ePSO Newsletter

From: Subject: ePSO Newsletter Date: Sat, 21 Oct 2006 15:41:56 +0200 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_000A_01C6F527.70A7C290"; type="text/html" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 This is a multi-part message in MIME format. ------=_NextPart_000_000A_01C6F527.70A7C290 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Location: http://web.archive.org/web/20030225180505/epso.jrc.es/newsletter/vol08/2.html =EF=BB=BF ePSO Newsletter

[Back to Table = of=20 Contents]

[8&2]

New Payments Authentication = Methods for Use=20 on the Internet

Simon Lelieveldt = (simonl@wxs.nl),=20 Amsterdam, The Netherlands

/credit cards/internet payment=20 systems/security/wallet/consumer adoption

During the recent Second = Edinburgh=20 Financial Cryptography Engineering Conference [info] Paul = Guthrie,=20 Chief Technology Officer of Brodia, held an impromptu speech on = the issue=20 of the future of authentication mechanisms for credit-card = payments over=20 the Internet. This article briefly describes, on the basis of his = speech,=20 the three models which may be adopted by Visa (3D secure), = Mastercard=20 (Secure Payment Application) and Maestro.

Internet payments with SET haven?t = taken off.=20 The complexity and cost of implementing SET have been an important = barrier, as well as the fact that all stakeholders involved must = need an=20 incentive to implement it. In this respect, one should take into = account=20 that the liability shift announced by Visa (the 3D model) = [info]=20 has the consequence that if a merchant accepts 3D-SET, the = SSL-credit-card=20 transactions that are done with that merchant will not be open for = reversal. So, with 3D SET especially issuers don?t have a business = case to=20 invest many dollars in an infrastructure which then obliges them = to take=20 liability for transactions made by their customers. This is a cost = for the=20 issuing bank. Given these costs, most SET trials and 3D-SET trials = are=20 slowly shutting down, with the exception of a number of = Scandinavian=20 trials. So as far as safe and widely accepted payment mechanisms = for use=20 on the Internet are concerned, we?re back to square = one.

One of the mechanisms available in = the market=20 is a concept in which a surrogate card number will be used. An = example of=20 this is the Orbiscom O-card [info]. In this concept, a 16 = digit=20 card number is issued to the consumer by his or her bank or card = issuer=20 for one transaction only. The customer uses the number at a = merchant=20 website and the merchant validates the number with the issuer = through a=20 standard credit card transaction. A number of implementations of = this=20 mechanism is currently available. Some implementation problems do = arise=20 however, as merchants tend to store this number in their database = for=20 future usage and use the numbers in ways that are unanticipated by = the=20 issuer system, causing errors or not catching fraud. Although a = solution=20 could be to lock a number to a merchant-ID, one should consider = the fact=20 that a large merchant may use multiple merchant ID-s, or may = switch=20 merchant IDs at any time. Another question is the issuance and = validation=20 of the surrogate card number. It may be difficult for issuers to = integrate=20 these functions properly with the existing legacy systems, as a = result of=20 which operational errors or large expense may occur.

If we consider the lessons learnt = so far, it=20 appears that any successful Internet payment mechanisms must be = beneficial=20 to all stakeholders. Also, it must be noted that in fact the fraud = levels=20 are not really high, except for two types. The first is the = situation,=20 especially in porn or gambling industry, where the client does = something=20 but later denies it. The second is the gross exposure of card = numbers if=20 they are not protected well enough. To address these specific = issues, Visa=20 USA, Mastercard and Maestro are considering new solutions. The = first of=20 these solutions can be expected to become available in the market = as of=20 the third quarter of 2001. Usage of the protocols will possibly be = mandated by the organisations involved at some point.

The proposed Mastercard solution = is named SPA=20 for secure payment application and rests on the basis that one = needs more=20 than the credit-card number [info]. It utilises the = universal card=20 holder authentication field (UCAF) infrastructure to validate the=20 transaction. The UCAF itself is a hash, generated at the time of = the=20 transaction. If a customer wants to buy something and agree to a = merchant=20 offer, a redirection will take place to a server of the issuer, = were the=20 hash is being calculated on the basis of data elements in the = offer to the=20 consumer as well as a secret cryptographic key. The consumer = agrees to the=20 transaction and also (but invisible to the consumer) sends the = UCAF field=20 to the merchant. The merchant will process the transaction and = route the=20 UCAF to the issuer for validation. All in all this is a simple = scheme (as=20 it requires receiving and passing through one additional field of = data),=20 yet it does not work yet in the linux and wap environment. = Furthermore,=20 the scheme requires a consumer wallet, which most probably will be = a=20 server-side wallet.

The proposed Visa USA solution is = called=20 3D-secure (and falls within the Visa Payment Authentication = program) and=20 is SSL-based [info]. Basically customers are registered as=20 3D-secure users and merchants do a lookup in a central registry to = verify=20 if a specific card?s number is indeed registered for 3D-secure = payments.=20 If that is the case a server-side wallet will start to operate in = a=20 separate window where transaction details are filled in as far as=20 necessary (user data are filled in beforehand on the basis of the=20 registration process). The server-side wallet then signs the = transaction=20 on behalf of the client. The merchant will then check the bank's = signature=20 on the transaction.

The proposed Maestro solution will = also be=20 based on a server side client wallet. In this solution the regular = (but=20 pseudo) cardnumber will be used, yet the expiration date will be = changed=20 for each transaction (instead of the card number itself). The = issuer will=20 issue and validate this expiration date as in the Mastercard = solution and=20 upon validation will add the track 2 information belonging to the=20 Maestro-card that is used in the transaction (this info is = obtained as a=20 part of the application/registration procedure). From there on, = the=20 transaction will be directed off the web and treated as a regular = Maestro=20 transaction. After authorisation/validation the ok will be = transferred to=20 the merchant and consumer.

The common element in the schemes = will be that=20 the issuer may determine the method of client authorisation. This = could be=20 either a login/password procedure over SSL, the use of EMV = smartcards with=20 a 0 dollar purchase, the use of smart cards within the framework = of a=20 PKI-solution or a scheme in which a virtual smartcard is emulated = in=20 software. The specific method chosen could vary on the basis of = parameters=20 such as amount. The difference between the schemes is that with = the=20 Mastercard and Maestro solution the issuer has to do the = validation as=20 well as generating and issuing UCAFs, new expiration dates, and = with the=20 Visa solution the merchant has to do the validation.

Empirical data on a number of = different banks=20 and payment mechanisms show Brodia that a secure payment mechanism = may=20 result in increased higher average value of payments over the web. = The=20 future will reveal which of the different payment authentication=20 mechanisms will turn out to be the best, and how interoperability = will be=20 achieved.

[reply]

To start discussion on this = article in the=20 ePSO-Forum just click the reply-button.

[info]

=C2=B7 = The Second Edinburgh Financial Cryptography Engineering = Conference=20 - 22/23 June, http://www.efce.net/programme.html

=C2=B7 = Visa announcement of 3D-application and Payment = Authentication=20 methods http://www.visa.com/av/news/press_release.ghtml?pr_form_edit=3D3= 24&edit_file=3D

=C2=B7 = The Orbiscom O-card, pseudo number: http://www.jrc.es/cfapp/invent/details.cfm?uID=3D180<= /P>

=C2=B7 = The Secure Payment Application: http://www.jrc.es/cfapp/invent/details.cfm?uID=3D181<= /P>

[Back to Table = of=20 Contents]

------=_NextPart_000_000A_01C6F527.70A7C290 Content-Type: image/jpeg Content-Transfer-Encoding: base64 Content-Location: http://epso.jrc.es/images/fondo.jpg /9j/4AAQSkZJRgABAgEBLAEsAAD/7Qo4UGhvdG9zaG9wIDMuMAA4QklNA+0AAAAAABABLAAAAAEA AgEsAAAAAQACOEJJTQQNAAAAAAAEAAAAeDhCSU0D8wAAAAAACAAAAAAAAAAAOEJJTQQKAAAAAAAB AAA4QklNJxAAAAAAAAoAAQAAAAAAAAACOEJJTQP1AAAAAABIAC9mZgABAGxmZgAGAAAAAAABAC9m ZgABAKGZmgAGAAAAAAABADIAAAABAFoAAAAGAAAAAAABADUAAAABAC0AAAAGAAAAAAABOEJJTQP4 AAAAAABwAAD/////////////////////////////A+gAAAAA//////////////////////////// /wPoAAAAAP////////////////////////////8D6AAAAAD///////////////////////////// A+gAADhCSU0ECAAAAAAAEAAAAAEAAAJAAAACQAAAAAA4QklNBBQAAAAAAAQAAAAKOEJJTQQMAAAA AAioAAAAAQAAAHAAAABVAAABUAAAb5AAAAiMABgAAf/Y/+AAEEpGSUYAAQIBAEgASAAA//4AJkZp bGUgd3JpdHRlbiBieSBBZG9iZSBQaG90b3Nob3CoIDUuMv/uAA5BZG9iZQBkgAAAAAH/2wCEAAwI CAgJCAwJCQwRCwoLERUPDAwPFRgTExUTExgRDAwMDAwMEQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM DAwMDAwBDQsLDQ4NEA4OEBQODg4UFA4ODg4UEQwMDAwMEREMDAwMDAwRDAwMDAwMDAwMDAwMDAwM DAwMDAwMDAwMDAwMDP/AABEIAFUAcAMBIgACEQEDEQH/3QAEAAf/xAE/AAABBQEBAQEBAQAAAAAA AAADAAECBAUGBwgJCgsBAAEFAQEBAQEBAAAAAAAAAAEAAgMEBQYHCAkKCxAAAQQBAwIEAgUHBggF AwwzAQACEQMEIRIxBUFRYRMicYEyBhSRobFCIyQVUsFiMzRygtFDByWSU/Dh8WNzNRaisoMmRJNU ZEXCo3Q2F9JV4mXys4TD03Xj80YnlKSFtJXE1OT0pbXF1eX1VmZ2hpamtsbW5vY3R1dnd4eXp7fH 1+f3EQACAgECBAQDBAUGBwcGBTUBAAIRAyExEgRBUWFxIhMFMoGRFKGxQiPBUtHwMyRi4XKCkkNT FWNzNPElBhaisoMHJjXC0kSTVKMXZEVVNnRl4vKzhMPTdePzRpSkhbSVxNTk9KW1xdXl9VZmdoaW prbG1ub2JzdHV2d3h5ent8f/2gAMAwEAAhEDEQA/APUCC5sDiIPIBHHITEEazuPYdj4H+S9OT7pi T4d9P/MkhHHYTHGvjG1JS0kSXHSPDX+1Ht7JTEmZE6j/AMi781OBpM6NOn4TuTDd+8TulvgfyfSS Uu0ECCdR37E+O2Umj5ToRHdRgEAGIIkNIgyPpaJyAfAujjyP+akpdx9s9vmUhBGoEcDjX4bfzUtN 26e3Hfz3JtZjUDkjw8G7vouSUotkiYjWBHM/yp+l9JOSOfHk/JMXt0aPb2bxz+7ykNeRrAkHQ6eP /fElLjygdgR2g/RhJw7D5JQGwNZMaz4dyogQ4TAPee5/N/76kpTgZAHPcdvy/S/lsTmd+rgRyOfH hKDIA9o5bHjOrT9JNq4a8HQDx/k8JKf/0PT3cRoSPotPcD/ekGuBM6mfiD9Ha937nCQADdBAmYPY kpaAzyW94+cfvbUlLkdydR+dMR/W2pi0me0ke09xDZn93+wnnt3IPn31TGIhwknQtdB5SUuDAJaS 4xP+oSGusk+GnE+SUHvqCTB4IBTHaZHPh3b938lJSziDBGscacHjcB9JLZJOgMjjw/kn9/dtUnND tHDy15Hm1NqTBkdiQNZB0dofzklK0iBqDG2dRI+ikSfpSNO2hiPpJ9T4bjo+OOExkx+bPcidNOf3 tySlA8NZoAYntPz/AMxP7W6DSTG3tp+bwmIaQdNDIdxwfpf2v31LRuvLj+Os6JKYDVpBjwjgEH93 X85ifbBJ7mNx0P8AZP0fo/vJF20e7yAHP3fR+k1IAN45aY4nTw/stSU//9H1DiIGsQADEj708g6c jTz514Ta8NOoPj4+KiWiB+aNJ8RBluuv0XJKX9gl2gLhJI4PxH8lMYIl3uaRqORB7fup4mXkEEwS 0HUEf2tidoAGhjb4AAHSOySlhu1nQ9o4j83mEpkRwDwD38nbktzdsA7vhrofbwE5ky0EeEjkeCSl EtAkkQe8dkzTrBEdj8ezm/1pSG6Z7n4gEc/5yR4mN0gxB5/O5/lJKUB+cRrHMdhP0XBOIBIiDqSZ 8D9L+0kRpqN3gE3OvM8GTof+qakpfTueef8AzJIagCD8RHInw+CZwcSRPMzMxEeScmJkT5f3fvJK WLNwO4AzoRyCPgZSBH0uZBOoI4O7VO4gD3EEk/AHwb7v5Ki2I1kuGoJgOkf9+SU//9L08nsJnz8/ zZ/P9yRaBBEzp5wPgkBEhsAA6x89P638pOTrI5nQHTWJ0/spKWPu7kaTB7EQ5u7X8xKAR/J0LY8/ BKByOG8RM6f+Yp4BbIIDT3b+UJKVxqQSR89fBNoXDUGTPYgDt+T/AD05J4GjwA4gajlLmBHm3iY0 On9VJSj2mPADkkwkJEmAJM6aHt7vcmDZcXRqYgnTiY/6r9xPI4MQ46AkfNJS233Enk6ExBj/ADk8 HkgSJkxrH/nKQM7QfpRr8vaf+qTEBw5G3wMSCP8AOSUrWQ0xJkgHiP5KQI5jyJEf2dUjIcTEBxGv gf5WoS1OgbpxpBHO0t90JKVpP8p3EaE/f+4nJJjudI+Py+ikJHef3v8AenPtExrqQO/3/wCckp// 0/Tw7bp9LsDp5+x0fyUj7dCZjsNCeY/dS1B158T/AH6p3HiTAnXUeH0TP7ySlHwOsa9+3yTgR5nx 45KiBtaBH0fzfw0/qJwDEO93Y/d/5FJShHOsDtHedZCYy4A8NOvbyI9zT+aniTMSdOR2B/6pIDiD 8iODru4/eSUx7xwCdeDB/ebypSXHyn3ciCFH+W0gQIG0y3+20KQPhoeD3PxlJSoBMnw/LH/kUhMA nkxIBPgmMCAPH2iRzrO385JxgdhPc6f3JKUXDcG6BziR27au9p2/mp47xJHl2/d5SOhM9+CT3CaP cTBM8DT5/wCf/KSUqPzjyJieI/lf+ZJO2kQR4kgzyQZT7YAnjQGPH/vqQM95j6X46JKf/9T1DsI+ j2/1cm1893bx5/O2+xfLaSSn6md94nSND8v7SgJ2d578bon2/wA0vlxJJT9SCNx4Lp76CdP63uS7 jvrpwD/J+l/JXy2kkp+pT9L3AfGUzu+4aQdDx+PvXy2kkp+pRO4zJPnMcj+ykJ/OmY90x494Xy0k kp+pdZO35xz80w5PH4c/2fcvltJJT9Sabnf1tZ/77t/NSMbREzt0nmJHPqe7+svltJJT/9k4QklN BAYAAAAAAAcAAQAAAAEBAP/iDFhJQ0NfUFJPRklMRQABAQAADEhMaW5vAhAAAG1udHJSR0IgWFla IAfOAAIACQAGADEAAGFjc3BNU0ZUAAAAAElFQyBzUkdCAAAAAAAAAAAAAAAAAAD21gABAAAAANMt SFAgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEWNwcnQA AAFQAAAAM2Rlc2MAAAGEAAAAbHd0cHQAAAHwAAAAFGJrcHQAAAIEAAAAFHJYWVoAAAIYAAAAFGdY WVoAAAIsAAAAFGJYWVoAAAJAAAAAFGRtbmQAAAJUAAAAcGRtZGQAAALEAAAAiHZ1ZWQAAANMAAAA hnZpZXcAAAPUAAAAJGx1bWkAAAP4AAAAFG1lYXMAAAQMAAAAJHRlY2gAAAQwAAAADHJUUkMAAAQ8 AAAIDGdUUkMAAAQ8AAAIDGJUUkMAAAQ8AAAIDHRleHQAAAAAQ29weXJpZ2h0IChjKSAxOTk4IEhl d2xldHQtUGFja2FyZCBDb21wYW55AABkZXNjAAAAAAAAABJzUkdCIElFQzYxOTY2LTIuMQAAAAAA AAAAAAAAEnNSR0IgSUVDNjE5NjYtMi4xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAABYWVogAAAAAAAA81EAAQAAAAEWzFhZWiAAAAAAAAAAAAAAAAAAAAAA WFlaIAAAAAAAAG+iAAA49QAAA5BYWVogAAAAAAAAYpkAALeFAAAY2lhZWiAAAAAAAAAkoAAAD4QA ALbPZGVzYwAAAAAAAAAWSUVDIGh0dHA6Ly93d3cuaWVjLmNoAAAAAAAAAAAAAAAWSUVDIGh0dHA6 Ly93d3cuaWVjLmNoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AGRlc2MAAAAAAAAALklFQyA2MTk2Ni0yLjEgRGVmYXVsdCBSR0IgY29sb3VyIHNwYWNlIC0gc1JH QgAAAAAAAAAAAAAALklFQyA2MTk2Ni0yLjEgRGVmYXVsdCBSR0IgY29sb3VyIHNwYWNlIC0gc1JH QgAAAAAAAAAAAAAAAAAAAAAAAAAAAABkZXNjAAAAAAAAACxSZWZlcmVuY2UgVmlld2luZyBDb25k aXRpb24gaW4gSUVDNjE5NjYtMi4xAAAAAAAAAAAAAAAsUmVmZXJlbmNlIFZpZXdpbmcgQ29uZGl0 aW9uIGluIElFQzYxOTY2LTIuMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdmlldwAAAAAAE6T+ ABRfLgAQzxQAA+3MAAQTCwADXJ4AAAABWFlaIAAAAAAATAlWAFAAAABXH+dtZWFzAAAAAAAAAAEA AAAAAAAAAAAAAAAAAAAAAAACjwAAAAJzaWcgAAAAAENSVCBjdXJ2AAAAAAAABAAAAAAFAAoADwAU ABkAHgAjACgALQAyADcAOwBAAEUASgBPAFQAWQBeAGMAaABtAHIAdwB8AIEAhgCLAJAAlQCaAJ8A pACpAK4AsgC3ALwAwQDGAMsA0ADVANsA4ADlAOsA8AD2APsBAQEHAQ0BEwEZAR8BJQErATIBOAE+ AUUBTAFSAVkBYAFnAW4BdQF8AYMBiwGSAZoBoQGpAbEBuQHBAckB0QHZAeEB6QHyAfoCAwIMAhQC HQImAi8COAJBAksCVAJdAmcCcQJ6AoQCjgKYAqICrAK2AsECywLVAuAC6wL1AwADCwMWAyEDLQM4 A0MDTwNaA2YDcgN+A4oDlgOiA64DugPHA9MD4APsA/kEBgQTBCAELQQ7BEgEVQRjBHEEfgSMBJoE qAS2BMQE0wThBPAE/gUNBRwFKwU6BUkFWAVnBXcFhgWWBaYFtQXFBdUF5QX2BgYGFgYnBjcGSAZZ BmoGewaMBp0GrwbABtEG4wb1BwcHGQcrBz0HTwdhB3QHhgeZB6wHvwfSB+UH+AgLCB8IMghGCFoI bgiCCJYIqgi+CNII5wj7CRAJJQk6CU8JZAl5CY8JpAm6Cc8J5Qn7ChEKJwo9ClQKagqBCpgKrgrF CtwK8wsLCyILOQtRC2kLgAuYC7ALyAvhC/kMEgwqDEMMXAx1DI4MpwzADNkM8w0NDSYNQA1aDXQN jg2pDcMN3g34DhMOLg5JDmQOfw6bDrYO0g7uDwkPJQ9BD14Peg+WD7MPzw/sEAkQJhBDEGEQfhCb ELkQ1xD1ERMRMRFPEW0RjBGqEckR6BIHEiYSRRJkEoQSoxLDEuMTAxMjE0MTYxODE6QTxRPlFAYU JxRJFGoUixStFM4U8BUSFTQVVhV4FZsVvRXgFgMWJhZJFmwWjxayFtYW+hcdF0EXZReJF64X0hf3 GBsYQBhlGIoYrxjVGPoZIBlFGWsZkRm3Gd0aBBoqGlEadxqeGsUa7BsUGzsbYxuKG7Ib2hwCHCoc Uhx7HKMczBz1HR4dRx1wHZkdwx3sHhYeQB5qHpQevh7pHxMfPh9pH5Qfvx/qIBUgQSBsIJggxCDw IRwhSCF1IaEhziH7IiciVSKCIq8i3SMKIzgjZiOUI8Ij8CQfJE0kfCSrJNolCSU4JWgllyXHJfcm JyZXJocmtyboJxgnSSd6J6sn3CgNKD8ocSiiKNQpBik4KWspnSnQKgIqNSpoKpsqzysCKzYraSud K9EsBSw5LG4soizXLQwtQS12Last4S4WLkwugi63Lu4vJC9aL5Evxy/+MDUwbDCkMNsxEjFKMYIx ujHyMioyYzKbMtQzDTNGM38zuDPxNCs0ZTSeNNg1EzVNNYc1wjX9Njc2cjauNuk3JDdgN5w31zgU OFA4jDjIOQU5Qjl/Obw5+To2OnQ6sjrvOy07azuqO+g8JzxlPKQ84z0iPWE9oT3gPiA+YD6gPuA/ IT9hP6I/4kAjQGRApkDnQSlBakGsQe5CMEJyQrVC90M6Q31DwEQDREdEikTORRJFVUWaRd5GIkZn RqtG8Ec1R3tHwEgFSEtIkUjXSR1JY0mpSfBKN0p9SsRLDEtTS5pL4kwqTHJMuk0CTUpNk03cTiVO bk63TwBPSU+TT91QJ1BxULtRBlFQUZtR5lIxUnxSx1MTU19TqlP2VEJUj1TbVShVdVXCVg9WXFap VvdXRFeSV+BYL1h9WMtZGllpWbhaB1pWWqZa9VtFW5Vb5Vw1XIZc1l0nXXhdyV4aXmxevV8PX2Ff s2AFYFdgqmD8YU9homH1YklinGLwY0Njl2PrZEBklGTpZT1lkmXnZj1mkmboZz1nk2fpaD9olmjs aUNpmmnxakhqn2r3a09rp2v/bFdsr20IbWBtuW4SbmtuxG8eb3hv0XArcIZw4HE6cZVx8HJLcqZz AXNdc7h0FHRwdMx1KHWFdeF2Pnabdvh3VnezeBF4bnjMeSp5iXnnekZ6pXsEe2N7wnwhfIF84X1B faF+AX5ifsJ/I3+Ef+WAR4CogQqBa4HNgjCCkoL0g1eDuoQdhICE44VHhauGDoZyhteHO4efiASI aYjOiTOJmYn+imSKyoswi5aL/IxjjMqNMY2Yjf+OZo7OjzaPnpAGkG6Q1pE/kaiSEZJ6kuOTTZO2 lCCUipT0lV+VyZY0lp+XCpd1l+CYTJi4mSSZkJn8mmia1ZtCm6+cHJyJnPedZJ3SnkCerp8dn4uf +qBpoNihR6G2oiailqMGo3aj5qRWpMelOKWpphqmi6b9p26n4KhSqMSpN6mpqhyqj6sCq3Wr6axc rNCtRK24ri2uoa8Wr4uwALB1sOqxYLHWskuywrM4s660JbSctRO1irYBtnm28Ldot+C4WbjRuUq5 wro7urW7LrunvCG8m70VvY++Cr6Evv+/er/1wHDA7MFnwePCX8Lbw1jD1MRRxM7FS8XIxkbGw8dB x7/IPci8yTrJuco4yrfLNsu2zDXMtc01zbXONs62zzfPuNA50LrRPNG+0j/SwdNE08bUSdTL1U7V 0dZV1tjXXNfg2GTY6Nls2fHadtr724DcBdyK3RDdlt4c3qLfKd+v4DbgveFE4cziU+Lb42Pj6+Rz 5PzlhOYN5pbnH+ep6DLovOlG6dDqW+rl63Dr++yG7RHtnO4o7rTvQO/M8Fjw5fFy8f/yjPMZ86f0 NPTC9VD13vZt9vv3ivgZ+Kj5OPnH+lf65/t3/Af8mP0p/br+S/7c/23////+ACZGaWxlIHdyaXR0 ZW4gYnkgQWRvYmUgUGhvdG9zaG9wqCA1LjL/7gAOQWRvYmUAZIAAAAAB/9sAhAAMCAgICQgMCQkM EQsKCxEVDwwMDxUYExMVExMYEQwMDAwMDBEMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMAQ0L Cw0ODRAODhAUDg4OFBQODg4OFBEMDAwMDBERDAwMDAwMEQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM DAwMDAz/wAARCAB0AJkDASIAAhEBAxEB/90ABAAK/8QBPwAAAQUBAQEBAQEAAAAAAAAAAwABAgQF BgcICQoLAQABBQEBAQEBAQAAAAAAAAABAAIDBAUGBwgJCgsQAAEEAQMCBAIFBwYIBQMMMwEAAhED BCESMQVBUWETInGBMgYUkaGxQiMkFVLBYjM0coLRQwclklPw4fFjczUWorKDJkSTVGRFwqN0NhfS VeJl8rOEw9N14/NGJ5SkhbSVxNTk9KW1xdXl9VZmdoaWprbG1ub2N0dXZ3eHl6e3x9fn9xEAAgIB AgQEAwQFBgcHBgU1AQACEQMhMRIEQVFhcSITBTKBkRShsUIjwVLR8DMkYuFygpJDUxVjczTxJQYW orKDByY1wtJEk1SjF2RFVTZ0ZeLys4TD03Xj80aUpIW0lcTU5PSltcXV5fVWZnaGlqa2xtbm9ic3 R1dnd4eXp7fH/9oADAMBAAIRAxEAPwD1GTHtOonTzCYTJOoaTJ/kwP8ANTmARGsHvryEuDrxppE/ ikpbVsB309BvI+lA8k4DiSIjiDyPHyd3TAR9HUEwR98+0lLQgaSIBkcD4JKUN3LeY1b277UxgnXQ AmT4HSP3fpJHaPE7faZGvHwTnQmJA5M6yO6SlEkDdofj/wBJuidrdpgceH+oS90wDoNCDJ/15TeA 0APjIMkpKZAaifDUKPEOIjjXkT9GEpdAOgLvHgkhKAPeJE/S4nQ/Dd7UlLw06xA7+Hi0qJa4wNrT B1kngjn6P7yluBMNPzGoHGh/OSIkTEujkcpKUAA3yGuuvm5NE8CSOB3HzKRIMkGBImePCEiCTqPA RoYnw3DySUvrJ2yCDJHkk4dux4Ejv29yQ3ADcNRoSIjhRJM9iPDudp2n2pKXaD5T4jQ/yfYmaff2 JB+kIBJ19jx/ZUuw3Rt+BHHCWoJEEkcEif8ApJKY+6PcJIiQDIIPyb9FEh3iPu/2obgCDEyRAMHu PaeEvUu/db/n/wDmCSn/0PUJ0J+k0gDTiEiY5cQJ5OkEH/vycxJa46GOfPTbqojeTuHYgHnVsh25 JTP3T5j8n9ZRloBBgEyIPidY1SDIG1swORqD38Nqd0xB1B76/wC1JSxgkyASQY8Y8D/nJTrJMAaP BkjUbkiC4weIdPYzI+iUgIHukwDEyTE8OmUlK2jaW7Bp20/6KcmCR56Ecz/qUjoBodvgI7pNgHQl 0aTJP4JKUAQC2N3h281EOafcD46cH+qWlOS0gsBnynXU/wApLdLiCSOxHHP0XNKSmJdAe48jQxOk atd/JTkPBLhrr9HTg/nfQTtmAJkDh0zI/lJHbzwOCfCBvSUpsuAdzuAkH/YE4c0au0Jjn/akQ53t J0M6jQx8k26DO7TxmdB+ckplBJETH3iFEQfaPon806az2/le1KdxB+jMa8GQdW6pyW6k6EaHUxyk pY7fzhtnkGO48UtWtDRoQYaOP5TfopExBk7R9LWdDO137ych3HI4iP7v5KSlm7Zhonb2PLQVH0mf vH8f71KOI3QNsGZPPiVLa798/cP7klP/0fUGtIBHLSTp2hyUgjiY5nWSB/1ScNgD2+UCNJ1/zUxE j3T84PGqSlQGiOBoBMn8Sn8dOfpBIN19umhEfA/uqMOJh4iRGhkf99c1JS/LdYIj4eW3lJ0jVoLi DqDr2/6PtSJjUaEQZHHu552phMu4In2xPgPzdUlLgD6LY07ajQn3J4J03SDyDoRPgQkXA6g88Cf+ p3JjES4gTye3lu1SUuJ2zrpzOp05/ImaA2Np/RkQNTp2EfenBnw3DwKRE6EAzB/IkpXuOokEGDMa jlMIj1BO0idsT+H0koH0uDrJ79+Ux3bj37kGJH/R+ikploT2JmYHlrITAbgQ73M2xunmfpNP3JyO 5EidZ5Gg+ilx7eCRpOvj5pKURoRMFwgGf83/AKpKDMnSDI+ERCXiNAfPiY5SBJEgga8jUcJKVoDt BAke0HyKbbIkDa7bIIHdIHSY17xGhH53Kjw4O0Ag6GZEfuae9qSlxoA+PpakDxI+Pkp+nV+637go tmDHxHh/mzual6DfP/OKSn//0vUIH3kSPu4+ikSWhwJMgTI0/wCi4/yU4bEjsIgT2TAcA8gQHEc6 f9UkpRM7u4EHx5PKW4/md5jiJb+b+alqDvIlwEQ3uP6su+ikWjWRIJ3CAZkJKWBBA26EEiCdRrt/ 76nLS7TVsGWwf9dzU4jiSY1110PilEQBJAAiDr+VJSiT4gE8Tx5JcGRrOpHgCO3+ankbw2YJ7EeC Y7oAdrxII8fgkpQ8O447TOvdM4Ogho2uH0TpEnxTfRbtdBaBp8tf5W5S2nggHjjw+BSUoEbjpo46 gjyUYhsnw0JgHTWOEjABkSAZMA8fR/6KmBGp1E6eXZJTEae4caggd4n934JxO0TLtBP+7+Uo/SHG vJ5BBOngnAmCNNCD2Mz5JKXmO0N7cfwTGTMHidCOR/qUwE6N2gOBlvGph30VKdY4Pge/wSUoiTJP 0fD/AKUpOJEAanwPfx0S1ceNASC0hM+C2fdDhqR2/lJKWlu4cDcC3nuNNqjN/wDo3f54ROefIgjv CHub+7b/ANJJT//T9QjWSII79oJSBcRLTrGncTH/AEtyTQdBq0CRBiCBKeYHn357D5pKUB7jyeYJ E6Hkbkx3EwARw4eGh9zUi3k6/SE+cR7kpjV3fQkTyJ5hJSwLexncJaJ7jsJKfbuMEBx7OInTwKcb h9LnXUd+6YQT2kGD35SUu1sCPiQPjqm0gmCATIiQdYn2/vJaEQ3sJDe2kETy5J0mDoW8tM99e6Sl 5AnWe/aUxgNkuI26h3MCD4hOTGu0u1gx5nbP9lR83cjQjQSOPzklMhM+LhoZMfgEx1du939UidOP 3UtIDtCBqCD4JyI5mOeTPKSlGCdSZ7HUaf6lNu0Jk+cgeX7sqXx+GvdR9rnbY4HGnHH8pySlydYd LSZHIISiYOpHfXnQ/mpmzzHtdGnn9GZlICfpNjdG4ce7ySUu6GiDoJGo8AmDYO7aCZgkCDH7yYEN kcDsAdDO4+06e5OR4w467SNPhqkpY7dY0I7A9iP5JH7qnvb4j70tSQQTzOnh5yo+kz938ElP/9T1 A7SSOx5BJ1kfmpydI5g6g86lNu2/SMtPBjj+snJce08iD4j/AMkkpbb7jEiNOOxjbHH0U5PJ7uBA k6E/eokgGJlx+iCY4j2zqpOBhwMx4aa/gkpUgk9jwfiPuT/ncweI8U0SXB3c9vMfnJyQYnns086J KYyXNDxIPMHt+9p7U/kXcg7THbznckCANxknuB/0vaPcmJMhpIjUOBkSP5KSlFskaAQfnPjLSPBO OJDj2BA1+aiZBHO4d4Jkee0bU7TPumAYBadIISUvJ+iTpBEwU3YNGn5vHklEnYRESQfltHf+sn5O 7SAZn+ykpYwZB+ifAE6xPgn1A5Jjx/vITRJLY9oI/JHin1HaSPPkfMpKY7QI4LCTIjUSfinG4wAd AYIImRH5sfFImHQJB+BiJ8R7UvadDB1EeI+O1JSh7RJPu4+Y/tOTjQ6HQmQOyaTzweD8f7QT6N44 Jkgnx5KSlzA0110n4iVX9Wz99n4/+RRyA3bHDdfkBCB6NH+j/wCkP/JJKf/V9P0J1Ih35s6OB3eX 7qlEgiOeR34SADhpxPGvY/ykw0bMawJHySUozJgxqIJMhwSAGgDYkDt2M+xyQDTLeW6mJP8A1Kcx EO4MffPmkpaZEdhIdrx8k/8AWHOvHB+SWsDkyIOnj3P3Ji5oG4HQfSDdf+pSUogmN0F0du/GrClJ jb3A1Mcj+z+ckACNZMcuHePMHcnl0jQkg9vl+8kpYj2+07idWtcYnXclLXS06E6meROo+knIM6tB E8jnjnX/AMkokEgydI7mNNeeUlMhEbeSNDxOuvklr3Bn97TiUjumXajx0Pz7KLomNC6fokx33pKZ TwTp3+5MC0Et5I5bp8W6Q1PG3ifMclNr31EfSB54/qJKWa2PcTBb7SJJEfS/zk5JkN+YMSNPpBPr JI0nkGOw57poJmARPJHHGn+bCSlalxAiSAe09++u5OeZHYkR5lKQBrruPfxP9ZMXNH0tG6HWRGo/ spKXAa3WANfhyIUNjv3j94Uhu1n6UaEajT5fylKXfuH8P/JJKf/W9Rd35j589kx2yJj1P5PMxqvl pJJT9TH6TZmY+f8A0falrptmJ926eNfFfLKSSn6kb6Pu9OI77eZS8N879Pozx/K2r5bSSU/U4mRH Gu5QEbWxG3SN/wAfzZ9y+W0klP1I7fHsiJ0nwgqWv5scifDn3L5ZSSU/UmkH0485457qTf5M8mP4 r5ZSSU/Untk7onaJ+87VIT25gffK+WUklP1IJjXbMaz8Bz/ZSMSJ2z2jmZ0Xy2kkp+pjH50fS9sz z2SH8ndMd90T818spJKfqZ/p6+pERrP8f+ihfrP8lfLySSn/2Q== ------=_NextPart_000_000A_01C6F527.70A7C290--