In this paper, we argue that person-to-person key distribution is best accomplished with a key-centric approach, instead of PKI: users should distribute public key fingerprints in the same way they distribute phone numbers, postal addresses, and the like. To make this work, fingerprints need to be small, so users can handle them easily; multipurpose, so only a single fingerprint is needed for each user; and long-lived, so fingerprints don't have to be frequently redistributed. We show how these qualities can be achieved with simple and well-understood techniques. The chief technique is for each user to store a root key in a highly secure environment and use it to certify subkeys for use in more convenient environments. Certificate formats like X.509, PGP, and SPKI could be used for this, but we argue that a format designed expressly for this could do a better job; thus we design the cryptoID certificate format.

Abstract Peer-to-peer systems have recently attracted an enormous amount of attention both inside and outsideof the research community. Systems such as Gnutella and KaZaA have demonstrated that distributed

Access control is an important aspect of shared virtual environments. Resource access may not only depend on prior authorization, but also on context of usage such as distance or position in the scene graph hierarchy. In virtual worlds that allow user-created content, participants must be able to define and exchange access rights to control the usage of their creations. Using object capabilities, fine-grained access control can be exerted on the object level. We describe our experiences in the application of the object-capability model for access control to object-manipulation tasks common to collaborative virtual environments. We also report on a prototype implementation of an object-capability safe virtual environment that allows anonymous, dynamic exchange of access rights between users, scene elements, and autonomous actors.

This paper presents a new electronic commerce scheme that provides consumers with a one stop check-out service for the purchase of a set of items from multiple autonomous shops. In this scheme, a consumer collects a transaction ticket, a specific form of digital-right, from each shop for each purchase representing the right to said purchase, and transfers the collected tickets to a check-out agent when the customer finally decides to complete all purchases selected. This approach allows for the autonomy of inventory/reservation databases in each shop without requiring them to provide transaction control interfaces, e.g., prepare, commit, and rollback, which are traditionally required to avoid the situation in which an item put into a shopping cart not exist at the check-out phase. It also enables the redemption of digital coupons or gift certificates together with transaction tickets at the same time in a uniform manner. 1. Introduction Today, numerous shops are accessible via the In...

Financial Cryptography is substantially complex, requiring skills drawn from diverse and incompatible, or at least, unfriendly, disciplines. Caught between Central Banking and Cryptography, or between accountants and programmers, there is a grave danger that efforts to construct Financial Cryptography systems will simplify or omit critical disciplines. This paper presents a model that seeks to encompass the breadth of Financial Cryptography (at the clear expense of the depth of each area). By placing each discipline into a seven layer model of introductory nature, where the relationship between each adjacent layer is clear, this model should assist project, managerial and requirements people. Whilst this model is presented as efficacious, there are limits to any model. This one does not propose a methodology for design, nor a checklist for protocols. Further, given the young heritage of the model, and of the field itself, it should be taken as a hint of complexity rather than a defining guide.

In capability secure systems it is important to understand the restrictive influence programmed entities (e.g. procedures, objects, modules, components) have on the propagation of influence in a program. We explain why Take-Grant systems are not sufficiently expressive for this task, and we provide a new formalism – Authority Reduction systems (AR-systems) – to model collaborative propagation. AR-systems provide safe and tractable approximations of adequate precision for the confinement properties in configurations of collaborating entities. We propose a domain specific declarative language – SCOLL (Safe COLlaboration Language) – to express the collaborative behavior of subjects, the initial conditions in a configuration, and the requirements about confinement and liveness that are to be ensured. We provide the syntactic structure and an operational and denotational semantics for the language. From experiments with a first implementation, we provide a preliminary result and show how patterns for capability based collaboration can be analyzed and generated.