[ This document is also available in Postscript ]
The current phase of SEMPER addresses a coherent security model and a generic, open security architecture for the electronic marketplace. This architecture is independent of specific hardware, software, or network architectures. The most fundamental electronic commerce services, such as secure offering, order, payment and information delivery, are also integrated in this first phase.
There are numerous projects and services that aim at electronic commerce via Internet. Many are US-based. Most of them aim at closed solutions and concentrate on electronic payments only. None of them aims at the complete electronic marketplace. None of them provides a coherent model or architecture. Moreover, not even the non-technical and security requirements on such an electronic marketplace are understood completely.
The non-technical requirements part of SEMPER is based on the existing expertise within the consortium, as well as on expert surveys performed in different European countries.
The development and trial part is organised in three phases, each phase corresponding to an enhanced set of services and trials.
The current phase concentrates on two topics:
The following phases will concentrate on extending the architecture and developing more advanced services, e.g.:
SEMPER uses and integrates existing architectures, tools, and services where appropriate. Initially, security toolkits developed by Cryptomathic and GMD will support the necessary authentication and certification functions. Payment toolkits developed by DigiCash and IBM will support cash-like (ecash) and credit-card (iKP/SET) payments.
Development is driven by market requirements and the state of the art in security and on-line information services. Requirements for multi-party security and the protection of the users' privacy receive prime attention.
Based on the SEMPER architecture, a toolkit is being designed and prototypically implemented that allows to use and provide these services securely.
The trial is primarily based on the WWW environment. It will be extended to ATM-based broadband networks, later.
The first trial will prove the soundness of SEMPER approach, and will be the basis for subsequent improvements and extensions. Necessarily this first trial will be primarily a technology trial, while the later trials shall be open.
This will include a design and a Java-based prototype implementation of a security toolkit for electronic commerce.
The toolkit offers all necessary security services, based on the concept of "service managers" that provide a generic service interface to "service modules" that actually provide the required service. New "modules", corresponding to specific service implementations and products, can easily be integrated.
Although the initial version of the toolkit will be based on existing modules only (like the payment modules "ecash" and "iKP/SET"), new protocols and modules will be developed and integrated where necessary for the subsequent phases.
This concept allows for specific configurations (e.g., some modules might not be required by some users, or might not be allowed to be used in some countries) and ensures interoperability of different modules to the extend possible.
In order to disseminate results and to co-ordinate with related efforts, SEMPER has established an SIG on Secure Electronic Commerce.
In this perspective, SEMPER will publish all specifications and protocol designs. SEMPER will contribute to the process of standardisation of open systems. Both the necessity and the advantages of an open architecture are obvious.
Within the consortium, the results of SEMPER will be exploited by many of the partners in related commercial development projects.
More information on SEMPER is available on the World Wide Web, at: