Secure Open Systems for Protecting Privacy and Digital Services

  • David Kravitz
  • Kim-Ee Yeoh
  • Nicol So
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2320)


This paper describes and analyzes a system architecture that enables consumers to access services and content from multiple providers without jeopardizing the privacy interests of consumers or the intellectual property rights of providers. In order to satisfy these highly desirable objectives, we argue for the necessity of a Trust Server that mediates the conferral and revocation of trust relationships between consumers and providers. The system also calls for the deployment of programmable security coprocessors at vulnerable sites requiring protection, namely at the Trust Server and at each consumer. We define the specific requirements of consumer-side Coprocessors, and their server-side counterparts denoted as Hardware Security Modules (HSMs). A single Coprocessor serves multiple providers by allocating to each of them a virtualized trusted computing environment for software execution and data manipulation. Bearing in mind that the tamper-resistance offered by Coprocessors is subject to more stringent economic pressures than that offered by HSMs, we include in our architecture containment capabilities that prevent compromised Coprocessors from causing damage disproportionate to their numbers. We explain the specific challenges faced with providing containment capabilities while protecting consumer privacy, given that a single Coprocessor must serve the needs of multiple providers. The simultaneous attainment of these goals is one of the highlights of our architecture.


Application Server Protecting Privacy Digital Right Management Multiple Provider Digital Service 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    B. Askwith, M. Merabti, Q. Shi, and K. Whiteley. Achieving user privacy in mobile networks. In Proceedings of the 13th Annual Computer Security Applications Conference, 1997.Google Scholar
  2. 2.
    M. Blum, W. Evans, P. Gemmell, S. Kannan, and M. Naor. Checking the correctness of memories. Algorithmica, 12(2/3), pp. 225–244, 1994.CrossRefMathSciNetGoogle Scholar
  3. 3.
    L. Buttyán and J.-P. Hubaux. Accountable Anonymous Access to Services in Mobile Communication Systems. In Proceedings of SRDS’ 99, 1999.Google Scholar
  4. 4.
    D. Chaum and T. P. Pedersen. Wallet databases with observers. In Advances in Cryptology: Crypto’ 92, E. F. Brickell, Ed., Lecture Notes in Computer Science 740, pp. 89–105, Springer-Verlag, 1992.Google Scholar
  5. 5.
    Committee on Intellectual Property Rights in the Emerging Information Infrastructure. The Digital Dilemma: Intellectual Property in the Information Age. Washington, D. C., National Academy Press, 2000.Google Scholar
  6. 6.
    G. Horn and B. Preneel. Authentication and payment in future mobile systems. In Proceedings of ESORICS’ 98, 1998.Google Scholar
  7. 7.
    B. Kaliski. New Challenges in Embedded Security. Consortium for Efficient Embedded Security, Symposium on Embedded Security, Security Ownership and Trust Models, July 10, 2001 (
  8. 8.
    C. H. Lim and P. J. Lee. A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroup. In Advances in Cryptology: Crypto’ 97, B. S. Kaliski, Jr., Ed., Lecture Notes in Computer Science 1294, pp. 249–263, Springer-Verlag, 1997.CrossRefGoogle Scholar
  9. 9.
    J. Manferdelli. Digital Rights Management (“DRM”). Consortium for Efficient Embedded Security, Symposium on Embedded Security, Security Ownership and Trust Models, July 10, 2001 (
  10. 10.
    K. Martin, B. Preneel, C. Mitchell, H. Hitz, A. Poliakova, and P. Howard. Secure billing for mobile information services in UMTS. In Proceedings of IS&N’98, 1998.Google Scholar
  11. 11.
    R. Mori and M. Kawahara. Superdistribution: the concept and the architecture. Technical Report 7, Inst. of Inf. Sci. & Electron (Japan), Tsukuba Univ., Japan, July 1990.Google Scholar
  12. 12.
    B. Patel and J. Crowcroft. Ticket based service access for the mobile user. In Proceedings of Mobicom’ 97, 1997.Google Scholar
  13. 13.
    S. Pugh, The Need for Embedded Security. Consortium for Efficient Embedded Security, Symposium on Embedded Security, Security Ownership and Trust Models, July 10, 2001 (
  14. 14.
    M. O. Rabin. Digitalized Signatures and Public-key Functions as Intractable as Factorization. MIT Laboratory for Computer Science Technical Report 212 (MIT/LCS/TR-212), 1979.Google Scholar
  15. 15.
    M. Rotenberg. Consumer Implications of Security Applications. Consortium for Efficient Embedded Security, Symposium on Embedded Security, Security Ownership and Trust Models, July 10, 2001 (
  16. 16.
    S. Smith. Secure coprocessing applications and research issues. Los Alamos Unclassified Release LA-UR-96-2805, August 1996.Google Scholar
  17. 17.
    S. W. Smith, E. R. Palmer, S. H. Weingart. Using a High-Performance, Programmable Secure Coprocessor. In Proceedings, Second International Conference on Financial Cryptography. Springer-Verlag LNCS, 1998.Google Scholar
  18. 18.
    M. Stefik. Trusted Systems, Scientific American 276(3), March 1997, pp. 78–81.Google Scholar
  19. 19.
    U. Wilhelm, S. Staamann, and L. Buttyán. On the problem of trust in mobile agent systems. In Proceedings of NDSS’ 98, 1998.Google Scholar
  20. 20.

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • David Kravitz
    • 1
  • Kim-Ee Yeoh
    • 1
  • Nicol So
    • 1
  1. 1.Wave Systems Corp.USA

Personalised recommendations