Skip to Main Content
A personal or commercial exchange's value lies in its technological trustworthiness and its ability to hold individuals legally accountable. An effective exchange system must implement four basic operations: (1) authentication (users must be able to positively identify other parties in the exchange); (2) credentialing (the right to exchange is based upon user credentials established by a recognized authority); (3) document integrity (users accept the represented exchange with given conditions); and (4) nonrepudiation (users who complete an exchange cannot subsequently deny its validity, e.g. by claiming that their credentials were stolen, forged or misused). To hold individuals accountable and to legally assign liability, the exchange system must properly implement and logically and inseparably link all of these requirements. Without this linkage, the entire system is vulnerable to attackers who can manipulate the protocols and successfully impersonate both parties in an exchange. Without user accountability and the ability to assign liability, there is no reasonable basis for high-value personal or commercial exchanges or critical authorizations in the open Internet environment.