Abstract not found

This paper proposes a family of protocols -- iKP (i = 1; 2; 3) -- for secure electronic payments over the Internet. The protocols implement credit cardbased transactions between the customer and the merchant while using the existing financial network for clearing and authorization. The protocols can be extended to apply to other payment models, such as debit cards and electronic checks. They are based on public-key cryptography and can be implemented in either software or hardware. Individual protocols differ in key management complexity and degree of security. It is intended that their deployment be gradual and incremental. The iKP protocols are presented herein with the intention to serve as a starting point for eventual standards on secure electronic payment.

MD5 is an authentication algorithm proposed as the required implementation of the authentication option in IPv6. This paper presents an analysis of the speed at which MD5 can be implemented in software and hardware, and discusses whether its use interferes with high bandwidth networking. The analysis indicates that MD5 software currently runs at 85 Mbps on a 190 Mhz RISC architecture, a rate that cannot be improved more than 20-40%. Because MD5 processes the entire body of a packet, this data rate is insufficient for current high bandwidth networks, including HiPPI and FiberChannel. Further analysis indicates that a 300 Mhz custom VLSI CMOS hardware implementation of MD5 may run as fast as 256 Mbps. The hardware rate cannot support existing IPv4 data rates on high bandwidth links (800 Mbps HiPPI). The use of MD5 as the default required authentication algorithm in IPv6 should therefore be reconsidered, and an alternative should be proposed. This paper includes a brief description of the...

Current approaches to access control on Web servers do not scale to enterprise-wide systems because they are mostly based on individual user identities. Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in large-scale Web environments. To satisfy this requirement, we identify two different architectures for RBAC on the Web, called user-pull and server-pull. To demonstrate feasibility, we implement each architecture by integrating and extending well-known technologies such as cookies, X.509, SSL, and LDAP, providing compatibility with current Web technologies. We describe the technologies we use to implement RBAC on the Web in different architectures. Based on our experience, we also compare the tradeoffs of the different approaches.

Micro-payments are payments too small in amount to warrant the overhead costs of current financial clearing networks. Furthermore one can expect that content servers for the global information infrastructure (GII) will have to process so many of these low value transactions that computationally complex and costly cryptographic protocols will be impractical. This report proposes a micro-payment scheme that can be bootstrapped with the already well-known payment protocols for larger amounts, but does not depend on them for each micro-transaction. Special attention is given to its integration into IBM's Internet Keyed Payment Systems (iKP). 1 Introduction Micro-payments have a broad application area in the marketing of information distributed in an electronic form. Modern network information browsing tools (WWW [1]) enable users/clients to wander arbitrarily through the global networks and obtain such documents. We assume that a specific client normally is consuming enough low-value docu...

Introduction Two parties communicating across an insecure channel need a method by which any attempt to modify the information sent by one to the other, or fake its origin, is detected. Most commonly such a mechanism is based on a shared key between the parties, and in this setting is usually called a MAC, or Message Authentication Code. (Other terms include Integrity Check Value or Cryptographic Checksum). The sender appends to the data D an authentication tag computed as a function of the data and the shared key. At reception, the receiver recomputes the authentication tag on the received message using the shared key, and accepts the data as valid only if this value matches the tag attached to the received message. The most common approach is to construct MACs from block ciphers like DES. Of such constructions Department of Computer Science & Engineering, Mail Code 0114, University of California at San Diego, 9500 Gilman Driv

Public-key cryptographyhaslowinfrastructural overhead because public-key users bear a substantial but hidden administrative burden. A public-key security system trusts its users to validate each others ' public keys rigorously and to manage their own private keys securely. Both tasks are hard to do well, but publickey security systems lack a centralized infrastructure for enforcing users ' discipline. A compliance defect in a cryptosystem is such a rule of operation that is both di cult to follow and unenforceable. This paper presents ve compliance defects that are inherent in public-key cryptography � these defects make publickey cryptography more suitable for server-to-server security than for desktop applications. 1

Agora 1 is a Web protocol for electronic commerce that is intended to support high-volume of transactions each with low incurred cost. Agora has the following novel properties: ffl Minimal. The incurred cost of Agora transactions is close to free Web browsing, where cost is determined by the number of messages. ffl Distributed. Agora is fully distributed. Merchants can authenticate customers without access to a central authority. Customers with valid accounts can purchase from any merchant without any preparations (such as prior registration at the merchant or at a broker). ffl On-line arbitration. An on-line arbiter can settle certain customer/merchant disputes. ffl Fraud control. Agora can limit the degree of fraud to a pre-determined (low) level. Agora is authenticated, secure and cannot be repudiated. It can use regular (insecure) communication channels for communication between customers and merchants. 1 Introduction The widespread use of electronic commerce on the World Wi...

Information Commerce is a business activity carried out among several parties in which information carries value and is treated as a product. The information may be content, it may be returned usage and marketing data, and it may be representative of financial transactions. In each of these cases the information is valuable and must be kept secure and private. Traditional approaches secure the transmission of that information from one point to another; there are no persistent protections. Protection of all of these components of information commerce for all parties in a transaction value chain is necessary for a robust electronic infrastructure. A prerequisite to such an environment is a cryptographically protected container for packaging information and controls that enforce information rights. This paper describes such a container, called the DigiBox . EPR has submitted initial specifications for the DigiBox container to the ANSI IISP Electronic Publishing Task Force (EPUB) within ...

Abstract. The visionary approach of Triple Space Computing was recently introduced based on the insight that Web Services do not follow the Web paradigm of ‘persistently publish and read ’ [Fensel, 2004]. Instead, Web Services currently require a synchronous connection to transmit data transparently bypassing and ignoring the power of the Web paradigm. Triple Space Computing proposes to publish communication data analogous to the publication of Web pages: persistently for anybody to read who has access to it at any point in time. This has several benefits. The provider of data can publish it at any point in time (time autonomy), independent of its internal storage (location autonomy), independent of the knowledge about potential readers (reference autonomy) and independent of its internal data schema (schema autonomy). This article introduces a minimal Internet-scalable Triple Space Computing architecture based on Semantic Web technology that implements these four types of autonomy in the simplest way possible with as minimal functionality as feasible to be useful with no or almost no impact to publishers and reader of communication