Public Key Infrastructures (PKI) are now widely recognized as essential to provide the underlying certificate and key management basis allow encryption and digital signature services for security in electronic commerce. This reduces the security problem to that of trust of public keys and certificates. The manner in which relying applications "trust" certificates is based on the implicit or explicit trust model which governs that application. Various trust models exist, and a subset are already in wide use. In this talk we consider several of the more popular models in present use, including strictly hierarchical trust models (e.g. PEM and SET), distributed/enterprise trust models (including cross-certification), end-user trust models (e.g. PGP web of trust), and first-generation browser-oriented trust models. These and other models can generally be placed on a continuum, and each may find its place in various environments. The advantages, disadvantages, and relationships among these models will be discussed.

A Resilient Access Control Scheme for Secure Electronic Transactions
Jong-Hyeon Lee, University of Cambridge

Trusting Trusted Hardware: Towards a Formal Model for Programmable Secure Coprocessors
Sean W. Smith, Vernon Austel, IBM T.J. Watson Research Center

On Secure and Pseudonymous Client-Relationships with Multiple Servers
Daniel Bleichenbacher, Eran Gabber, Phil Gibbons, Yossi Matias, Alain Mayer, Lucent Technologies, Bell Laboratories

Financial trade was originally executed by exchanging bearer certificates. A bearer bond for cash in front of a buttonwood tree on Wall Street, for instance.
With telegraphy, book entry transactions were invented. Offsetting debits and credits are now exchanged between buyer, seller, and clearinghouse. Batch computing made this very cheap. Paper certificates became obsolete.
Financial Cryptography now gives us digital bearer certificates. Ubiquitous networks make these very cheap. Book-entry transactions will become obsolete.

Secure WWW Transactions Using Standard HTTP and Java Applets
F. Bergadano, B. Crispo, M. Eccettuato, Universita di Torino

SWAPEROO: A Simple Wallet Architecture for Payments, Exchanges, Refunds, and Other Operations
Neil Daswani, Dan Boneh, Hector Garcia-Molina, Steven Ketchpel, Andreas Paepcke, Stanford University

The Eternal Resource Locator: An Alternative Means of Establishing Trust on the World Wide Web
Ross J. Anderson, Václav Matyás Jr., Fabien A. Petitcolas, University of Cambridge

Detecting Hit Shaving in Click-Through Payment Schemes
Michael Reiter, AT&T Labs - Research; Vidod Anupam, Alain Mayer, Bell Labs, Lucent Technologies