Applications
`
`Internet
`
`E-commerce:
`Privacy, security, traceability & reliability
`
`The phenomenal success of early-
`starter virtual shops, such as
`amazon.com, the on-line book, CD
`and video store, and e-Bay.com, the
`on-line auctions site, show that
`there is a vast world-wide market
`for shops open 24 hours a day, 365
`days a year, accessible through any
`Internet PC by tens of millions of
`potential customers: the total
`e-commerce market value has been
`estimated at USD 25 million (EUR
`23 million) in 1999, rising to USD
`1,000,000 million (EUR 925.000) by 2003.
`
`However, there are problems to be
`overcome if the market is to develop
`fully. Some customers are wary of
`using the system because of a per-
`ceived lack of data privacy, the high
`levels of card fraud, the difficulty in
`tracking orders, and their inability
`to distinguish legitimate merchants
`from rogues. Proton-based smart
`cards can help overcome all of these
`problems.
`
`A typical interface for credit card
`payments: not the ideal solution
`
`The e-commerce revolution has
`been slowed by the lack of a secure
`means of payment that can be used
`over open networks
`like
`the
`
`E-commerce
`
`Internet. The current de facto solution,
`magnetic stripe credit cards, is far
`from ideal: card details often have
`to be transmitted uncoded and can
`be intercepted, either in transit or
`after arrival, and current fraud
`levels are unacceptably high.
`
`transactions
`
`fraud
`
`E-commerce: typically 1% of credit card
`transactions but 50% of credit card fraud
`
`PRIVACY
`Proton-based smart card transactions
`are anonymous: the cardholders’
`names and account numbers are
`never transmitted: the cards are
`identified by secret numerical codes
`to enable auditability.
`
`SECURITY
`The Internet is an open network:
`anyone can use it and anyone can
`abuse it. Thus any Internet payment
`system must be highly secure.
`
`The information exchanged between
`a Proton-compatible smart card
`reader and the retailer’s payment
`terminal is encoded and does not
`contain account numbers or PINs.
`The secret keys that encode and
`decode the information are in the
`card reader and the terminal, which
`means they are protected against
`attacks originating in the network
`or the PC.
`
`Originally designed as an international
`computer network for academic
`scientists to exchange information,
`the Internet has become an everyday
`essential business tool for millions of
`users all around the world, and the
`basis of the latest retail revolution:
`electronic commerce (e-commerce).
`This new form of buying and selling
`also requires a secure, internationally-
`accepted and convenient means of
`payment. Proton-based smart cards
`offer high security, proven conven-
`ience, and international interoper-
`ability via compliance with CEPS (the
`Common Electronic Purse Specifi-
`cations).
`
`IPR2022-01239
`Apple EX1023 Page 1
`
`

`

`More and more web sites are accepting payment by Proton smart cards, attracted by their high level of security.
`
`Digital signatures are safer than
`hand-written ones: the encryption
`keys remain on the card where they
`are impossible to duplicate. Thus
`even if the encrypted information
`were to be intercepted by an unau-
`thorised third party, it would be
`indecipherable and thus commer-
`cially useless.
`
`Smart cards offer the security that
`e-commerce shoppers and mer-
`chants have been looking for. The
`information in the chip’s memory is
`protected by integral encryption
`circuits. When a transaction is per-
`formed, the card and the terminal
`mutually authenticate each other’s
`digital signatures before informa-
`tion can be exchanged. Smart cards
`have already helped to drastically
`reduce fraud in ordinary credit and
`debit card retail transactions: they
`can now do the same for e-commerce
`transactions, using credit, debit or
`e-purse applications.
`
`TRACEABILITY
`Proton-based smart card trans-
`actions are fully traceable and
`auditable, allowing cardholder, mer-
`chant and card issuer to trace trans-
`actions in case of a dispute or query.
`
`RELIABILITY
`An Internet merchant who accepts
`payments by Proton-based smart
`cards must have a bank account to
`
`receive payments and a terminal with
`the correctly-authorised connections
`to the host system to process pay-
`ments. These requirements tend to
`deter rogue fly-by-night merchants
`and mean that cardholders can
`have confidence when paying with
`Proton-based cards.
`
`Over thirty-five million Proton-
`based cards are in use around the
`world. The Proton technology has
`been licensed in 25 countries,
`where over 300,000 terminals have
`been installed, which have been
`used to perform transactions worth
`over nine-hundred-and-thirty million
`
`US dollars (EUR 1 billion). The
`Proton technology is thus both
`technically proven and, more
`importantly, already trusted by mil-
`lions of cardholders.
`
`Smart cards can be made personal
`to the cardholder and can be used
`at any PC (with a card-reader),
`smart phone, web phone, mobile
`phone or other Internet access
`device to which the cardholder has
`access, thus drastically improving
`portability compared with software-
`based Internet payment solutions.
`They can contain credit, debit or
`e-purse applications, or a combination.
`
`Banksys’ C-ZAM/PC: a chip card reader for internet payments and e-purse reloads.
`
`E-commerce
`
`IPR2022-01239
`Apple EX1023 Page 2
`
`

`

`A gateway to
`multiple applications
`
`Proton-based cards can also be
`used for non-payment Internet
`applications, such as issuing digital
`certificates or encoding information
`to make transactions secure. They
`can also be used to identify card-
`holders to gain access to Internet
`services, such as home banking.
`Proton-based cards can also be
`used to secure access to certain
`databases or servers, so that, for
`example, confidential information
`can be exchanged between remote
`offices of the same company, or
`customer orders placed via the
`Internet can be correctly identified
`for pricing etc. Away from the
`actual PC itself, Proton-based cards
`can be used as identification cards
`for securing physical access to rooms
`or buildings.
`
`CASE STUDY: BELGIUM
`
`The Proton technology has been
`used for Internet transactions in
`Belgium for some time. At the
`moment, its use is limited to trans-
`actions within Belgium, and below
`the 5000 BEF (USD 135, EUR 125) load
`ceiling imposed by the card issuers.
`
`There are already over 20 Internet
`shops which accept Proton pay-
`ments. The Belgian Proton licensee,
`
`Banksys, is also a leading terminal
`manufacturer and has developed the
`first Proton-compatible portable card
`reader for use with a PC, the
`C-ZAM/PC. This unit can be
`attached via the serial port or the
`keyboard interface to any PC con-
`nected to the Internet. It performs
`the authentication checks with the
`merchant’s terminal and has a
`display for the amount to be
`approved by the cardholder, and a
`keypad for entering a PIN
`if
`required. It is sold in electrical stores
`and can be attached to any PC.
`
`Proton cards can be reloaded over
`the Internet via a special web site in
`a few seconds. Cardholders can
`then use the value stored on their
`cards for making payments in both
`the "virtual" world and in the real
`world at, for example, shops, car
`parks, payphones, cinemas and
`vending machines.
`
`Internet payments can be made in a
`matter of seconds using a Proton
`card and a card reader: there is no
`number or code to enter: the card-
`holder merely checks the amount
`entered by the merchant and
`displayed on the card reader and
`presses the "OK" button if it is correct.
`
`Banksys has also adapted its payment
`terminals for use by Internet mer-
`chants and "virtual shopkeepers",
`enabling them to accept Proton
`card payments and then easily to
`perform "collections" of transactions
`into their bank accounts, just like
`any other POS terminal owner.
`
`E-commerce
`
`1
`
`2
`
`3
`
`4
`
`Reloading a Proton card
`over the Internet is easy:
`insert the card in the chip card
`reader, enter the PIN code (fig. 1),
`enter the amount you wish to
`load (fig. 2), the money transfer
`will then take place ( fig. 3); all
`that’s left to do is retrieve the
`card (fig. 4) and... spend the money.
`
`IPR2022-01239
`Apple EX1023 Page 3
`
`

`

`The future
`is already here
`
`Not surprisingly in a high-tech sec-
`tor like this, things are evolving
`quickly. Almost every aspect of
`Internet use is experiencing change.
`Traditional dial-up connections
`using telephone lines are being
`challenged by ISDN, cable and
`satellite networks; traditional PC
`access is set to be supplanted by
`mobile phones
`(such as
`the
`
`Motorola StarTac model shown
`below), smart phones (e.g. Maestro
`Smart
`from
`Belgacom
`and
`Europhone from CPS), web phones
`(like the Alcatel Web Touch One®
`phone) and satellite television;
`paid-for Internet Service Providers
`are being challenged by free-access
`providers with advertising banners,
`and previously-free information-
`
`providing sites are starting to make
`small charges for access or for
`information. Proton World is work-
`ing with leading partners from
`many of these sectors to ensure
`that the Proton technology remains
`compatible with the latest hard-
`ware and software, and that new
`applications, more convenient for
`cardholders, are developed.
`
`Alcatel Web Touch One® phone
`
`A Motorola StarTac dual-slot
`mobile phone, showing the
`SIM card and a Proton card:
`a hand-held ATM!
`
`Responsible editor: Dominique Hautain - Rue du Planeur 10 - B-1130 Brussels / PW115
`
`Mobile telephony:
`an increasingly important
`Internet acces mode
`
`CPS Europhone,
`a smart phone
`
`For more information, please visit our web site at www.protonworld.com, or contact us at:
`10 Rue du Planeur, B-1130 Brussels - Belgium - phone: +32 2 724 51 11 - fax:+32 2 724 50 60
`e-mail: info@protonworld.com
`
`IPR2022-01239
`Apple EX1023 Page 4
`
`