Showing papers on "Trusted third party published in 1999"

Electronic funds transfer method and system and bill presentment method and system

Abstract: A funds transfer system for facilitating electronic funds transfer between a payor and a payee by means of an intermediate trusted third party comprises: a payor station including a device for electronic communication of a payment order, the payment order comprising the payee's name, address and an amount owed by the payor to the payee; a home banking system including a computer structured to communicate electronically at least with the payor station, to receive the payment order, and with the trusted third party; a trusted third party system associated with the trusted third party, the trusted third party system comprising a computer structured to communicate electronically with both the home banking system and a bank of the payee. The home banking system computer is operable, upon receipt of the payment order from the payor station, to generate a universal identifier number uniquely identifying the payee and to transmit electronically the universal identifier number to the trusted third party via a communication with the trusted third party system. The trusted third party system computer also being operable, in response to receipt of the universal identifier number from the home banking system, to identify the payee as a party to receive payment, to generate a routing/transit number of the bank of the payee and the payee's account number from the universal identifier number, and to communicate electronically with the bank of the payee to facilitate transfer of the amount owed to the payee's account to the bank of the payee.

Efficient verifiable encryption (and fair exchange) of digital signatures

Abstract: A fair exchange protocol allows two users to exchange items so that either each user gets the other's item or neither user does. In [2], verifiable encryption is introduced as a primitive that can be used to build extremely efficient fair exchange protocols where the items exchanged represent digital signatures. Such protocols may be used to digitally sign contracts.This paper presents new simple schemes for verifiable encryption of digital signatures. We make use of a trusted third party (TTP) but in an optimistic sense, i.e., the TTP takes part in the protocol only if one user cheats or simply crashes. The performance of our schemes significantly surpasses that of prior art.

Method for initiating a stream-oriented encrypted communication

Abstract: The invention provides a cryptographic system and method with a key escrow feature that uses a method for verifiably splitting users' private encryption keys into components and for sending those components to trusted agents chosen by the particular users, and provides a system that uses modern public key certificate management, enforced by a chip device that also self-certifies. In a preferred embodiment of this invention, the chip encrypts or decrypts only if certain conditions are met, namely, (1) if a valid “sender certificate” and a valid “recipient certificate” are input, where “valid” means that the particular user's private decryption key is provably escrowed with a specified number of escrow agents and that the master escrow center is registered and certified by the chip manufacturer, and (2) if a valid Message Control Header is generated by the sender and validated by the recipient, thereby giving authorized investigators sufficient information with which to request and obtain the escrowed keys. The methods for key escrow and receiving an escrow certificate are also applied herein to a more generalized case of registering a trusted device with a trusted third party and receiving authorization from that party enabling the device to communicate with other trusted devices. A further preferred embodiment of this invention provides a method for generating verifiably trusted communications among a plurality of users, comprising the steps of escrowing at a trusted escrow center a plurality of asymmetric cryptographic keys to be used by a plurality of users; verifying each of said plurality of keys at the escrow center; certifying the authorization of each of said plurality of keys upon verification; and initiating a communication from each of said plurality of users using a respective one of said plurality of keys contingent upon said certification. This invention also provides for decoding of communications by authorized law enforcement agents, based upon use of the Message Control Header included with each communication, using a special law enforcement decoder box and auditing of the law enforcement wiretaps to prevent abuse by law enforcement and other officials. Further preferred embodiments provide for rekeying and upgrading of device firmware using a certificate system, and encryption of stream-oriented data.

Method of moderating external access to an electronic document authoring development and distribution system

Abstract: A method for moderating external access to an electronic document authoring, development and distribution system can comprise the steps of: identifying a third party requesting access to the system; permitting restricted access to the third party; and, eliminating all access restrictions imposed in the permitting step when the third party registers with the system. Thus, the inventive method provides to a third party potential customer access to the electronic document authoring, development and distribution system without risking the abuse of the system by the potential customer. The inventive method can encourage the submission of third party Web assets for use by registered users of the system. Specifically, the inventive method can further comprise the steps of: accepting electronic submissions of Web assets from the third party; storing the accepted Web assets in a Web asset database; and, compensating the third party for subsequent distribution of the Web assets.

Anonymous Authentication of Membership in Dynamic Groups

Abstract: We present a series of protocols for authenticating an individual's membership in a group without revealing that individual's identity and without restricting how the membership of the group may be changed. In systems using these protocols a single message to the authenticator may be used by an individual to replace her lost key or by a trusted third party to add and remove members of the group. Applications in electronic commerce and communication can thus use these protocols to provide anonymous authentication while accommodating frequent changes in membership. We build these protocols on top of a new primitive: the verifiably common secret encoding. We show a construction for this primitive, the security of which is based on the existence of public-key cryptosystems capable of securely encoding multiple messages containing the same plaintext. Because the size of our construct grows linearly with the number of members in the group, we describe techniques for partitioning groups to improve performance.

Evolution of Fair Non-repudiation with TTP

Abstract: Non-repudiation turns out to be an increasingly important security service with the fast growth of electronic commerce on the Internet. Non-repudiation services protect the transacting parties against any false denial that a particular event or action has taken place, in which evidence will be generated, collected and maintained to enable dispute resolution. Meanwhile, fairness is a further desirable requirement such that neither party can gain an advantage by quitting prematurely or otherwise misbehaving during a transaction. In this paper, we survey the evolution of techniques and protocols that had been put forward to achieve fair non-repudiation with a (trusted) third party, and present a secure and efficient fair non-repudiation protocol.

Piggy-backed key exchange protocol for providing secure low-overhead browser connections from a client to a server using a trusted third party

Abstract: A method, system, and computer program product for establishing security parameters that are used to exchange data on a secure connection A piggy-backed key exchange protocol is defined, with which these security parameters are advantageously exchanged By piggy-backing the key exchange onto other already-required messages (such as a client's HTTP GET request, or the server's response thereto), the overhead associated with setting up a secure browser-to-server connection is minimized This technique is defined for a number of different scenarios, where the client and server may or may not share an encoding scheme, and is designed to maintain the integrity of application layer communication protocols In one scenario, a client and a server exchange secure messages using a trusted third party

Proving Ownership of Digital Content

Abstract: Protection of digital property has become crucial in the widespread and rapidly growing use of digital media. Making the misuse of copyrighted works detectable, and thus deterring people from misuse, is the most promising measure currently known. To achieve this, most proposals apply watermarking techniques and focus on resolving the ownership in disputes which may arise after a misuse has been detected. Here a trusted third party (judge) compares the ownership claims of disputing parties. However, this does not necessarily imply determining the rightful owner, since she might not be participating in the dispute. Moreover, in contrast to disputes, one is in practice often confronted with only a single claim of ownership, e.g., in electronic market places where buyers intend to purchase digital items from someone claiming to be the rightful copyright holder. Proof of ownership is highly desirable in such situations because on the one hand, the buyers are ensured not to buy digital items from fake copyright holders and on the other hand, the copyright holders are protected against unauthorized reselling of their digital works.

Abuse-Free Multi-party Contract Signing

Abstract: In the contract-signing problem, participants wish to sign a contract m in such a way that either all participants obtain each others' signatures, or nobody does. A contract-signing protocol is optimistic if it relies on a trusted third party, but only uses it when participants misbehave (e.g., try to cheat, or simply crash). We construct an efficient general multi-party optimistic contract-singing protocol. The protocol is also abuse-free, meaning that at no point can a participant prove to others that he is capable of choosing whether to validate or invalidate the contract. This is the first abuse-free optimistic contract-signing protocol that has been developed for n > 3 parties. We also show a linear lower bound on the number of rounds of any n-party optimistic contract-signing protocol.

Method for communicating and controlling transactions between unsecured parties

Abstract: A method for communicating transactions on a network of unsecured parties includes a first party generating a request to a second party on a network to initiate a transaction. The second party maintains a data base containing a plurality of separate transactions. The second party in response to the request, generates and communicates to the first party a unique transaction identifier. The first party tracks the processing of the transaction in the second party's data base using the transaction identifier to gain access to the second party's data base.

Nark: receiver-based multicast non-repudiation and key management

Abstract: The goal of this work is to separately control individual secure sessions between unlimited pairs of multicast receivers and senders while preserving the scalability of receiver initiated Internet multicast for the data transfer itself. Unlike other secure multicast solutions, there are absolutely no side-effects on other receivers when a single receiver joins or leaves a session. Each individual receiver can also reliably prove whether any fragment of the data hasn’t been delivered or wasn’t delivered on time (e.g. late video frames). Further, each receiver’s data can be subject to an individual, watermarked audit trail. The cost per receiver-session is typically just one set-up message exchange with a key manager. Key managers can be replicated without limit because they are only loosely coupled to the senders who can remain oblivious to members being added or removed. The solution requires a tamper-resistant processor such as a smartcard at each receiver. However, generic cards supplied by a trusted third party are used rather than cards specific to each information provider. The technique can be applied to other bulk data distribution channels instead of multicast, such as DVD.

System and method for securely storing electronic data

Abstract: A system and method for securely storing data provides for storing, managing, and updating an owner's secret data and for accessing the stored data by a trusted third party upon the occurrence of an event, such as the death of the owner. The system and method makes use of application software, such as a virtual wallet running at least in part on the server of a trusted third party and with a virtual executor function and a virtual archivist function. The virtual executor function automatically escrows a trusted third party's access aspect of the owner's secret device for accessing the stored data. Upon verification of the occurrence of the event, the virtual executor provides access to the stored data using the trusted third party's access aspect. The virtual archivist function automatically updates technologies related to the stored data.

System for secure transactions

Abstract: A multimedia network (1) with connected customer stations (2), merchant servers (3), and a payment server (5). Secure electronic transactions are performed using a secure electronic transactions protocol (SET), including exchange of digital certificates, managed by a Trusted Third Party Server (9). The customer stations comprise transactions management means (10), fit for performing said SET protocol and for managing said certificates for the customer station. A remote customer agent (13) represents the customer station in the negotiation and payment process. The customer station (2) comprises an agent interface (12), fit for transmission of codes, parameters and certificates between the customer agent (13) and the transactions management means (10). A remote merchant agent (14) represents the merchant station (3) in the negotiation and payment process with the customer agent (13) or the customer station (3), to have paid for the selected products in a secure way, under control of SET protocol.

A method for providing privacy by network address translation

Abstract: A call between a first network associated with a calling party and a second network associated with a called party is connected. The source address for packets associated with the call are translated. The packets are sent from the calling party to the called party without the called party receiving the source address that indicates at least one from the group of a logical identity of the calling party and a geographical identity of the calling party.

Multi-party fair exchange with an off-line trusted neutral party

Abstract: Recently developed cryptographic techniques make it possible to construct fair exchange protocols with an off-line trusted third party (TTP). The technique is referred to as a verifiable encryption scheme (VES) and proves that a ciphertext is the result of the encryption of a specified value without revealing this value. In this paper we apply the technique to multi-party fair exchange (MPFE) protocols which leads to the trusted neutral party (TNP, it is not the third party in multi-party protocols) involved in the protocol to be off-line. Multi-party fair exchange has been studied by Asokan et al. (1996) and Franklin and Tsudik (1998) where the TNP is on-line. For off-line TNP-based MPFE, the issues are different from that of on-line TNP MPFE. We give a definition of fairness of the MPFE with off-line TNP. We then present our MPFE protocol and prove its fairness.

Improving fairness and privacy of Zhou-Gollmann's fair non-repudiation protocol

Abstract: We deal with two claws of Zhou-Gollmann's fair non-repudiation protocol. Firstly, their protocol divides a message into 2 parts, i.e., a key K and a ciphertext C. Then, C is delivered to the recipient, while K is submitted to TTP (Trusted Third Party). If the originator doesn't submit K to TTP, then the protocol appears to have no dispute between the originator and the recipient. However the protocol depends on his action on whether the originator really submits K to TTP or not. We show that the originator can make the protocol unfair by using his advantageous position, and present how to improve the fairness of the protocol. Secondly, the protocol doesn't provide the message privacy. This means that additional protocols are required to transfer an important message in private. We propose an improved version of the protocol to guarantee the message privacy.

Electronic Funds Transfer Protocol Using Domain-Verifiable Signcryption Scheme

Abstract: In this paper, we propose Domain-verifiable signcryption scheme, which is applied to the Electronic Funds Transfer(EFT) protocol, that only predetermined n participants within the domain of protocol participants can decrypt their own part of message and verify whole transaction. The computational cost of our scheme is as low as that of Zheng’s scheme assuming that Trusted Third Party(TTP) must be used to keep partial information for participants confidential and multi-verification. Our scheme does not require the role of TTP.

Developing secure Web-based medical applications.

Abstract: The EUROMED-ETS pilot system offers a number of security functionalities using off-the-shelf available products, in order to protect Web-based medical applications. The basic concept used by the proposed security architecture is the Trusted Third Party (TTP). A TTP is used in order to generate, distribute and revoke digital certificates to medical practitioners and healthcare organizations that wish to communicate securely. Digital certificates and digital signatures are used to provide peer and data origin authentication and access control. The paper demonstrates how TTPs can be used effectively in order to develop medical applications that run securely over the World Wide Web.

Secure coprocessor integration with Kerberos V5

Abstract: The nightmare of Trusted Third Party (T3P) based protocol users is compromise of the T3P. Because the compromised T3P can read and modify any user information, the entire user group becomes vulnerable to secret revelation and user impersonation. Kerberos, one of the most widely used network authentication protocols, is no exception. When the Kerberos Key Distribution Center (KDC) is compromised, all the user keys are exposed, thus revealing all the encrypted data and allowing an adversary to impersonate any user. If an adversary has physical access to the KDC host, or can obtain administrator rights, KDC compromise is possible, and catastrophic. To solve this problem, and to demonstrate the capabilities of secure hardware, we have integrated the IBM 4758 secure coprocessor into Kerberos V5 KDC. As a result of the integration, our implemented KDC preserves security even if the KDC host has been compromised.

Method for payment via the internet

Abstract: Method for processing a transaction relating to a service or product from a supplier by a user with the intervention of a third party, wherein a person making payment is authorised to make a transaction by the third party by means of a check on a card number (2) and an associated security code (4) and wherein the third party is authorised by the user to receive the payment by means of a check on a verification code (5) associated with the card number (2). The data which are exchanged and checked are specified on a card (1) or another medium which the user can obtain from the third party.

User Requirements of Trusted Third Parties in Europe

Abstract: We review the Public Key Infrastructure in Europe as outlined in various INFOSEC and ACTS projects. The objective is to specify an abstract reference model for the PKI as a combination of the results of various European projects, which is scaleable, based on standards and flexible across different domains, geographical areas and business sectors. The user requirements in various business domains, such as health, transport and public information systems are extracted and highlighted. The user needs are then used as the reference for the development of the services that a Trusted Third Party must offer to its users and consequently they will be the base for # In Simone Fisher-Hübner, Gerald Quirchmayr, and Louise Yngström, editors, User Identification & Privacy Protection: Applications in Public Administration & Electronic Commerce, pages 229-242, Kista, Sweden, June 1999. IFIP WG 8.5 and WS 9.6. This is a machine-readable rendering of a working paper draft that led to a publication. The publication should always be cited in preference to this draft using the reference in the previous footnote. This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder. 2 Dimitrios Lekkas et al the construction of an abstract reference model. This model outlines in general terms the entities involved in the provision of TTP services and the functions supporting their interactions.

Game theoretic reasoning in multi-agent coordination by negotiation with a trusted third party

Abstract: In multi-agent coordination, one would normally like to find a satisfactory solution that is stable, fair and optimal to all agents. According to traditional game theory, Prisoner’s dilemma, no or more than one Nash equilibrium games are situations that are difficult to find such a satisfactory solution. In human society, it often involves a trusted third party in the negotiation process among agents to ensure the cooperation and commitment of agents. In this paper, we describe how the trusted third party can be involved in the negotiation of multi-agent coordination to deal with many difficult game situations. We introduce two communication actions into the traditional game-theoretical reasoning: asking guarantee and offering compensation for agents to use in negotiation. Asking guarantee from agents and depositing it at the trusted third party can ensure the agents to keep their commitments, while offering compensation can allow finding a fair and compromised solution for all agents. We show how the negotiation communication protocols can be proceeded using these two communication actions to reach a compromised and stable agreement in all different game situations.

Abuse-Free Optimistic Contract Signing

Abstract: We introduce the notion of abuse-free distributed contract signing, that is, distributed contract signing in which no party ever can prove to a third party that he is capable of choosing whether to validate or invalidate the contract. Assume Alice and Bob are signing a contract. If the contract protocol they use is not abuse-free, then it is possible for one party, say Alice, at some point to convince a third party, Val, that Bob is committed to the contract, whereas she is not yet. Contract protocols with this property are therefore not favorable to Bob, as there is a risk that Alice does not really want to sign the contract with him, but only use his willingness to sign to get leverage for another contract. Most existing optimistic contract signing schemes are not abuse-free. (The only optimistic contract signing scheme to date that does not have this property is inefficient, and is only abuse-free against an off-line attacker.) We give an efficient abuse-free optimistic contract-signing protocol based on ideas introduced for designated verifier proofs (i.e., proofs for which only a designated verifier can be convinced). Our basic solution is for two parties. We show that straightforward extensions to n > 2 party contracts do not work, and then show how to construct a three-party abuse-free optimistic contract-signing protocol. An important technique we introduce is a type of signature we call a private contract signature. Roughly, these are designated verifier signatures that can be converted into universally-verifiable signatures by either the signing party or a trusted third party appointed by the signing party, whose identity and power to convert can be verified (without interaction) by the party who is the designated verifier.

Risk Control in Multi-agent Coordination by Negotiation with a Trusted Third Party

Abstract: In multi-agent coordination, the uncertainty may come from two major sources: the moves of the nature agent and the unpredictable behavior of other autonomous agents. The uncertainty may affect the expected payoff and the risk of an agent. A rational agent would not always play the strategy that gives the highest expected payoff if the risk is too high. To tackle the uncertainty in multi-agent coordination, a risk control mechanism is necessary in multi-agent decision making. We assume agents may have different risk preferences, e.g. risk-averse, risk-neutral, and risk-seeking, and separate the risk preference from the utility function of a given strategy. Taking agent's risk preference into account extends the notions of the dominant strategy, the Nash equilibrium, and the Pareto-efficiency in traditional game theory. We show how the risk control can be carried out by a negotiation protocol using communication actions of asking guarantee and offering compensation via a trusted third party.

Trusted Third Parties in the Electronic Marketplace: An Evolutionary Game Approach

Abstract: Using an evolutionary game approach, this paper studies different equilibria in the electronic marketplace, and demonstrates that electronic transaction through a TTP is an evolutionarily stable strategy. According to the evolutionary game analysis, people will gradually adopt this strategy in the electronic marketplace.

Secure architecture for exchange executes digitally signed contracts

Abstract: A secure architecture for value exchanges among parties (58, 60, 62), such that the parties can be widely distributed geographically and can employ a wide range of Accounting Units. It comprises a formalized legal contract in a special format, a public key that identifies each party, a computer for each party (54), a software program (56) for each party that can create, validate, sign, store, encrypt, transmit, and execute contracts, a communication method between the computers, and a database (52) for each party to hold the contracts and Identity information (98) for each party.