This work is difficult to summarize because of a lack of clarity in the presentation. The irrelevant title, abstract, and first sections give no concrete hints, and then the paper leaps into the algorithms used by a prototype implementation. There is a two-phase registration procedure to create a secure identity, and then a description of a new transaction protocol, suddenly followed by a list of possible applications. The largest part is a crude mathematical estimate of the security, which very informally estimates that the authors’ system is much more secure than a simple user name and password. This “mathematical” security is natural, since the system is based on a troublesome protocol with a double handshake and a complicated infrastructure.

There was no area where the paper appeared to offer a significant or new contribution to the field, and the overall quality of the presentation is poor. Some examples that illustrate this point are: the use of too much space in a very short paper for a very superficial review of the classic literature (Diffie appears as “Dittie” at one point); the appearance of an important but unreadable figure; and some problems with the English. However, the most important problem is the complexity of the proposed transaction protocol, requiring an active Web connection, a telephone, and manual copying of a certificate. An attacker would simply go after the customer’s copious instructions and notes. The description is apparently intended to refer to a prototype commercial product, but external evidence is that the company has already abandoned the proposed service.