David W. Kravitz

Highly Scalable On-line Payments Via Task Decoupling

Several digital payment systems have been described which attempt to simulate or extend already existing payment mechanisms so as to make them suitable for electronic commerce. Such mechanisms or instruments include cash or coins (e.g., DigiCash, NetCash), checks (e.g., NetCheque), and credit cards (e.g., CyberCash). The anonymity, off-line, and peer-to-peer aspects of some of these systems can introduce security weaknesses and major scalability problems. One approach to security, as taken by the Millicent architecture, is to only allow very low cost transactions. True security, unlike the approach taken by First Virtual, requires clear delineation of the customer and merchant roles. The goal of this paper is to outline an approach which is inexpensive enough to allow for very low value transactions but secure enough to allow for intermediate value transactions, while providing true customer anonymity with respect to merchants and electronic handling of refund requests. Unlike NetBill and the GC Tech GlobelD system, under the default operation of the system the customer in no way authenticates or identifies itself to the merchant, pseudonymously or otherwise. This is an example of the decoupling of tasks used as a basic design principle: Each system component deals directly with only those aspects in its narrowly defined scope of responsibilities, and within this asynchronous system time-consuming or time-varying issues not directly related to the payment flow, such as actual delivery of digital goods, are handled outside of the basic payment flow. After presenting a high-level comparison of our approach to those of two other instant debit systems, GlobelD and NetBill, we give a more detailed explanation of the design criteria and characteristics exhibited by this new approach to on-line payments.

Conditional Access Concepts and Principles

This paper describes concepts and principles for infrastructures that manage chargeable content, more commonly known as conditional access (CA) systems. We present a functional overview of CA systems and the security components and design principles that enable the solutions. We then present concepts that may be used to quantify the risk associated with the delivery of particular valued content in a particular way. Finally, we describe how the threat model changes as the networking bandwidth available to pirates and their customers increases, and propose a possible long-term solution.

Beyond Identity: Warranty-Based Digital Signature Transactions

We distinguish between two types of digital-signature based transactions: identity-based and warranty-granting. In the relatively static (and traditional) offline “identity-based” transaction, a Certification Authority (CA) vouches for validity and veracity of data in a users certificate. Whereas, in the more dynamic “warranty-granting” case, which we identify in this paper, a third-party entity vouches for a user on a pertransaction basis while considering the users history and characteristics. Here, we provide a modeling for a warranty-granting transactions system and demonstrate its importance in the banking/financial/commercial setting. Warranty-granting systems can be implemented in one of several configurations based on the type of transaction and which party pays for the service (of acquiring the warranty). We discuss the primary configurations and then give a detailed specification for one of the discussed configurations.

Aspects of Digital Rights Management and the Use of Hardware Security Devices

Consider a conditional access module, or CAM, which decrypts (or descrambles) content usingits knowledge of conditional access (CA) keys [6]. The CA-descrambled content is communicated to a set-top box (STB) to enable display. The alternative model in which the CAM or smart card acts as a permissioning device only, which transfers content-descrambling keys to the STB, may have lesser processing and data-rate requirements. However, successful attack under this latter model may not necessitate compromise of the CAM itself. The definition of successful attack varies depending on several factors. Localized forms of piracy may be harder to monitor, and thus control, but also should be of less concern to the providers of the legitimate infrastructure. In particular, unauthorized replay of rented content which does not result in additional revenue to the legitimate provider is qualitatively different than, say, taking delivery on two washing machines when only one was paid for. There is a fundamental distinction, however, between a consumer who pays the legitimate rental price once and reaps further play without further payment, and a large-scale pirate who compromises content and provides the ability for consumers to play content which does not result in payment to the legitimate provider proportional to the number of effective consumers of that content. In the case that there is a considerable difference between the rental price and outright purchase price of content, that is not to say that every consumer who is willing to pay the initial rental price and cheat the provider out of further revenue for any additional play would be willing to pay the full purchase price if cheating were not a reasonable alternative.

Open mobile alliance secure content exchange: introducing key management constructs and protocols for compromise-resilient easing of DRM restrictions

This paper presents an insiders view of the rationale and the cryptographic mechanics of some principal elements of the Open Mobile Alliance (OMA) Secure Content Exchange (SCE) Technical Specifications. A primary goal is to enable implementation of a configurable methodology that quarantines the effects that unknown-compromised entities have on still-compliant entities in the system, while allowing import from upstream protection systems and multi-client reuse of Rights Objects that grant access to plaintext content. This has to be done without breaking compatibility with the underlying legacy OMA DRM v2.0/v2.1 Technical Specifications. It is also required that legacy devices can take at least partial advantage of the new import functionality, and can request the creation of SCE-compatible Rights Objects and utilize Rights Objects created upon request of SCE-conformant devices. This must be done in a way that the roles played by newly defined entities unrecognizable by legacy devices remain hidden.