From: rah@shipwright.com (Robert Hettinga)
Date: Wed, 11 Jan 95 04:40:22 PST
To: cypherpunks@toad.com
Subject: credit card purchases
Message-ID: <v01510101ab397ac7da98@[199.0.65.105]>
MIME-Version: 1.0
Content-Type: text/plain


Saw it there. Thought you might like it here...

Cheers,
Bob Hettinga

>From: peace@BIX.com
>Date: Wed, 11 Jan 1995 00:26:50 -0500 (EST)
>Original-From: peace@BIX.com
>Subject: credit card purchases
>To: www-buyinfo@allegra.att.com
>X-Cosy-To: www-buyinfo@allegra.att.com
>
>                              PGCHARGE
>
>This is a call for interested parties to participate in the alpha
>test of an internet ordering program that will be offered to any
>customer free of charge to create orders that should be
>acceptable to any commercial establishment.
>
>This is a Windows program designed to generate secure charge card
>orders over the internet. The payment mechanism is not the
>critical component for this system, that critical component is
>the use, by the purchaser, of the merchant's public key, for the
>protection of sensitive data, including simple correspondence.
>
>Two paradigms from the commercial word, EDI and email were
>selected for the implementation.  Email operates in a store and
>forward mode that has some security advantages over web or
>network layer security.  That advantage comes directly from the
>fixed nature of the email message itself.  Once it has been
>created and signed by the keyholder, it cannot successfully be
>altered by any other person.  It is also possible for the message
>to be encrypted at the point where it is created.  Hiding the
>contents of the message from anyone other than the intended
>recipient.
>
>EDI has already achieved a great deal of acceptance in the
>commercial world.  This application is a natural use of the
>existing ANSI X12 structures for issuing a purchase order.  Any
>merchant that is currently using X12 structures should be able to
>purchase a single user ViaCrypt PGP license and be in business
>accepting secure credit card orders over the internet.
>
>PGCHARGE does not add any security features by itself, but rather
>facilitates security by building an EDI transaction for a
>recipient selected from a PGP public keyring.  This information
>is then passed to PGP to be secured.  PGCHARGE then waits for PGP
>to complete, adds the appropriate email headers and invokes a
>mailer program.
>
>This program can be downloaded from ftp.csn.org as
>mpj/public/pgcharge.zip.  Comments can be sent to peace@bix.com.
>

-----------------
Robert Hettinga  (rah@shipwright.com) "There is no difference between someone
Shipwright Development Corporation     who eats too little and sees Heaven and
44 Farquhar Street                       someone who drinks too much and sees
Boston, MA 02331 USA                       snakes." -- Bertrand Russell
(617) 323-7923