Showing papers on "Trusted third party published in 2001"

Self-Blindable Credential Certificates from the Weil Pairing

Abstract: We describe two simple, efficient and effective credential pseudonymous certificate systems, which also support anonymity without the need for a trusted third party. The second system provides cryptographic protection against the forgery and transfer of credentials. Both systems are based on a new paradigm, called self-blindable certificates. Such certificates can be constructed using the Weil pairing in supersingular elliptic curves.

Trusted third party services system and method

Abstract: A method for providing transactional billing for trusted third party services offered to a plurality of users via a computer network, the method including: generating at least one log record indicative of at least one of the users submitting at least one electronic document for trusted third party services; generating at least one log record indicative of forwarding the at least one electronic document to at least a second of the plurality of users; parsing the log records to generate billing information associated; and, providing the billing information to at least one processing application. The processing application processes the billing information and generates a plurality of bills dependently thereupon.

Cryptographic security for mobile code

Abstract: We address the protection of mobile code against cheating and potentially malicious hosts. We point out that the recent approach based on computing with "encrypted functions" is limited to the case where only the code originator learns the result of the completion and the host running the code must not notice anything at all. We argue that if the host is to receive some output of the computation, then securing mobile code requires minimal trust in a third party. Tamper-proof hardware installed on each host has been proposed for this purpose. We introduce a new approach for securely executing (fragments of) mobile code that relies on a minimally trusted third party. This party is a generic independent entity, called the secure computation service, which performs some operations on behalf of the mobile application, but does not learn anything about the encrypted computation. Because it is universal, the secure computation service needs to be only minimally trusted and can serve many different applications. We present a protocol based on tools from theoretical cryptography that is quite practical for computing small functions.

System and methods for generating trusted and authenticatable time stamps for electronic documents

Abstract: A trusted time infrastructure system provides time stamps for electronic documents from a local source. The system comprises a trusted master clock (204), a trusted local clock (206), and a network operations center (210). The trusted master clock and network operations center are located within secure environments controlled by a trusted third party. The trusted local clock may be located in an insecure environment. The trusted master clock is certified to be synchronized with an accepted time standard, such as a national time server (202). The trusted local clock, which issues time stamps, is certified to be synchronized with the trusted master clock. Time stamps and certifications are signed by the issuing device using public key cryptography to enable subsequent authentication. The network operations center logs clock certifications and responds to requests for authentication of time stamps.

Fair Use Infrastructure for Copyright Management Systems

Abstract: Author(s): Burk, Dan L; Cohen, Julie E | Abstract: Japanese translation of article published in the Harvard Journal of Law and Technology

System for conducting business over the internet

Abstract: An internet-based system that allows a buyer and a seller (22) to obtain information about each other while remaining somewhat anonymous. The system provides historic information to buyer (23) and seller (22) by having a trusted third party give the buyer (23) and seller (22) the other party's trading history information without revealing the actual identity of the parties. A buyer registers with the trusted third party by submitting an online application. The trusted third party establishes a credit score for the buyer (23). A seller registers with the trusted third party by submitting an online application. The trusted third party establishes a score for the seller based upon the seller's trading history, reputation and financial standing. When the buyer chooses to purchase a product from a seller over the Internet, certain parameters i.e., dollar value of transaction, type of purchase, level of current outstanding credit available, credit score, etc. are substituted into an algorithm to determine the maximum purchase amount that may be financed at what terms and how much money the buyer (23) will have to place in escrow (14). The buyers escrow (14) may be furnished to the trusted third party by credit cards, ACH, wire transfer, etc. If the trusted third party is not satisfied with the seller's score, the trusted third party may require the seller to post a bond for some or all of the seller's transactions.

Zero-Knowledge Watermark Detection and Proof of Ownership

Abstract: The goal of zero-knowledge watermark detection is to allow a prover to soundly convince a verifier of the presence of a watermark in certain stego-data without revealing any information which the verifier can use to remove the watermark. Existing proposals do not achieve this goal in terms of definition (not formally zero-knowledge), security (unproven) and coverage (handle only blind watermark detection).In this paper we define zero-knowledge watermark detection precisely. We then propose efficient and provably secure zero-knowledge protocols for blind and non-blind versions of a well-known class of watermarking schemes. Using these protocols the security and efficiency of many watermark based applications can be significantly improved.As an example of use we propose concrete protocols for direct proof of ownership which enable offline ownership proofs, i.e., copyright holders can prove their rightful ownership to anyone without involving a trusted third party in the actual proof protocol.

Method and apparatus for enabling a fee to be charged to a party initiating an electronic mail communication when the party is not on an authorization list associated with the party to whom the communication is directed

Abstract: A method and apparatus for determining whether a party sending an email communication is on a list of parties authorized by the intended receiving party. If the sending party is not on the list of authorized parties, an electronic billing agreement is emailed to the sending party indicating a fee that will be charged to the sending party in return for the message being provided to the intended receiving party. Preferably, the present invention is implemented with Internet communications and utilizes a security protocol to enable the electronic transaction to be transacted in a secure manner.

Internet third-party authentication using electronic tickets

Abstract: A method, software and apparatus facilitates one or more third-party agents to securely access a customer's or other first party's private personal and financial data or other such confidential information from a second party, preferably on the Internet. A security document or ticket is presented to the second party for verifying the customer's consent to grant such access to the third party. The second party only communicates such confidential information to the third party if the security document is found to be valid. The security document, which can be at least partially encrypted, can also include a preselected expiration time, beyond which it is not valid.

System and method for widely witnessed proof of time

Abstract: A system for authenticating records without reliance upon a trusted third party. A first server provides a sequential series of certifications associated with discreet, non-overlapping time Intervals. The server can provide selected information to a second server which, in turn, incorporates the request and associated information in a cross-certification. The cross-certification is then provided to more other servers. Accordingly, a “chain-mail” of certifications among a variety of servers is provided. The system thus provides effective protection against a breach of security in any one server, resulting in increased reliability in the authentication of records.

System and method of secure payment and delivery of goods and services

Abstract: A system, method and computer program for ordering, paying for and delivering goods and services from a content provider to a user which assures the content provider that he will be paid and that assures the user that he will receive the content at an agreed upon price. Thus, this system, method and computer program facilitates business transactions occurring between parties who do not know each other by using a trusted third party to either take the user's order, deliver to the user's order, and/or bill the user the correct amount for the goods and services contracted for. This system, method and computer program relies on the Global System for Mobile (GSM) communications system to authenticate the user and provide algorithms and modules that are used to generate cipher keys and service responses so as to insure the content provider will be paid and that the user will not be overcharged. Further, these algorithms and modules are used to encrypt important information so as to prevent third parties from intercepting this important information. Five business model modules are detailed with numerous variations possible to accomplish the task of facilitating business transactions between parties that do not necessarily know or trust each other.

Escrow services and incentives in peer-to-peer networks

Abstract: Distribution of content, such as music, remains one of the main drivers of P2P development. Subscription-based services are currently receiving a lot of attention from the content industry as a viable business model for P2P content distribution. One of the main problems that such services face is that users may choose to redistribute content outside the community of subscribers, thereby facilitating large-scale piracy. Digital Rights Management (DRM) systems typically employ tamper resistance techniques to control this risk. We propose a system architecture that uses economic incentives instead of tamper resistance to motivate users to keep the content within the subscription community. The key technical contribution we make is to integrate a P2P file sharing service with an escrow service that reliably "pays" the party that is serving up the content. The payment itself can be realized in a number of ways, using "actual" money or bonus points such as frequent flyer miles.Moreover, our architecture facilitates trust between two unacquainted parties by offloading risk to a trusted third party, which can acquire a revenue stream by assuming this risk. To implement the escrow service securely we use cryptographic techniques, such as encryption, hashing, and error correcting codes. Our system motivates users to serve up content of high quality and verifies that users only share legitimate content and not spam, viruses or content that is not part of the subscription. We thereby address other important security concerns in P2P systems and problems like the free-rider phenomenon.

Method and apparatus for authorizing the transfer of information

Abstract: The present invention overcomes deficiencies in the prior art by providing a PIN--based system for managing delivery of privileged information, which utilizes "third- party" authorization. In one embodiment this system includes the use of three separate parties, a First Party, a Second Party, and a Third Party. The First Party initially "registers" with the Second Party by providing self-authenticating core registration information. This registration provides the First Party with a first set of privileges. The First Party may then ask for a PIN number in order to obtain a second set of privileges to observe information provided by the Second Party which is related to a Third Party. In requesting the PIN, the First Party must provide additional registration information (beyond the core information) to the Second Party relating to the Third Party, which the Second Party can authenticate due to an existing relationship which can be checked. The Second Party then forwards the PIN request to the Third Party along with the First Party's basic registration information. A PIN administrator at the Third Party's location can be designated by the First or the Third party. The Third Party then can decide whether to forward the PIN to the First Party. If the PIN is so forwarded, the First Party then may use the PIN to gain the requested additional access privileges. The second set of privileges can be dynamically modified by the Third Party. Although at least three parties can be involved, two of these parties could be the same.

Introducing trusted third parties to the mobile agent paradigm

Abstract: The mobile agent paradigm gains ever more acceptance for the creation of distributed applications, particularly in the domain of electronic commerce. In such applications, a mobile agent roams the global Internet in search of services for its owner. One of the problems with this approach is that malicious service providers on the agent's itinerary can access confidential information contained in the agent or tamper with the agent. In this article we identify trust as a major issue in this context and propose a pessimistic approach to trust that tries to prevent malicious behaviour rather than correcting it. The approach relies on a trusted and tamper-resistant hardware device that provides the mobile agent with the means to protect itself. Finally, we show that the approach is not limited to protecting the mobile agents of a user but can also be extended to protect the mobile agents of a trusted third party in order to take full advantage of the mobile agent paradigm.

An Optimistic Non-repudiation Protocol with Transparent Trusted Third Party

Abstract: In this paper we consider a new and efficient optimistic nonrepudiation protocol. In a non-repudiation protocol, during which Alice wants to transmit a message to Bob, Alice has to send a nonrepudiation of origin evidence to Bob (attesting that Alice is at the origin of the transmitted message), and Bob has to send a non-repudiation of receipt evidence to Alice (attesting Bob's receipt of the message). Classical solutions propose to use a trusted third party to help realizing the exchange without giving any significant advantage to one of the two parties. In an optimistic protocol, the trusted third party intervenes only in case of problems during the communication between Alice and Bob. Classically, in a situation where an error occurs, evidences that have been digitally signed by the TTP are issued. Although these evidences are distinct from those produced by Alice and Bob in a faultless case, they have the same value in case of a dispute. In this paper we propose a protocol where the TTP produces the same evidences that Alice and Bob should have produced in a faultless protocol execution (this prevents, after a succesful protocol execution, to determine whether the TTP was involved or not).

TRICERT: A Distributed Certified E-Mail Scheme.

Abstract: In this paper we present protocols for distributed certified e-mail, which use encryption to ensure both confidentiality and fairness. As with other protocols for certified e-mail, ours achieve fairness by placing trust on an external entity, referred to as the Trusted Third Party (TTP). The TTP can become a bottleneck, however, and we explore scenarios that support a distributed TTP, in the context of both off-line and online protocols. With several servers dividing the TTP responsibilities, the level of confidence placed in individual servers can be reduced without compromising the TTP’s overall trust.

Single universal authentication system for internet services

Abstract: A single universal authentication system for Internet services provides a trusted server that is activated when a user clicks on the login or helper button on a third party's site, which submits a request to the trusted server. The client properly identifies itself to the trusted server through pre-authorization techniques such as cookies, logging on, or going through the AOL service wherein the service knows the user's identity. The trusted server sends a user/site specific authentication token to the third party, initiating the authentication process with the third party which checks to see that the authentication token is valid and sends its own authentication token back to the trusted server. The trusted server verifies from its partner database that the third party's authentication token is valid. If it is valid, then the trusted server fills in the third party's form using the information from the user database and filtering the information through a filter that contains the user preferences concerning his personal information and then returns the form to the third party. The trusted server can fill in fields of a form from an unknown third party that the user feels are not threats to his security. The user is then queried as to whether the information can be released. The filter tells the system which information that the user feels is a low security threat.

Method and devices for inter-terminal payments

Abstract: A method for inter-terminal payment and corresponding devices and computer programs loadable into said devices is disclosed The method comprises a transfer of financial value from a payment device of a payer (PDPr) to a payment device of a payee (PDPe) with the assistance and the supervision of a trusted third party (TTP) Payment relevant data of the payee is transmitted to the payment device of the payer (PDPr) which triggers the transaction of financial value at the trusted third party (TTP) by a message The trusted third party (TTP) releases a payment confirmation for the payer and the payee providing a status information on the financial transaction for the payer and the payee, respectively, and sends this information in a confirmation transmission procedure to the payment device of the payer (PDPr) and the payment device of the payee (PDPe), respectively

Enhanced document escrow service

Abstract: A method and system where a trusted third party handles an escrow transaction between two or more parties according to specific instructions. The method involves one person (an initiator) transmitting a document set to a trusted third party, along with a list of designated recipients and detailed document-processing instructions. Termination of the instructions occur when conditions set by the initiator have been met or a specified end date has been met. Compliance with these instructions defines the end of the transaction. Optionally, the initiator may specify a protocol for notifying all parties of the outcome of the transaction. Optionally, process start dates and decision dates may be set. The system used may include basic input and output peripherals, the Internet or other public communication system and a trusted third party web site.

System and method for on-line copyright management

Abstract: A system for automated registration of digital content, i.e. a work in electronic form is described, requiring no special human interaction from the content publisher. Before publication, the digital content is electronically and automatically sent to a trusted third party, which generates a time stamped and digitally signed certificate which can be used as proof of publication date. A method is described to 'tag' digital content with an icon and hyperlink that can be clicked in order to properly obtain reproduction rights to digital content, according to pricing and rules (e.g. geographical restrictions, different license rules for different time frames, purchase quantity dependent pricing schedules) set by the publisher. The third party copyright buyer then receives a digitally signed copyright certificate, granting the use of the work according to certain rules and restrictions to the copyrighted material. This certificate constitutes the written permission from the publisher, necessary to reproduce the material and to prove the presence of a license. The system is preferably operated by a trusted third party. A method is also described for on-line and real-time registration of works in electronic format having digital content in which intellectual property rights such as copyright can subside, resulting in a digitally signed, time stamped certificate, the validity of which can be verified on-line. The method may provide the possibility for a content owner to specify the rules, pricing details and behavior for on-line sales of limited reproduction rights.

Authentication technique for electronic transactions

Abstract: A technique for authenticating a first party (10) to a second party (18) is applicable to electronic transactions. In addition to employing personal passwords, and a device opera-tional parameter fingerprint, two signatures are employed, one being characteristic of the first party, and the other being associated with the computer (12) or communications device (14) of the first party. The signatures mutate at random intervals, responsive to mutation requests made by the device of first party to a device employed by the second party. The mutated signatures invalidate previous signatures, and are stored in the computing or communications devices of both parties. The mutation process authenticates the computer or communication device, and may also authenticate the password holder.

A digital seal solution for deploying trust on commercial transactions

Abstract: Traditional business practice depends on trust relations between the transacting parties. One of the most important aspects of this trust is the quality of the offered services or products. The Web currently constitutes an enabler for electronic commerce, providing a global transaction platform that does not require physical presence. However, transferring trust from the physical world to the electronic one is a process that requires a trust infrastructure. The current infrastructure, based on trusted third parties can be enhanced. We introduce the notion of digital seals and provide a mechanism for transferring the trust placed by users in companies in the physical world, to the electronic one.

Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols

Abstract: This document describes a general Data Validation and Certification Server (DVCS) and the protocols to be used when communicating with it. The Data Validation and Certification Server is a Trusted Third Party (TTP) that can be used as one component in building reliable non-repudiation services.

Using Smart Cards for Fair Exchange

Abstract: Fair exchange protocols ensure that the participating parties, customer and vendor, can engage in electronic commerce transactions without the risk of suffering a disadvantage. This means that neither of them delivers his digital item without receiving the other party's item. In general, fair exchange cannot be solved without the help of a trusted third party (TTP), a dedicated computer which is trusted by both participants. Trust can be established by carefully securing the TTP or even better by introducing tamper-proof hardware. However, if the communication to the TTP is unreliable or disrupted, then the exchange cannot be performed in a timely fashion or not at all. Up to now, this has been a problem especially for the exchange of time-sensitive items, i.e., items which lose value over time. We present a novel approach to perform fair exchange using tamper-poof hardware on the customer's side. More specifically, co-located to the customer's machine we use a smart card which partially takes over the role of the TTP. The challenge of designing protocols in this environment lies in the fact that the communication between the smart card and the vendor is under control of the customer. Our approach has the following benefits: It supports the exchange in mobile environments where customers frequently experience a disconnection from the network. Furthermore, our approach is the first to handle time-sensitive items properly.

Method and apparatus for establishing global trust bridge for multiple trust authorities

Abstract: A system is provided for authenticating messages between at least two parties that do not share a common trust provider, such as a certificate authority Thus, a third party can be used to span trust between the parties by providing a common shared trust

An Optimistic Multi-party Fair Exchange Protocol with Reduced Trust Requirements

Abstract: In 1999, Bao et al. proposed [6] a multi-party fair exchange protocol of electronic items with an offline trusted third party. In this protocol, a coalition including the initiator of the exchange can succeed in excluding a group of parties without the consent of the remaining entities. We show that every participant must trust the initiator of the protocol for not becoming a passive conspirator. We propose a new protocol in which the participants only need to trust the trusted third party. Moreover, under certain circumstances, if there are participants excluded from the exchange, they can prove that a problem occurred to an external adjudicator.

An anonymous fair exchange e-commerce protocol

Abstract: In this paper we propose an e-commerce protocol for trading digital products over the Internet. The novel features of our protocol include: (1) ensuring fair exchange, (2) not requiring manual dispute resolution in case of unfair behavior by any party, (3) assuring each party that the item he is about to receive is indeed the correct one, (4) not requiring the active involvement of a trusted third party unless a problem occurs, and (5) ensuring anonymity for both the customer and the merchant. No existing e-commerce protocol that we know of has all these features.

A system and method for generating symmetric keys within a personal security device having minimal trust relationships

Abstract: A data processing method and system for generating a unique symmetric key inside a PSD having limited trust relationships between PSD manufacturer (605), PSD issuer (610), subsequent service providers (615) and a trusted third party (625) where a new composite key is generated (606) using a current composite key and a new symmetric key as input into a composite key generating algorithm.

Fair e-Lotteries and e-Casinos

Abstract: In this paper we provide protocols for fair lottery and casino games. These fair protocols enable to remove the trust from the casino/lottery without resorting to another trusted third party, by allowing the user playing the game to participate in the generation of the specific run of the game. Furthermore, the user is able to verify the correctness of the execution of the game at the end of the run. On-line lotteries and on-line casinos have different properties and we address the needs of the two different types of games.