Financial Cryptography

This paper describes our experience with implementing an electronic payment system for the PalmPilot. Although Palm OS lacks support for many desired security features, we are able to build a system suitable for small payments. We discuss the advantages and disadvantages of using a PDA to make secure payments as opposed to using a smartcard or a desktop PC. In addition, we describe the engineering of PDA-PayWord, our implementation of a commerce protocol that takes advantage of both elliptic curve and RSA public key cryptography to support payments efficiently on PDAs with limited processing capability.

[1]  Jan Camenisch,et al.  Fair Blind Signatures , 1995, EUROCRYPT.

[2]  Paul C. Kocher On Certificate Revocation and Validation , 1998, Financial Cryptography.

[3]  Thomas Beth,et al.  Trust relationships in secure systems-a distributed authentication perspective , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[4]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[5]  Martín Abadi,et al.  On SDSI's linked local name spaces , 1997, Proceedings 10th Computer Security Foundations Workshop.

[6]  S. Micali Eecient Certiicate Revocation , 1996 .

[7]  Catherine A. Meadows,et al.  A logical language for specifying cryptographic protocol requirements , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Ronald L. Rivest,et al.  Can We Eliminate Certificate Revocations Lists? , 1998, Financial Cryptography.

[9]  Michael Myers Revocation: Options and Challenges , 1998, Financial Cryptography.

[10]  Glenn H. MacEwen,et al.  A logic for reasoning about security , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[11]  Ueli Maurer,et al.  A Calculus for Secure Channel Establishment in Open Networks , 1994, ESORICS.

[12]  Michael K. Reiter,et al.  Path independence for authentication in large-scale systems , 1997, CCS '97.

[13]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[14]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[15]  Yiannis Tsiounis,et al.  Efficient Electronic Cash: New Notions and Techniques , 1997 .

[16]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[17]  Reihaneh Safavi-Naini,et al.  Partial belief and probabilistic reasoning in the analysis of secure protocols , 1992, [1992] Proceedings The Computer Security Foundations Workshop V.

[18]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[19]  Pekka Nikander,et al.  Certifying Trust , 1998, Public Key Cryptography.

[20]  Carl M. Ellison,et al.  Establishing identity without certification authorities , 1996 .

[21]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[22]  David W. Chadwick,et al.  Merging and extending the PGP and PEM trust models-the ICE-TEL trust model , 1997 .

[23]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[24]  Moni Naor,et al.  Certificate revocation and certificate update , 1998, IEEE Journal on Selected Areas in Communications.

[25]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[26]  Rebecca N. Wright,et al.  An authentication logic supporting synchronization, revocation, and recency , 1996, CCS '96.

[27]  Colin Boyd,et al.  Security Architectures Using Formal Methods , 1993, IEEE J. Sel. Areas Commun..