Konrad Wrona

Evaluation of certificate validation mechanisms

In this article we evaluate different certificate validation mechanisms to be possibly used within the Wireless Public Key Infrastructure (W-PKI). An implementation of a standard compliant signed content application offering full PKI functionality served as means for evaluating different mechanisms. We compared short-lived certificates, Certificate Revocation Lists (CRLs), the Online Certificate Status Protocol (OCSP) and the XML Key Management Specification (XKMS) with regard to security, interoperability, complexity and performance in terms of size and scalability. The evaluation has lead to propose OCSP for delegated certificate validation. It has to be pointed out though, that OCSP should be enhanced with full delegation capabilities, such as the ones offered by XKMS.

Mobile Payments - State of the Art and Open Problems

We describe electronic payment solutions and the technical problems, which have to be solved in order to make these payments mobile. Mobile payments should be both secure and convenient for the consumer. The problems of implementing mobile payment systems are manifold. The technical capabilities of mobile devices are - at least today - too limited to allow a simple re-use of existing Internet payment protocols. Moreover, a number of different mobile application environments exist today, which differ from a technical perspective as well as from geographical spread. This makes it extremely difficult to define mobile payment protocols, which can be used on a global basis. Therefore, compromise solutions have to be found and standardized, which offer a reasonable level of security based on the existing functions offered in mobile devices and networks.

Fair electronic cash withdrawal and change return for wireless networks

We propose a practical mobile electronic cash system that combines macro and micropayment mechanisms and offers very high security and users privacy protection. Notably, we have developed an innovative fair withdrawal and change return protocols, which are efficient and preclude any fraudulent misbehaviors, while user anonymity and transaction unlinkability are preserved. Coins are withdrawn if, and only if payers account is debited. Change is returned to an anonymous payer, who gets it always but only if she is entitled to receive it. Wiretapping of even all channels does not yield a valid coin, and a payment can not be deposited at the account of another payee. Lost or stolen coins are blacklisted immediately and their value is recovered. No cooperation of dishonest participants gives any advantage. A prototype implementation proved that the system is efficient and convenient.