Defining authorization domains using virtual devices

Abstract

An authorization domain consists of multiple physical devices. Authorizations, such as the right to make a payment or the right to access content are granted to the domain as a whole, but can be exercised from any device in the domain. A device in the domain may have either unconditional or restricted access to the authorizations. Typically, authorizations can be modeled as access to a secret key. In this paper, we discuss the rationales for such an authorization domain, and propose a specific technique to implement authorization domains by sharing the RSA function between a device in the domain and a semi-trusted network server.