IC卡食堂售飯機的開發(fā)

ELECTRONICPAYMENTS—THESMARTCARDSMARTCARDS,E-PAYMENTS,&LAW–PARTIDrSimonNewmanandGavinSutter,QueenMaryCollege,UniversityofLondonThisarticleinthreepartsexaminesthelegalissuesraisedbythedevelopmentofthesmartcard.Itexplorescontractual,liabilityandintellectualpropertyrightsissuesandassesseswhetherasuitablelegalframeworkexistsinwhichsmartcardusecanflourishandgrow.槳A鏟.家核I務N匪T駐R歲O傅D爹U耀C蔬T栽I投O獅N貨崗T測O臂儀S猶M芹A孤R酬T性化C縫A紛R辟D蔽S遍會A獻N澆D敢E犯L抄E肌C嘉T僵R找O甚N鳳I溜C確朵P碰A慣Y鴿M熔E柱N橋T管S怨訊S薯Y愁S魯T烤E廚M繁SAsmartcardissimplyaplasticrectanglecontaininganelectronicchip,andholdingacertainamountofreadabledata.OnecommonconsumeruseintheUKisindigitaltelevision,wheretheyareusedassecuritydevicestounscrambletheincomingdigitaltelevisionsignal.TheyarealsonowcommonlyusedinGSMstandarddigitalmobilephonesasSubscriberIdentityModule(SIM)cards.However,mostattentionfocusesontheirpotentialasanindependentlycarried,easilyportable,meansofbothidentificationandelectronicpayment-forexampleasan“e-purse”菜勸h鐮o達l更d萄i乳n晉g他阻e逝l幸e捉c隆t斥r毀o分n壯i鄰c撞根c朗o貿(mào)i中n戲s子駐f答o維r發(fā)壁l域o軋w皺-破v釣a專l顯u師e賀松t惰r挪a袖n鑄s坑a務c疾t避i柜o炮n犯s右,摸并e間i姑t子h犧e迫r吵停h話e宣l劈d彼誘s弱o底l北e抖l挽y條棗o蛛n插撞t寨h烏e筐飼c捷a濟r妄d潤,霉1予射o妨r辮擋l圍i風n宗k滿e死d鈴廟t賄o搖止a種拐c瘡e亮n燈t烏r而a星l拜狂d督a你t家a敞b同a鵲s犬e熄.恐豆S晉m后a敏r頓t著騎c拉a趴r飲d作拋t稍e奉c哄h江n善o京l違o套g洪y訴纖i是s野毛n擦o稀t斷憑n怖e零w笑,房企b逃u堵t嶼摔a腳t葛桂l練e球a稼s衡t纏足u盼n派t音i免l塑險v攀e淺r失y粥碑r脈e殘c惱e縫n嫁t暴l抖y收偶i驕t撕偏h肯a袖s討蟲l姜a雀r牢g揀e埋l誘y草肯f燭a冶i牧l儀e策d灰獵t茶o券俘a蓮c渣h蠅i訓e有v薯e冷晝w枯i票d禽e關s賠p效r穗e釣a再d匠恨u男s制e付層w厘i子t片h算i侵n滲爭t體h提e群舌c妖o令u獄n潤t憤r曾i素e演s準惕o篩f襪擁t啟h烈e絡紋E繁u墳r忍o浮p簽e鼻a奏n綠劈U幅n粥i拜o他n甚.座編T共h瘦i惡s魄趙i圾s頸姻n開o蹄w芹煌b落e及g夠i斬n否n谷i躍n法g謎序t連o能挎c犯h黎a礎n吉g稿e乘膨a圈s掙莖s元m譜a蛛r蓮t梳航c書a精r場d喚s照獻b饅e京c毅o草m晨e姑軟i社n要c踩r閣e象a開s懲i肺n值g蹤l饑y道摟u站b嫩i鞏q現(xiàn)u著i薪t夸o謊u烏s剪,陽如a兆l動t辜h邀o望u釀g崇h毯賤a失s系團y兵e缸t眉曾t所h皮e絹i抵r帽爪p燃r圈o供f懸i和l宗e醫(yī)灣r乳e竟m匯a棒i扮n捐s澇塔l餡o衰w刷槳a集m息o浴n復g開s隊t股使t翅h奏e蝦局g糕e腫n萍e織r渠a臨l姥夸p拾u陸b嶄l疑i站c療退-演纖m劈a退n喬y徐棍p練e娛o吐p對l爭e賺陡m掩a軌y甩祥c漁a允r越r貿(mào)y搖商a冷r輩o倉u視n吵d譯遺o乘n陣e避滴o火r象剃m曲o兇r仇e先馳s沈m罵a悼r態(tài)t羊-槐c孩h個i獵p帳p畏e濁d蛾估c爽r目e張d剝i饞t桃錯c駐a慮r鍛d岔s康語i萌n漢郊t籍h渾e即i狐r邊幫w呼a瓜l償l曠e渣t劉村o戒r考帳p陷u黨r話s衰e竊介w恭i蕩t柴h炒o歌u永t封濱b必e膚i忙n篇g威監(jiān)a棚w孩a塘r幼e笨強t笨h淺a手t貴滋i餅t岡躍h脊o浩l卡d窮s鳴欄m匠o兄r熊e薯姨t軋h滴a經(jīng)n遞鑒t浪h甘e斜傳u稿s紛u吼a竿l魄譽m律a梨g恒n舉e側t是i州c質板s隱t私r謠i比p燈.謊液P槐r議e秩v旁i慚o投u動s換女E撫u蹈r抗o叫p嘴e潑a茄n列備s羞m愈a尊r鎖t目殺c償a職r浴d揭s按陶d應e崖v質e兇l弟o請p闊m擊e識n嶼t啊乖c壟e故n離t謹r巧e翼d煉瞇o亮n紙數(shù)m厭u敞l吸t援i趙p蛇l今e稈船n慧a嶺t讀i爹o揚n則a膝l賽手s浮y晨s宣t夫e徒m暴s肆,犧2姐廊a專l種l飾牛n縮o構n追-陰c嗚o唉m碎p偷a三t萌i途b鐮l改e妨,吹范w蜓h弓i天c冊h嬌禿h李a衰v翼e放依n納e始v今e辦r到漆a襪c燕h跟i柏e飄v糖e僵d夸運g靠o斯o涌d筆具c芳u磁s塘t辜o只m裙e若r常蔑t壩a稿k豈e杠-盞u土p膀.靠耍E悶v鐵e浪n派爺w宅h晉e鳥r感e姐體a朵革l致a塵r膠g騾e紋典n小u叛m餓b襖e頂r敘公o兼f洗目c善a統(tǒng)r背d壓s聲針h隨a鞠v危e杠抄b逼e缺e胃n跳木c肅i伴r鈴c授u紛l府a(chǎn)班t廢e白d勒,濃購a涼s啄券w爐i牧t略h賣陳P悶r逐o鏟t約o蠻n譜畫i跟nBelgium,thefrequencyofusehasremaineddiscouraginglylow.TheEuropeanCommission’sEuropeSmartCardCharter,afterashakystartin2000,istryingtorectifythisbymovingfromitsoriginallytechnology-orientedstancetowardsamuchmorecustomer-centredapproach.Previouslyitfocusedontechnologicaldevelopmentofcompetingsystems,withinteroperabilityadistantgoal.Thishaschanged.Anew“user-centric”approachtoallaspectsofsmartcardsisintendedtohelpenfranchisethecitizenandgivehim/herfulleraccesstotheInformationSocietywhichisdevelopinginallaspectsofdailylife,includinggovernmentandlocalauthorityapplications.3Itacknowledgesinparticulartheneedforeasy“anytimeanywhere”access,inordertoachievethemasstakeupofsmartcardsthatiscurrentlylacking.Itseemsthattheprincipalcustomerspushingdevelopmentinthisinstancearenotindividualconsumers,noreventhebankingcorporations,buttheEuropeanUnion’snationaltransportnetworks.Transporthasproventohaveakeyroletoplayinthisareaasithasthemasscross-culturalusercommunityandrelativelysimple,extremelyhigh-volumeapplications4thatareneededtomakesmartcardspartofeveryone’sdailylife.ParticularlyprominentinthisfieldisTransportforLondon.5Inspiredbythesuccessofthe‘Octopus’smartcardintheHongKongtransitsystem,theirPrestigeProjecthasdevelopedasmartcardsystemforeasyautomatedticketing.Thisisa‘contactless’card,initiallyintendedasaseasonticket,withanexpirydaterecordedinthecard,allowinganunlimitednumberofjourneysuptothatdate.ContactlesssmartcardreadershavealreadyasofSeptember2001beeninstalledatsomeLondonUndergroundstations,andthesystemislikelytobeingeneralusebytheendof2002.Anepursefacilitycardisintendedtobeaddedshortlythereafter,withnotimelimit,butwithprepaidelectronictokensdeductedfromthecardoneachjourney,thatcanbe‘refilled’withtokensthroughoccasionalpaymentatanelectronicticketingmachine.Inter-operabilitywithothernationalandEuropeantransportnetworksisahighpriority–ultimatelyallowingthesamecardtobeusedonrail,busandothermasstransportsystemsfromLondontoMadridtoHelsinkiandbeyond.Aswithallnetworksystems,frommobilephonestotheInternet,smartcardapplicationsmustbeinteroperablewithcommonstandardsinordertobenefitexponentiallyfromwiderusethroughouttheEUandbeyond.Itisthereforecriticalboththatsuitabletechnologicalstandardsarereached,andthatasuitablelegalframeworkexistsinwhichsmartcardusecanflourishandgrow.Onequestionraisedbythemulti-functionalnatureofsmartcardsisoneofownership:standard,singleusemagneticstripcardsarecommonlyunderstoodtobeissuedby,forinstance,abank,tobeusedbythecustomerbutremainingthepropertyoftheissuer.Multi-functionalcardsmayhaveseveraldifferentapplicationsfromseveraldifferentsourcesloadedonthem–bankingdetails,creditcard,healthrecords–sowhoownsthecard?Isthereasinglecardowner,orwilleachinterestedpartybesaidtoownonlytheirownapplicationstoredonthecard?Arelatedquestionaskswhoispermittedtoissuean“electronicpurse”smartcard.Willthisbelimitedtobanks?Willpersonaldatacardsbeissuedsolelybygovernment?Especiallyincountriessuchas,forinstance,GermanyorFrancewhereagovernment-issuedIDcardisanecessity,couldthegovernmentinsuchastateissueitsownsmartcardsforIDpurposeswhichtheuserwouldthenaddotherapplicationssuchaspaymentfacilitiesto?Governmentownedcardswouldraisethefurtherissueofcitizens’rightstoaccessgovernmentinformationasrelatingtothemselves.Alternatively,willitbelegally,asitistechnically,possibleforacompanysimplytoproduceandsell‘empty’smartcardswhichtheusercanthenaddhisowndetailsto?Ormusttheissuerbealicensedperson,realorlegal?Afurtherimportantissuerequiringanalysisiswhethertheuserofacardwillbepermittedtoaddandremoveapplicationsfromthesmartcardatwill,orwhetheritwillcarryfixedapplicationsasinstalledbytherelevantcompanieswithwhichtheusermaynottamper.Thevoluntarynatureofsuchsystemsmustbeemphasized-themulti-application“smartwallet”maycontainsoftwarefromnumerousdifferentorganisations,butitscontentsmustbeundertheuser’scontrol,justlikeaphysicalwallet.Ifitistobecommerciallysuccessfulitmustbeseenasbothsafeandconvenientfortheenduser.Thisislikelytorequireeasynotificationproceduresincaseoflossortheft,withthecardanditscontentsbeingmadequickandeasytoreplace.Thecontractualissuesinvolvedrequireconsideration.Forinstance,thecontractualrelationshipbetweenissueranduserwillremainsubstantiallysimilarasfortheissueofastandardmagneticstripsingleusecard.However,amulti-functionalcardraisesanumberofotherrelationshipssuchasthatbetweencardissuerandapplicationprovider,orbetweenoneapplicationandanother.Anareaofgreatsignificanceisliability.Liabilityforloss,damage,fraudulentusage,etcofastandardmagneticstrippaymentcard(credit,debit,etc)issubjecttoaclearcontractbetweentheissuerandtheuser.However,whenamulti-functionalsmartcardisinvolved,theissuesbecomemuchmorecomplex.Forexample,inthecaseoflossortheft,whobearstheresponsibilityifnottheuser?Isthereasingleapplicationwhichwillberesponsibleforensuringadequatesecurityforthecard’sgeneralfunctions,forexample,preventionoffraudulentuseofthecardinpayment,orofadigitalsignatureencodedintoitinordertoidentifytherightfuluser?Security,fraudprevention,andsoonwillalsoariseasissuesofconsumerprotectionprovisions.Theapplicationofdataprotectionrequirementswillbeofgreatsignificanceinensuringadequateconsumerprotectionstrategiesareinplace.Thisislikelytoentailtheuseofsomemethodofencryption,raisingfurtherissuesastoavailabilityofdecryptioninformation.Lastly,intellectualpropertyrights(IPR)inthesmartcardtechnologywillbeanalyzedinthestudy.Howwilltheprotectionofsuchrightsbeachieved–willitbeprimarilybypatents,ratherthancopyright?Howarethosecommercialinterestsinvolvedintheproductionofsmartcardscurrentlyprotectingtheirinterestsinthetechnology1.TheDevelopmentofSmartCardsRapidgrowthinelectronicbusinesshasledtothedevelopmentofpaymentsystemstailoredtomeettheneedsofonlinepurchasing.Althoughcreditcardshaveprovedthemostpopularmethodforonlinepaymentssofar,theymaynotbethemostappropriatemethodinalltransactions.Forexample,theymayprovetoocostlyforthepurchaseoflowvaluegoodsandservices,andarenotsuitableformakingpaymentstoconsumers.TheincreasedinterestinauctionschemessuchaseBay6leadstoanincreasingneedforsystemswhichallowforthetransferofvaluebetweenconsumers,ratherthanonlybetweenconsumersandbusinesses.Theperceivedsecurityrisksofsendingcreditcarddetailsonlinehavealsoprovedabarriertotheiruse,leadingtoaninterestindevelopingmoresecurealternatives.Avastarrayofelectronicpaymentsystemshavebeen(andarebeing)developedaroundtheworld.Theseareeithersmartcardsystems,wherethevalueisstoredonachiponamultipurposecard,orsoftwaresystemswherethevalueisstoredaselectronictokensinthememoryofthecomputer.However,althoughsomeofthesesystemshavebeenavailabletotheconsumerforseveralyearsnonehasbecomeuniversallyaccepted.Furthermore,becausethevarioussystemsandtechnologiesarenotinteroperable,consumersandmerchantsareforcedtochoosewhichorhowmanyofthesystemstouse.Manyonlinebuyersandsellershavethereforeelectedtousethetraditionalcreditcardduetoitsgreateruniversalacceptance.Manysystemshavebeendevelopedintrialformbuthavenotimmediatelybeenfollowedupbycommercialexploitation,andothershavebeenchangingandmodifyingtheirservicestomeettheneedsofthemarket.Itseemsthereforethatthemarketisstillinastateoffluxandthatcommercialbarriersarehinderingtheadoptionofthesenewsystems.Variousstepshavebeentakentowardsremedyingthelackofinteroperabilitysuchasthedevelopmentofastandardprotocolwhichmayovercomethecommercialdifficulties.AsfarasthelegalissuesareconcernedthesehavetoadegreebeenovershadowedbythecommercialproblemsalthoughintheEuropeanUnionthecreationofaregulatoryframeworkforelectronicmoneyissuersisunderway.However,otherissuessuchasthecontractualrelationshipbetweentheissuerandtheconsumerhavenotbeenaddressed.2.ElectronicPaymentSystems:Software(a)CreditandDebitCardsCreditanddebitcardsmaybegroupedtogetherasexamplesof‘debttransferencesystems’.Theuseofeitherinmakingpaymentsassociatedwithonlinepurchaseisbroadlysimilartotheothermainmethodsofcarryingoutdistancecardpurchases–bymail,faxorbytelephone–inthattheactualcarditselfandthesignaturethereonarenothandledorseenbythepayee,butthedetails(numberandexpirydate)aretransmittedovertheinternet,eitherviaawebsiteorbyemail.Currentlysuchincorporationof‘traditional’creditcardsystemsintoelectroniccommerceremainsthemostpopularmethodofpaymentovertheinternet,presumablyatleastinpartbecauseitsusedoesnotrequireinvestmentoftimeandmoneyintoacquiringandbecomingfamiliarwithnewsystems.Also,thereisaperceived‘comfort’factorinthesecurityofferedbyanestablishedbrandsuchasVisa.Therestillexists,however,somedegreeofconcernamongconsumersgenerallyaboutthesecurityofmakingsuchtransactions.Whiletheriskofinterceptionofcreditcardinformationbyathirdparty,orarecordofitbeingmadebyanunscrupuloussalesassistant,andsubsequentfraudulentusagedoeslittletodetermostfrommakingsuchpurchasesbytelephoneorinperson,fearsaboundthatthiswillhappeniftheydosoovertheinternet.Governmentshaveaclearinterestinsuchissues,aswiderconsumerspendingininternetsaleswillservetobolsterthenewdigitaleconomy.Technologicalmethodsmaygiveconsumerstheconfidencetotakeadvantageofwhatthenewmarketplacehastooffer.Theymayalsohelptopreventcreditcardfraud,thuscontributingtoreductionofsuchcrimes,anotherattractivefeatureforgovernments.(b)SecureSocketLayer(SSL)ProtocolTheSSLprotocolcreatesasecurechannelforthetransmissionofencryptedpaymentcarddetailsbetweenretailerandconsumerandisinwideusageacrosstheinternet,incorporatedintomanydifferentsoftwaresystems.PatentedbyNetscapeandsubmittedtotheWorldWideWebConsortium(W3C)earlyin1998asastandard,ithasnowbecomethenormforsecurecommunicationofpaymentcardinformationovertheinternet.Inoperation,SSLutilizesamixofpublicandprivatekeyencryption.Privatekeyencryptioninvolvestheuseofonesingle‘key’–analgorithmiccode–whichallowsamessagetobeencrypted.Onceencrypted,themessagecanonlybereopenedwiththekey.Accesstoamessagecanthusbecontrolledbycontrollingdistributionofthekey.Thepublickeytechniqueisbroadlysimilar,however,thereisaseparate,publickeywhichisgiventoBtoeitherdecodemessageswhichhavebeenencryptedusingA’sprivatekeyortoencryptamessagetosendtoAwhichcanthenonlybeopenedwiththeprivatekey.Itisaversionofthissystemwhichonlineretailersgenerally