to phone bills.

1998), promises of loans contingent on the consumer paying a large

fee in advance.

pay-per call services, business opportunities and franchises, and

travel and vacation offers.

National Consumers League’s top tips to avoid Internet fraud, as reported

by the Rider students:

know who the company or person is and where it is physically located.

the return and cancellation policy, and the terms of any guarantee.

The federal telephone and mail order rule applies: Goods or services

must be delivered by the promised time, or, if none was stated, within

30 days. Print out the documentation.

and licensing or registration documents, but remember that fraud artists

can appear and disappear quickly, so lack of a complaint record is

no guarantee of legitimacy.

and violates computer etiquette. Report such "spamming" to

your Internet service provider.

with, even if you want to see pictures or hear music. You could unwittingly

download a virus that hijacks your Internet service, reconnecting

you to the Net through an international phone number, resulting in

enormous phone charges.

Top Of Page
Trintech’s Initiatives

Another aspect of the Rider study dealt with technology-based

solutions aimed at preserving the reliability and integrity of E-commerce.

When the study was published, there were only two major technologies:

Secure Sockets Layer (SSL) and Secure Electronic Transaction (SET).

Since then, Trintech has come out with two variations on these methods,

aimed at making it easier and more secure for consumers to buy on

the ‘Net (http://www.trintech.com).

Trintech is based in Dublin, Ireland, but opened a research and development

facility here in 1997 and is located on Independence Way. The privately

owned firm specializes in providing card payment and electronic commerce

solutions to bankers and retailers (U.S. 1, December 3, 1997).

Kevin McGuire, the oldest of three brothers in Trintech, heads

the Princeton office. He graduated from University College Dublin

in 1976 and came to Princeton Plasma Physics Lab in 1979, recruiting

fellow PPPL-ers to help him open the R&D office on 1997. Sales, marketing,

and customer support for Trintech is provided by a 30-person office

in San Jose, and a six-person marketing office is in Austin. Munich

is the site of a European office.

Trintech is a direct supplier and an OEM (original equipment manufacturer)

supplier of payment software http://www.trintech.com.

Trintech’s latest and most exciting product is Payware Net. "We

realized that SET (one of the transaction methods) was slow to take

off," says spokesperson Richard Martin, "and that people

on the retail side were asking for a form more secure than offered

today under traditional SSL (the alternative transaction method).

Our guys in Princeton developed this Payware Net product, and it comes

in four different flavors:

Communication Corporation’s handshake protocol." With encrypted

data transmission it issues a digital certificate and signature to

authenticate both the buyer and the seller. "It uses public key

encryption — a set of mathematically linked numbers, referred

to as keys. A message encoded with the public key (widely known, such

as an individual’s address) can be decoded only with the private key

(so the message can be read only by the intended recipient),"

describes the report.

After SSL negotiates the secure connection, the buyer and the seller

can begin to exchange data. It works, but as Martin points out, "Plain

SSL messaging doesn’t give the same level of security as SET."

security protocols developed by Visa International and MasterCard.

Trintech installed its version on Netscape’s site in 1996. "It

goes beyond SSL by incorporating credit card authorization, ensuring

that the buyer is authorized to use the credit card (via the digital

signature) and that the merchant is authorized to accept the card

(via verification of the merchant’s relationship with a bank acting

as a payment processing intermediary)," says the student report.

SET offers a digital certificate at the consumer level, as well as

at the merchant level, says Martin. Merchants can post the SET symbol

on their home page so that savvy consumers will know their credit

card data will be safe.

But using SET can be expensive for merchants dealing with low margin

transactions, so Trintech now offers two hybrid versions:

The buyer sends a message in SSL to the online merchant site. This

is translated to a SET message and sent from the online merchant to

the bank. "One of the big barriers of SET is the whole digital

certificate that the consumer fills out," says Martin. "Here,

the consumer doesn’t have to apply for the digital certificate, yet

the consumer knows the site is secure," says Martin. The SET mark

means that the merchant has gone through rigorous third party testing.

requirement of a digital certificate for the consumer; the consumer

does not have to go through the rigamarole of that application. "For

the consumer, three and four are identical," says Martin. "The

consumer knows the data is more secure because of the SET encryption.

It is another step to more secure E-commerce."

the technology company," says Martin. "We leave it to the

card associations and the banks to decide what is the best."

To Martin, a good way to measure fraudulent Internet transactions

is to count the number of "chargeback" complaints to credit

card companies about Christmas purchases. Not all of the complaints

will be due to fraud: "There is a rumor that it is quite high;

people are alleging that kids’ are taking parents’ credit card numbers

and getting merchandise sent to their address — and these purchases

are being disputed by the parents."

CEO John McGuire and the Trintech crew want to develop the technology

so it is "a transparent exercise of clicking, clicking, and clicking

for payment to be activated, authorized, and completed in a secure

manner."

"In a few years, consumers will log on, click, and pay with the

same confidence and regularity on the Web as they do today in the

physical world," says McGuire. "But encryption is a

demanding science. We feel that, by making the investment in research

in these early days, we will be rewarded in the near future when the

underlying encryption methodologies need to be upgraded to newer,

faster, and more secure encryption techniques."

"It’s a very exciting area to be working in. You are going to

potential and existing customers who want to embrace the technology

and make it available to the customer base," says McGuire. "This

is a push sell, not a pull sell."

Top Of Page
For Goren’s LapJack, A Sale & Repackaging

Once more, Andy Goren is an empty nester. He founded

TV Objects, a company that developed a Java software tool called Applet

Designer, and he sold it off. Then under a different company name

he developed a hardware solution to laptop computer security, Lapjack

(U.S. 1, June 10, 1998). In October he sold the license for Lapjack

to a multibillion dollar global firm, which will launch the repackaged

product on March 1. Now the 29-year-old Goren, based at Princeton

Office Gallery on Independence Way, is contemplating his next contribution

to the cause of electronic commerce.

"For now I am going to stay around and help out," says Goren,

who had been a theoretical math major at University of California,

Berkeley. "But I might work on a new product, a joint venture."

Curtis Computer Products, has bought the worldwide exclusive rights

to Lapjack for marketing and manufacturing LapJack (http://www.curtiscp.com).

Curtis is a division of Esselte Pendaflex, a manufacturer of Oxford

file folders that supplies distribution to office products distributors,

computer supplies/VAR distributors, mail order catalogs, mass market,

and superstores for computers and office products.

LapJack uses an encoded security key that plugs into a parallel printer

port on a laptop computer. If a machine is enabled with LapJack it

cannot boot up without the key. It can’t be compromised by booting

from a floppy. And once the LapJack software is deployed on a laptop,

that computer’s hard drive can’t be used in another computer, nor

can the hard drive’s data be reformatted. LapJack puts no demand on

the processor or memory, doesn’t corrupt data, and doesn’t use passwords.

The new product is getting a new name, Data Defender, and a huge marketing

push. Its software is being translated into 14 languages, including

Hungarian, Polish, Finnish, and Swedish, says Ken Bernstein of Curtis.

Lapjack had a "street price" of about $90, and Data Defender

will sell at discounted rates for a similar price, from $89 to $99.

Data Defender will be a Qualtec brand and will have tie-ins to other

Qualtec products. "We own a printer cable company, and for desktops,

laptops, and docking stations, we are providing the Qualtec Data Defender

Parallel Port Extender," says Bernstein. This four-foot "splitter

cable" can be plugged into the hard-to-reach port of a desktop

computer and extend to a convenient spot for users to insert their

hardware security keys. It will retail for $29.95.

Like TV Objects is now, Lapjack will be a shell company after the

launch. To develop this hardware product, Goren had worked with Juan

Ruival, whose name is also on the patent. He had investment capital

from David Plimpton of Plimpton & Yang on Chambers Street. What now

for Goren? "I’m going to look in Internet and security areas for

the next products," says Goren.

Office Gallery, Princeton 08540. Andy Goren, president and CEO. 609-514-5181;

fax, 609-514-5176. Home page: http://www.lapjack.com.

Corrections or additions?

This page is published by PrincetonInfo.com

— the web site for U.S. 1 Newspaper in Princeton, New Jersey.