Many researchers believe electronic wallets (secure storage devices that maintain account balances) are the solution to electronic commerce challenges. This paper argues for a more powerful model --- a secure coprocessor --- that can run a small operating system, run application programs, and also keep secure storage for cryptographic keys and balance information. We have built a system called Dyad, on top of a port of the Mach 3.0 microkernel to the IBM Citadel secure coprocessor. This paper describes the abstract architecture of Dyad and a general discussion of secure coprocessor implementations of a variety of electronic commerce applications: ffl Copy protection for software ffl Electronic cash (including a critique of proposed solutions for point-of-sale electronic wallet systems) ffl Electronic contracts ffl Secure postage 1 Introduction Many researchers believe electronic wallets (secure storage devices that maintain account balances) are the solution to electronic commerc...

. The conventional wisdom is that security priorities should be set by risk analysis. However, reality is subtly di#erent: many computer security systems are at least as much about shedding liability as about minimising risk. Banks use computer security mechanisms to transfer liability to their customers; companies use them to transfer liability to their insurers, or (via the public prosecutor) to the taxpayer; and they are also used to shift the blame to other departments ("we did everything that GCHQ/the internal auditors told us to"). We derive nine principles which might help designers avoid the most common pitfalls. Introduction In the conventional model of technology, there is a smooth progression from research through development and engineering to a product. After this is fielded, the experience gained from its use provides feedback to the research team, and helps drive the next generation of products: Research # Development # Engineering # Product # This cyc...

We proposed a new block cipher, Serpent, as a candidate for the Advanced Encryption Standard. This algorithm uses a new structure that simultaneously allows a more rapid avalanche, a more ecient bitslice implementation, and an easy analysis that enables us to demonstrate its security against all known types of attack. Although designed primarily for ecient implementation on Intel Pentium/MMX platforms, it is also suited for implementation on smartcards and other 8-bit processors. In this note we describe why. We also describe why many other candidates are not suitable.