24 February 2000

Date: Wed, 23 Feb 2000 15:19:27 +0100 (CET)
From: Stefan Brands <brands@xs4all.nl>
To: jy@jya.com

The Wall Street Journal, February 22, 2000

Zero-Knowledge Is Hoping to Cash In On Move to Anonymous Funds for Web



Zero-Knowledge Inc., a closely watched Canadian start-up, is mounting an ambitious effort to develop anonymous digital cash and credentials.

The company (www.zeroknowledge.com) attracted attention in December with a service that protects Internet users' privacy by letting them choose fictitious names for activities such as sending e-mail and visiting Web sites. Zero-Knowledge takes its name from the fact that it has no way to link users' real identity with their pseudonyms, a controversial approach that could shield the identity of criminals or people who send abusive mail.

Now, the closely held company plans to take online anonymity a big step further, extending the concept to commercial transactions that normally create a trail of records. Anonymous electronic cash, an idea that has been tried unsuccessfully before, poses a particular challenge for merchants and law-enforcement officials who want to monitor shoppers' movements in cyberspace.

"What we are talking about is a fundamental shift toward individual empowerment in commercial relations," said Austin Hill, Zero-Knowledge's president and co-founder.

Several companies, notably a now-defunct venture called DigiCash Inc., worked on electronic systems for allowing consumers to make payments anonymously. But those efforts foundered, as consumers and merchants chose the convenience of credit cards over anonymity. Undeterred, Zero-Knowledge unsuccessfully tried to buy DigiCash's patents and then recruited one of its key technologists, a cryptographer named Stefan Brands who holds five patents for electronic cash and credential systems.

Mr. Brands's doctoral thesis, from the Technical University of Eindhoven in the Netherlands, attempts to rethink the concept of digital certificates, a popular authentication technology that uses what code makers call public-key encryption. Digital-certificate companies help verify the identity of Internet users and merchants, issuing the equivalent of software keys that are automatically exchanged when purchases are made through a Web browser.

The problem, Mr. Brands argues, is that certificate issuers store users' names and other personal information that may be unnecessary for many transactions. He devised systems of more specialized certificates that can help users disclose data more selectively. Users, for example, might get the equivalent of a key from a government agency that verifies their age for the purpose of buying a movie or joining an online discussion. But they can give that certificate along with a pseudonym, not their real name or address.

This approach, Zero-Knowledge says, can be used in both the real and virtual worlds. Digital cash and credentials can be stored on handheld computers or smart cards that would allow consumers to complete transactions online or in stores.

Such arrangements rely on backing from financial institutions and from merchants, who now favor systems that allow them to keep profiles of users for marketing purposes.

Mr. Hill said the company, which recently raised $25 million in private financing from Canadian institutional investors, is close to deals with partners that should allow its cash-and-credential systems to roll out in 12 to 18 months. Whether or not its plans pan out, some experts believe Mr. Brands' ideas may play a role in the evolution of authentication technology.

See also: