BankAmerica and Lawrence Livermore National Laboratory conducting first all-electronic EDI pilot "live" on Internet

Business Wire, Sept 7, 1995

SAN FRANCISCO--(BUSINESS WIRE)--Sept. 7, 1995--BankAmerica Corporation and Lawrence Livermore National Laboratory today jointly announced the successful launch of the first all-electronic financial EDI (electronic data interchange) transactions conducted "live" over the Internet. This six-month pilot program, which began exchanging financial transactions in August, is testing the practicality and security of using the Internet, a global public network, to transmit secured payment requests for financial settlement between BankAmerica and its payments client, Lawrence Livermore.

Vice Chairman Marty Stein, head of BankAmerica Systems Engineering, said, "We are delighted to note that this program marks the first totally automated and electronic EDI application employing digital signatures and public key encryption to occur on the Internet." Stein said the bank and Lawrence Livermore "have worked long and hard to be certain that these transactions will be secure." An all-electronic application is termed "production-grade."

Robert Kuckuck, Deputy Director of Operations for Lawrence Livermore, noted, "The Laboratory's extensive experience with electronic commerce and computer security played a significant role in designing and implementing this system." Kuckuck also hailed the public-private cooperation of the pilot, describing the effort as "an example of how the Laboratory is teaming up with the private sector to find innovative ways to increase our productivity."

EDI is the computer-to-computer exchange of business data in a secure, common, standardized format. When financial settlement, or payment, is included, this process is called financial EDI. Businesses and their vendors use the process to exchange purchase order documents, invoices, financial documents, and payment processing documents. Traditionally, EDI has occurred over proprietary or value-added networks, but with the surging growth of access to the Internet, more businesses are examining the possibility of using the network for paperless commerce. Benefits include faster processing and fewer errors, fewer receivables disputes, lower operations costs, and a greater control over fraud. BankAmerica's Global Payment Services Division is a leading U.S. provider of EDI services, both as an originator and as a receiver.

"BankAmerica believes in EDI," said Group Executive Vice President Larry McNabb, head of Global Payment Services.

McNabb explained, "The EDI capability has intrigued American businesses for many years because it can enable them to automate, speed up, and simplify their business processes. But its technologies and cost can be daunting, and the fact is that only a tiny amount of business is conducted electronically in this country. Our hope, with this pilot on the Internet, is to create new interest in electronic data interchange and to begin to expand the EDI and financial EDI user base."

After agreeing on EDI conventions and procedures, BankAmerica and Lawrence Livermore each designed and implemented its portion of the system. "The overall approach was to insert standard EDI transactions inside secure e-mail 'envelopes,' and mail them over Internet," said John Rhodes, Electronic Commerce/EDI projects leader at Lawrence Livermore. "This use of EDI-in-e-mail allows for tremendous flexibility and is easily adaptable to almost any EDI environment or application," Rhodes said.

BankAmerica Systems Engineering designed and implemented the interface between the Internet and the bank's internal Electronic Commerce System and helped to obtain and implement the appropriate security software for its portion of the pilot.

The security technology employed in the pilot uses the best elements, openness and speed, of two security standards: The public-private, or asymmetric, key technology patented by RSA Security, Inc. provides for the spontaneous exchange -- that is, without any prearranged security agreement -- of authenticated, confidential information over public networks. (While the participants in this pilot do know one another, the technological framework is being put into place to accommodate truly spontaneous, secured electronic commerce.) Private, or symmetric, key technology known as the Data Encryption Standard (DES) provides for high-speed encryption of large data files and, when used with asymmetric key security, as is the case in this application, the private DES key is used only once by the sender and receiver and then discarded, an improvement over multiple use.

Two features of asymmetric security, digital signatures and encryption, help to ensure the security of the data being exchanged during this pilot. To "sign" data, the sender uses an algorithm to generate a string of text unique to the data being sent, and then encrypts this "message digest" to produce the digital signature. Analogous to a written signature, the digital signature can be created only the sender, who holds the private key, but can be verified by anyone with access to the public key. To keep the data confidential, the sender generates a random private DES key and encrypts the data with it. Once the data is encrypted, RSA Security technology is used to encrypt the private DES key using the public key of the recipient of the data. The secured data and private DES key are then sent. Only the intended receiver has the private key to unlock the encrypted data.