accounts using the Secure Sockets Layer protocol, which lacks user authentication capabilities. Wells Fargo also delivers its cash management reports to corporate customers via the 'Net. But before the bank engages in sizable bank-to-bank transfers via the 'Net, ''you need public-key encryption and digital signature certificates to ensure authentication and privacy,'' said Alan Holroyde, executive vice president of Wells Fargo's electronic commerce group. ''Without that, not much progress will be made on the large-dollar side.'' Testing, testing The banks' technology trial this spring will involve real customer accounts but not real money. The banks will share information online via their PKI systems, which consist of certificate-issuance and management servers as well as certificate repositories that make use of the Lightweight Directory Access Protocol (LDAP). Cautious and security-minded by trade, the banks already have noticed technical gaps that need to be filled to satisfy their business requirements. ''The problem with LDAP 2.0 is it doesn't even require a user name and password to get into it,'' Merritt pointed out. LDAP 3.0 has improved security, but to retrieve information on a specific certificate holder - rather than a whole list of people - the banking industry is proposing a new technology called the Online Status-Checking Protocol. This protocol would become part of the IETF's Public-Key Infrastructure Exchange standard. To facilitate routine fund transfer requests between themselves transacted over the Internet, the banks are developing a payment systems interface. The banking industry also is grappling with the thorny question of who will be responsible for a payment transaction if things go wrong or fraud occurs. A stolen certificate would be put on a revocation list, but it takes time to do that. The banks have decided at this point that the rightful certificate holder should not be held liable for the risk. In the pilot, online merchants would be responsible for vali- dating signatures via HTTP or e-mail. The vendors would manage certificate revocation lists for the banks.

To: Kurt Peterson who wrote (1613)	2/11/1998 11:22:00 AM
From: TLindt	Read Replies (7) \| Respond to of 8545

CheckFree News....check this one out! techstocks.com