Using electronic documents in normal business activities can be efficient and economical. Digital mechanisms can introduce greater levels of security and verification than paper could ever provide.
Peter Wayner
In this age of Infobahn hype, many people forget that computers and networks are more than just toys for pursuing the great electronic harmonic convergence of video games, virtual reality, sports, and romance--they are also important tools for businesses. The fact is, a second, relatively hidden convergence is joining many businesses and providing a simple, standard way for these organizations to exchange data about such important transactions as orders, supplies, and parts availability. The emerging collection of standards that governs how this data is transferred and interpreted between comput
ers is called EDI (Electronic Data Interchange). Many companies investing in the technology are hoping to save millions--if not billions--of dollars.
The acronym EDI embodies several distinct concepts and buzzwords like E-mail, networking, software agents, and interoperability. Also, in several cases, EDI is used as a synonym for computerized or digital. For instance, one member of the EDI standards committee uses the term judicial EDI to refer to standard text file formats that lawyers might use to file documents in court. The term itself emerged from business schools and corporate MIS departments, so it is not surprising that the acronym usually carries the additional implication that the electronic domain will offer new and better efficiency.
EDI provides a collection of standard message formats that can be sent via any electronic messaging service. This approach saves money by replacing the standard paper documents that cement businesses. The amount of paperwork to be simplified and automate
d can be substantial. Although many people are used to the simplicity of reciting credit-card numbers over the telephone, the standard procedures for doing business involve many different slips of paper that help account for everything of value. A typical transaction might include a purchase order, a purchase order confirmation, a packing slip, and an invoice. Each of these involves using separate sheets of paper, and in some companies, several levels of management must approve the documents before they are legally binding. Many small- and medium-size companies still do business by mailing or faxing these documents around the country.
Simply replacing the paper with electronic messages can save the cost of creating the paper and the time required to move it from the printer to the fax machine or through the postal system. The greatest savings, though, lie in making the entire company more efficient and in reducing the amount of inventory kept in stock. For example, many manufacturers are discovering th
at careful, efficient electronic inventory systems allow them to reduce the number of spare parts they must keep available. The savings can be enormous. An internal study by a Fortune 500 firm showed, for example, that the company could save $500 to $700 million with a corporatewide EDI system.
EDI Standards
EDI messages are just E-mail messages that come in a preset format so that inventory and accounting software can process the data successfully. Some of the biggest public standards are the ANSI X12 collection and the United Nations EDIFACT (EDI For Administration, Commerce, and Transport) standard. A number of different companies use each of these standards. There are also several other standards--both public and proprietary--developed by companies that are large enough to impose the standards on their trading partners. These standards often exist in defined niches for particular industries.
Each message created according to one of these public standards must begin with a code that sp
ecifies the nature of that particular transaction. Under the X12 standard, for example, all purchase orders must begin with the code 850, while invoices have to start with an 810. For each type of document, a number of information-containing fields are also specified. The 810 invoices are described in the X12.2 standard, which defines the required fields, including address, transaction information, and total monies due.
The standards were developed with flexibility intentionally built in. Many data fields are either optional or conditional. Also, when two companies decide to use a particular standard, they must agree on the way that certain fields will be used. For instance, a company might describe its parts in any of several different ways. Four tires for a car could be entered as four separate items or as one set.
Thus, EDI does not remove the need for negotiation and synchronization--it just offers a simple framework for the messages so that users can choose off-the-shelf software that will
do most of what they need and then begin customizing it so that it meets their specific requirements.
EDI Clearinghouses
Many businesses subscribe to on-line EDI clearinghouses, which essentially provide E-mail services that transmit data in the standard format. Many also offer to translate the data from one standard to another, which saves individual companies from having to program their computers to understand and speak the various standards that their trading partners use.
Also, the clearinghouses offer many other services as a way of differentiating themselves from one another. Some offer archiving. Others offer to convert EDI messages to plain paper faxes automatically so that EDI systems can communicate with humans. Some also include plain E-mail, so users can transmit messages.
EDI-capable banks are an important subset of the clearinghouses. They also move packets of bits defining transactions, but their transactions are based on money and other securities. Many commercial
banks offer EDI to their customers as part of their array of services. Some retail banks are also trying to interest the public in using systems for automating their bill payment.
The basic transactions in monetary EDI are handled in the same way. A host of different standard formats (e.g., X12.820) are used by different groups of people, and the banks will often translate these requests automatically. One important difference is that these financial EDI standards also include protection against eavesdroppers and thieves by encrypting messages and authenticating both their origin and their content. While these features are also often available to other EDI users, they are often ignored because the information shuttling through the system doesn't represent something as obviously valuable as money. (For a look at how money can be handled, see the text box ``Digital Cash'' on page 126.)
More, Better EDI
The basic transactions in EDI are often just digital versions of their paper equivalents.
The primary difference is that they travel by wire instead of by mail truck and thus arrive faster. Some people might be tempted to dismiss this use as simple and straightforward. But some of the more exotic standards and practices emerging promise to bring new and potentially valuable features to EDI, features that can't be duplicated with paper. These newer realms include digital signatures that can be verified by anyone in any place without the need for identification, digital cash that can move anonymously without forgery, and digital timestamps that can provide practically incontrovertible proof that a document existed at a certain time.
The most important standard for commerce is a digital signature that certifies that a particular person signed an electronic document. When such a standard emerges, the signatures will add much strength to EDI transactions because they will make it much easier for two parties to conduct business without negotiating a preliminary agreement. The digital signatures
will act in the same way as a normal signature on a contract.
Digital signatures are long numbers bundled with a file. They are generated by a cryptographic algorithm designed to make it easy for everyone to verify the signature but difficult for anyone to forge one. The strength of these signatures depends on certain mathematical problems that no one knows how to solve efficiently. Only the owner of the signature holds the secret number that allows them to create a signature.
Such a signature behaves differently than paper-based signatures, and in many cases, it is a substantial improvement. A digital signature can be verified by someone who has never met the party; they can verify this signature at a distance by using a simple algorithm. The signatures are just as valid for copies as they are for originals.
The digital-signature system needs a central authority that issues certificates of authenticity, guaranteeing that message originators are who they say they are. Unfortunately, this
public-key infrastructure needs to be as common as phone books for the system to work efficiently, and that won't happen for some time to come. The EDI standards committees are investigating the area and hope that a good standard will emerge soon (see the text box ``Whose Authentication Systems?'' on page 128).
One of the best digital-signature software implementations available today comes with the Mac System 7 Pro. This system lets you sign a document by merely dragging it to the top of the icon and typing in a secret password that only you know. The document file then stores in its resource fork a signature that can be verified at any time. Apple provides a public-key certificate infrastructure that you activate before beginning by taking a printout from your machine and presenting it to a notary public with three forms of identification. You need only to do this once. Apple binds this information with your file, and thereafter, anyone who receives a file that you signed knows that you generated it.
Many other companies such as Sun Microsystems (Mountain View, CA), Microsoft (Redmond, WA), and Novell (Provo, UT) are also including several levels of digital signatures in upcoming operating systems.
Digital Timestamps
Can you guarantee that a paper document existed at a particular time? The traditional technique is to get a notary public to verify a signature by countersigning the document and entering the time and date into their records. While this may often be effective, it certainly can be error-prone. How can you be certain that nothing was changed in the document?
The digital notary service promises to solve many of these problems and, in fact, offers a significant improvement over traditional paper-based systems. You will be able to notarize a document by signing it with a digital signature and then sending a copy of this signature to an electronic notary, who will keep a file of all the signatures generated that day. At the end of a predetermined period, the notary serv
ice will sign this file and store it away.
The key feature of the digital timestamp is that it uses a cryptographically secure hash function that converts a large file into a small one known as the hash value. This process is also used in the digital-signature algorithms. The algorithm must be constructed in such a way that it is highly unlikely that someone will be able to create another large file that generates an identical small file. This means that you can reliably use the small file as a proxy for the big one. If a big file generates the same hash value as the original, then the contents are almost certainly unchanged.
The digital notary service uses hash functions to tie the signatures it is notarizing into one big chain of trust. Imagine that Alice, Bob, and Carol send in signatures to be notarized. The notary service would place the signatures in order in a file and compute the hash value of the three signatures.
What if someone questions Bob's signature on a document because th
ey just don't believe it arrived at the notary office on a certain day. The notary organization would have to dig up all three signatures' hash values for that day and prove that Bob's signature existed. To do this, the notary organization demonstrates that the only way that a particular hash value could have been generated on that day is if all three signatures were at the notary's. In several cases, the notary office might publish the hash value for a certain day (or time unit) in a trusted third source, like a newspaper.
Surety Technologies (Chatham, NJ) is one company that is planning to develop digital timestamps it has patented. It plans to offer software for all major platforms that will allow companies to register their files for timestamping at regularly scheduled times. It hopes that timestamps will become as common as backups for important data. At this writing, the company had no firm pricing schedule set for its services, but it plans to announce one by the time you read this article.
Lawyers Come to Eden
If EDI is already used extensively by some of the largest companies in the world, then you might assume that the legal foundation for electronic transactions was well established. This is far from the truth. The system works but largely because companies sign carefully drafted legal agreements before commencing electronic relationships. These paper contracts bind them to the agreements and promises that were made electronically over the EDI networks.
The courts have not provided any firm foundation for recognizing electronic transactions. This is, in large part, because the carefully drafted preliminary agreements anticipated any problems. Michael Baum, a Cambridge, Massachusetts, lawyer who heads an American Bar Association committee on EDI, says everyone is waiting for a big lawsuit that would settle the matter. But, according to Baum, ``the Big Case hasn't hit yet.''
When the big case does come, it may be an anticlimax for technologists. The law already includes
plenty of flexibility in the establishment of business practices. For instance, the notion of a signature was originally defined to include any mark made to act like a signature (this included the scratched ``X'' made by people who couldn't write). Digital signatures, it would seem, fall into this realm.
New means of exchange also gain standing as they are used more frequently. A person may not simply use EDI for three years and then, in the middle of a dispute, claim that the EDI had no standing because it wasn't based on paper. This flexible nature of the commercial code is bound to allow EDI to be incorporated into established legal precedent without major shock to those who use it successfully.
What Kinds of EDI Will We See?
For the first several decades, the realm of EDI was largely the private tool of large companies that could afford to invest the millions in computer systems for maintaining electronic relationships. Over the next several years, the base is going to grow substanti
ally as the network tendrils offered by the Internet and other on-line services reach out to the smallest entities. These small companies will grow on-line, and they will be bound to create new and exciting possibilities.
One company, Enterprise Integration Technologies (Palo Alto, CA) is experimenting with building a digital trading floor where companies can meet and do business for the first time without establishing complicated EDI preliminary agreements. They plan on using technologies based on RSA Data Security's (Redwood City, CA) Rivest-Shamir-Adelman algorithm to seal contracts. The system will be available on the Internet through a Mosaic-based interface.
Other new technologies will be more adventurous. General Magic (Mountain View, CA) is touting its Telescript language, which it says will allow people to dispatch software agents to remote computers to do their bidding. This is a substantial leap beyond field-based EDI standards like the ANSI X12, because users can incorporate substant
ial intelligence into the free-ranging programs.
The world of EDI is going to change rapidly over the next several years as these newcomers dive in. The newer participants are sure to bring substantial changes to the arena. Consumers traditionally demand a greater mixture of features and a more carefully debugged system. They are also interested in different goals. Consumers typically do many transactions with people they've never met before, but businesses often set up long-term relationships with suppliers and customers. This means that the broader world of consumer-based EDI will need to have greater safeguards and legal standards before it can succeed.
Peter Wayner is a BYTE consulting editor based in Baltimore, Maryland. He can be reached on the Internet at
pcw@access.digex.com
or on BIX as ``pwayner.''
EDI Moves The Data
