Trusted third party

About: Trusted third party is a research topic. Over the lifetime, 2919 publications have been published within this topic receiving 60935 citations.

Systems and methods for conducting transactions and communications using a trusted third party

Abstract: Systems and methods are provided for performing transactions and managing communications using a trusted third party. In one embodiment, a sender transfers an encrypted version of a file (such as a digitally encoded audio track, movie, document, or the like) to someone who wishes to receive it. The receiver computes a first hash of at least a portion of the encrypted data content, and sends the first hash to a third party configured to compare at least a portion of the first hash to at least a portion of a second hash. The receiver receives a file decryption key from the third party, and decrypts at least the portion of the received encrypted data content with the decryption key. In some cases, multiple hashes of the encrypted data content may be computed, each using a different portion of the encrypted data content.

Support for portable trusted software

Abstract: A form of authentication is provided wherein a trusted third party signs a certificate to identify the author of a program and to secure its integrity. The program code is encapsulated or otherwise associated with the certificate and an access control list (ACL). The access control list describes the permissions and resources required by the code. An enforcement mechanism which allocates system permissions and resources in accordance with the ACL. In a preferred embodiment, a code production system communicates with a certification agency, which is a trusted third party. The certification agency issues a certificate for the code and a certificate for the access list of that code. Once the certificate is issued it is not possible for any party to modify the code or access list without invalidating the certificate. The code and its ACL, along with their certificates are stored on a server. A client downloading the code or access list can verify the integrity of the code/access list and the system can enforce the access list such that the permissions and resources are not exceeded.

Certified email with a light on-line trusted third party: design and implementation

Abstract: This paper presents a new protocol for certified email. The protocol aims to combine security, scalability, easy implementation, and viable deployment. The protocol relies on a light on-line trusted third party; it can be implemented without any special software for the receiver beyond a standard email reader and web browser, and does not require any public-key infrastructure.

Trust and Risk in Internet Commerce

Abstract: From the Publisher: As Internet-based commerce becomes commonplace, it is important that we examine the systems used for these financial transactions. Underlying each system is a set of assumptions, particularly about trust and risk. To evaluate systems, and thus to determine one's own risks, requires an understanding of the dimensions of trust: security, privacy, and reliability. In this book Jean Camp focuses on two major yet frequently overlooked issues in the design of Internet commerce systems -- trust and risk. Trust and risk are closely linked. The level of risk can be determined by looking at who trusts whom in Internet commerce transactions. Who will pay, in terms of money and data, if trust is misplaced? When the inevitable early failures occur, who will be at risk? Who is "liable" when there is a trusted third party? Why is it necessary to trust this party? What exactly is this party trusted to do? To answer such questions requires an understanding of security, record-keeping, privacy, and reliability. The author's goal is twofold: first, to provide information on trust and risk to businesses that are developing electronic commerce systems; and second, to help consumers understand the risks in using the Internet for purchases and show them how to protect themselves.

FINE: A fine-grained privacy-preserving location-based service framework for mobile devices

Abstract: In this paper, we propose a fine-grained privacy- preserving location-based service (LBS) framework, called FINE, for mobile devices. It adopts the data-as-a-service (DaaS) model, where the LBS provider publishes its data to a third party (e.g., cloud server) who executes users' LBS queries. The pro- posed FINE framework employs a ciphertext-policy anonymous attribute-based encryption technique to achieve fine-grained access control, location privacy, confidentiality of the LBS data and its access policy, and accurate LBS query result while without involving any trusted third party. Moreover, the proposed FINE framework also integrates the transformation key and proxy re- encryption to migrate most of computation-intensive tasks from the LBS provider and users to the cloud server. This property keeps mobile devices away from massive resource-consuming operations. Extensive analysis shows that our proposed FINE framework is secure and highly efficient for mobile devices in terms of computation and communication cost.