In this paper, we present the idea of offline count-limited certificates (or clics for short), and show how these can be implemented using minimal trusted hardware functionality already widely available today. Offline count-limited certificates are digital certificates that: (1) specify usage conditions that depend on irreversible counters, and (2) are used in a protocol that guarantees that any attempt to use them in violation of these usage conditions will be detected even if the user of the certificate and the verifying party have no contact at all with the outside world at the time of the transaction. Such certificates enable many interesting applications not possible with traditional (unlimited use) certificates, including count-limited delegation and access, offline commerce and trading using cashlike migratable certificates, and others. We show how all these applications can be made possible by using only a simple trusted timestamping device (TTD), which can in turn be implemented using existing trusted hardware devices such as smartcards, and the Trusted Platform Module (TPM) chips embedded in PCs available today. Significantly, our solutions do not require trust in any other components in the host machines aside from the TTD itself; they remain tamper-evident as long as the TTD is not compromised, even if the entire host system, including the BIOS, CPU, OS and memory, is compromised. This not only provides better security by minimizing the required trusted computing base, but also makes implementation possible on present-day machines without requiring a particular kind of OS. We demonstrate all these ideas by implementing a prototype application that runs under both Linux and Windows, and presenting experimental performance results.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	L. Bauer, K. D. Bowers, F. Pfenning, and M. K. Reiter. Consumable credentials in logic-based access control. Technical Report CMU-CYLAB-06-002, CyLab, Carnegie Mellon University, Feb. 2006.
	2	Moritz Y. Becker , Peter Sewell, Cassandra: Flexible Trust Management, Applied to Electronic Health Records, Proceedings of the 17th IEEE workshop on Computer Security Foundations, p.139, June 28-30, 2004  [doi>10.1109/CSFW.2004.7]
	3	Matt Blaze , Joan Feigenbaum , Angelos D. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper), Proceedings of the 6th International Workshop on Security Protocols, p.59-63, April 15-17, 1998
	4	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	5	Laurent Bussard , Refik Molva, One-Time Capabilities for Authorizations without Trust, Proceedings of the Second IEEE International Conference on Pervasive Computing and Communications (PerCom'04), p.351, March 14-17, 2004
	6	Jan Camenisch , Susan Hohenberger , Markulf Kohlweiss , Anna Lysyanskaya , Mira Meyerovich, How to win the clonewars: efficient periodic n-times anonymous authentication, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180405.1180431]
	7	D. Chaum. Blind Signatures for Untraceable Payments. In Advances in Cryptology - Crypto '82 Proceedings, pages 199--203. Plenum Press, 1982.
	8	Dwaine Clarke , Jean-Emile Elien , Carl Ellison , Matt Fredette , Alexander Morcos , Ronald L. Rivest, Certificate chain discovery in SPKI?SDSI, Journal of Computer Security, v.9 n.4, p.285-322, January 2001
	9	Stuart Haber , W. Scott Stornetta, How to Time-Stamp a Digital Document, Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology, p.437-455, August 11-15, 1990
	10	H. Kim, J. Baek, B. Lee, and K. Kim. Secret computation with secrets for mobile agent using one-time proxy signature. In Proceedings of the 2001 Symposium on Cryptography and Information Security, 2001.
	11	Moni Naor , Kobbi Nissim, Certificate revocation and certificate update, Proceedings of the 7th conference on USENIX Security Symposium, p.17-17, January 26-29, 1998, San Antonio, Texas
	12	L. Nguyen and R. Safavi-Naini. Dynamic k-times anonymous authentication. In Applied Cryptography and Network Security (ACNS 2005), volume 3531 of Lecture Notes in Computer Science, pages 318--333, 2005.
	13	M. Peinado, P. England, and Y. Chen. An overview of NGSCB. In C. Mitchell, editor, Trusted Computing, chapter 4. IEE, 2005.
	14	W. Rankl , W. Effing, Smart Card Handbook, John Wiley & Sons, Inc., New York, NY, 2003
	15	L. F. G. Sarmenta and contributors. TPM/J: Java-based API for the Trusted Platform Module (TPM). http://projects.csail.mit.edu/tc/tpmj/, Dec. 2006.
	16	Luis F. G. Sarmenta , Marten van Dijk , Charles W. O'Donnell , Jonathan Rhodes , Srinivas Devadas, Virtual monotonic counters and count-limited objects using a TPM without a trusted OS, Proceedings of the first ACM workshop on Scalable trusted computing, November 03-03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1179474.1179485]
	17	Bruce Schneier , John Kelsey, Secure audit logs to support computer forensics, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.159-176, May 1999  [doi>10.1145/317087.317089]
	18	I. Teranishi, J. Furukawa, and K. Sako. k-times anonymous authentication (extended abstract). In ASIACRYPT 2004, volume 3329 of Lecture Notes in Computer Science, pages 308--322, 2004.
	19	Trusted Computing Group. Mobile Phone Specifications. https://www.trustedcomputinggroup.org/specs/mobilephone/.
	20	Trusted Computing Group. TCG TPM Specification version 1.2. https://www.trustedcomputinggroup.org/specs/TPM/.