Abstract: A recent secure authentication service enforcing revocation in distributed systems is provided. Authenticity entities impose freshness constraints, derived from initial policy assumptions and authentic statements made by trusted intermediaries, in authenticated statements made by intermediaries. If freshness constraints are not presented, authentication is questionable. The freshness constraints can be adjusted. The delay for revocation can be arbitrarily bounded. The freshness constraints within certificates results in a secure and highly available revocation service such that less trust is required of the service.

Abstract: A name-to-target binding system generates certificates for use in authenticating a target key. In the system the certificate includes a first key. At least one attribute is assigned to the first key. A liability value is assigned to the combination of the first key and the at least one attribute. The system includes a second key used to sign a combination of the first key, the at least one attribute and the liability value wherein the second key is associated with the insurer agreeing to be liable for the liability value.

Abstract: A name-to-target binding system generates certificates for use in authenticating a target key. In the system the certificate includes a first key. At least one attribute is assigned to the first key. A liability value is assigned to the combination of the first key and the at least one attribute. The system includes a second key used to sign a combination of the first key, the at least one attribute and the liability value wherein the second key is associated with the insurer agreeing to be liable for the liability value.

Abstract: A system and method for providing assurance to a host executing a piece of software that the software possesses a particular property. A certifier determines if a piece of software possesses a particular property, and if it does, it cryptographically signs the software, producing a signature. The software and a certificate that includes the signature is then distributed to a host. The host checks the signature. If the signature is valid, then the host is provided with assurance that the software possesses the particular property. If the signature is not valid, then the host is provided with no such assurance.

Abstract: A recent secure authentication service enforcing revocation in distributed systems is provided. Authenticity entities impose freshness constraints, derived from initial policy assumptions and authentic statements made by trusted intermediaries, in authenticated statements made by intermediaries. If freshness constraints are not presented, authentication is questionable. The freshness constraints can be adjusted. The delay for revocation can be arbitrarily bounded. The freshness constraints within certificates results in a secure and highly available revocation service such that less trust is required of the service.

Abstract: A system and method are provided for using a second resource to store a data element from a first resource in a stack. A data element XN'1 and a signature S[N] are signed at a first resource to obtain a signature S[XN+1,S[N]], where N is an integer. The data element XN+1 and the signature S[N] are sent from the first resource to the second resource to be stored in a stack. The signature S[XN+1,S[N]] is stored at the first resource.

Abstract: A system and method are provided for storing a data element from a first resource in a queue at a second resource. A combination of a data element XN+1 and a signature SQ=S[N] are signed at a first resource to obtain a signature S[XN+1,S[N]], where N is an integer. The data element data element XN+1 and the signature S[XN+1,S[N]] are sent from the first resource to the second resource to be stored in the queue at the second resource. The signature S[XN+1,S[N]] is stored at the first resource as the new value for SQ.

Abstract: A recent secure authentication service enforcing revocation in distributed systems is provided. Authenticity entities impose freshness constraints, derived from initial policy assumptions and authentic statements made by trusted intermediaries, in authenticated statements made by intermediaries. If freshness constraints are not presented, authentication is questionable. The freshness constraints can be adjusted. The delay for revocation can be arbitrarily bounded. The freshness constraints within certificates results in a secure and highly available revocation service such that less trust is required of the service.

Abstract: A system and method for providing assurance to a host executing a piece of software that the software possesses a particular property. A certifier determines if a piece of software possesses a particular property, and if it does, it cryptographically signs the software, producing a signature. The software and a certificate that includes the signature is then distributed to a host. The host checks the signature. If the signature is valid, then the host is provided with assurance that the software possesses the particular property. If the signature is not valid, then the host is provided with no such assurance.

Abstract: A system and method for performing an electronic transaction, including registration, audit and trusted recovery features. A transaction request message is received from a registered user that includes an unblinded validated certificate, and a blinded unvalidated certificate. If the unblinded validated certificate is determined to be legitimate, then a transaction can be performed, and the blinded unvalidated certificate is validated to obtain a blinded, validated certificate that is sent to the user. An audit protocol can be used to further verify the legitimacy of the transaction request message, and a user can recover from a broken connection by replaying a protocol run.

Abstract: A system and method are provided for using a second resource to store a data element from a first resource in a stack. A data element X.sub.N+1 and a signature S[N] are signed at a first resource to obtain a signature S[X.sub.N+1, S [N]], where N is an integer. The data element X.sub.N+1 and the signature S[N] are sent from the first resource to the second resource to be stored in a stack. The signature S[X.sub.N+1,S[N]] is stored at the first resource.

Abstract: A system and method are provided for storing a data element from a first resource in a queue at a second resource. A combination of a data element X.sub.N+1 and a signature S.sub.Q =S[N] are signed at a first resource to obtain a signature S[X.sub.N+1,S[N]], where N is an integer. The data element data element X.sub.N+1 and the signature S[X.sub.N+1,S[N]] are sent from the first resource to the second resource to be stored in the queue at the second resource. The signature S[X.sub.N+1,S[N]] is stored at the first resource as the new value for S.sub.Q.

Abstract: Authenticating the source of a message in a large distributed system can be difficult due to the lack of a single authority that can tell for whom a channel speaks. This has led many to propose the use of a path of authorities, each able to authenticate the next, such that the first authority in the path can be authenticated by the message recipient and the last authority in the path can authenticate the message source. The present invention uses multiple ones of such paths, no two of which share a common authority, to provide independent confirmation of the message source. As the problem of finding a maximum set of such paths of bounded length in a graph-theoretic framework can be shown to be NP-hard, the present invention includes approximation algorithms for this problem. The present invention also includes a PathServer for PGP, a service for finding maximum sets of such paths to support authentication in PGP-based applications.