Risk Management -- Developing Electronic Trust Policies Using a Risk Management Model -- Security Design -- SECURE: A Simulation Tool for PKI Design -- Lazy Infinite-State Analysis of Security Protocols -- Electronic Payment -- Electronic Payments: Where Do We Go from Here? -- SmartCard Issues -- PCA: Jini-based Personal Card Assistant -- An X.509-Compatible Syntax for Compact Certificates -- Applications -- Secure and Cost Efficient Electronic Stamps -- Implementation of a Digital Lottery Server on WWW -- PKI-experiences (Workshop Notes) -- Cert’eM: Certification System Based on Electronic Mail Service Structure -- A Method for Developing Public Key Infrastructure Models -- The Realities of PKI Inter-operability -- Mobile Security -- Mobile Security – An Overview of GSM, SAT and WAP -- Secure Transport of Authentication Data in Third Generation Mobile Phone Networks -- Cryptography -- Extending Wiener’s Attack in the Presence of Many Decrypting Exponents -- Improving the Exact Security of Fiat-Shamir Signature Schemes -- Network Security (Workshop Notes) -- On Privacy Issues of Internet Access Services via Proxy Servers -- Cryptanalysis of Microsoft’s PPTP Authentication Extensions (MS-CHAPv2) -- Key Recovery -- Auto-recoverable Auto-certifiable Cryptosystems -- Intrusion Detection -- A Distributed Intrusion Detection System Based on Bayesian Alarm Networks -- Interoperability -- Interoperability Characteristics of S/MIME Products -- The DEDICA Project: The Solution to the Interoperability Problems between the X.509 and EDIFACT Public Key Infrastructures -- Biometrics -- Multiresolution Analysis and Geometric Measures for Biometric Identification Systems.

The CQRE [Secure] conference provides a new international forum giving a close-up view on information security in the context of rapidly evolving economic processes. The unprecedented reliance on computer technology has transformed the previous technical side-issue "information security" to a management problem requiring decisions of strategic importance. Thus one of the main goals of the conference is to provide a platform for both technical specialists as well as decision makers from government, industry, commercial, and academic communities. The target of CQRE is to promote and stimulate dialogue between managers and experts, which seems to be necessary for providing secure information systems in the next millennium. Therefore CQRE consists of two parts: Part I mainly focuses on strategic issues of information security, while the focus of Part II is more technical in nature. This volume of the conference proceedings consists of the reviewed and invited contributions of the second part. The program committee considered 46 papers and selected only 15 for full presentation. For the participants’ convenience we have also included the notes of the invited lectures and short workshop talks in this volume.