A tokenization-based communication architecture for HCE-Enabled NFC services

Following the announcement of Host Card Emulation (HCE) technology, card emulation mode based Near Field Communication (NFC) services have gained further appreciation as an enabler of the Cloud-based Secure Element (SE) concept. A comprehensive and complete architecture with a centralized and feasible business model for diverse HCE-based NFC services will be highly appreciated, particularly by Service Providers and users. To satisfy the need in this new emerging research area, a Tokenization-based communication architecture for HCE-based NFC services is presented in this paper. Our architecture proposes Two-Phased Tokenization to enable the identity management of both user and Service Provider. NFC Smartphone users can store, manage, and make use of their sensitive data on the Cloud for NFC services; Service Providers can also provide diverse card emulation NFC services easily through the proposed architecture. In this paper, we initially present the Two-Phased Tokenization model and then validate the proposed architecture by providing a case study on access control. We further evaluate the usability aspect in terms of an authentication scheme. We then discuss the ecosystem and business model comprised of the proposed architecture and emphasize the contributions to ecosystem actors. Finally, suggestions are provided for data protection in transit and at rest.This work is funded by KocSistem Information and Communication Services Inc. and Turkish Ministry of Science, Industry and Technology under SAN-TEZ Project no. 0726.STZ.2014Publisher's Versio

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Cryptocurrencies and tokenization of assets: the managerial implications of a new financial reality

Cryptocurrency and tokenization of assets is a phenomenon that is yet to change many sectors in the economy. Already, its impact has had a significant effect on many financial markets. Cryptocurrencies are more than just a means of payment and transactions. The technology behind it, blockchain, has an even greater impact because it can be adopted even beyond the financial sector. The evolution of tokens and their popularity in the financial sector has had both positive and negative implications on the financial markets and companies. This research seeks to show the managerial implications of cryptocurrency and tokenization of assets. The present dissertation aims to address this gap because of the need for regulation of the sector. To understand the managerial implications of cryptocurrency and tokenization of assets, it is essential that we first understand what the two aspects are and how they operate. Later in this document, we shall observe that Bitcoin is currently the most popular cryptocurrency, although various types exist. At its inception in 2008, there were only about 50 coins in circulation, which has since evolved. Although blockchain technology had long since been invented, it only became popular with Bitcoin. The technology has three versions premised on virtual currency, smart contracts, and other sectors beyond finance and markets. This technology operates through complex algorithms and computers interconnected to minimize the possibility of fraud and hackings. Using companies like PayPal and eBay, valuable assets can be tokenized and traded as well. Blockchain is also popular for its ability to track records. The data is public and easily accessible. However, the privacy and anonymity of persons are also emphasized. Research was carried out using a qualitative method. This was done by reviewing and analyzing past literature on cryptocurrencies and their general impact on the economy. The pros and cons of using cryptocurrency were also examined to form a clear opinion on its economy usage. It was found that cryptocurrency and tokenization of assets guarantee security, are efficient for payment and promote transparency for business. However, it has limitations, such as the increased risk of fraudsters and illegal transactions

Database security framework design using tokenization

One of the challenging tasks in database management system today is protecting sensitive data that are complex in the database system. Most organization opt for implementation of data encryption which is one of the most effective security control mechanism, but data encryption only render information unreadable to those that do not have the secret decryption key. The core issue with data encryption techniques is that, it is reversibly. In these regards, sensitive data need to be tokenized first before encrypting for better security. Therefore, this work is introducing tokenization technique. Tokenization means replacement or substitution of sensitive data with a token, as an additional technique on database system for protecting sensitive data in all higher institutions and other firms that deal with sensitive data. A database security framework using tokenization was design, implemented using NetBeans 8.1 IDE, Java Platform SE binary (jdk-8u91-windows-x64) and xampp-windows-x64-7.3.7-0-VC15 (Apache and MySQL), an official IDE for Java 8 and then encrypt the tokenized data using AES before storing it in server 127.0.0.1 a localhost phpMyAdmin Database tools and evaluated with other security systems (encoding, hashing and encryption) on student database. Results shows that tokenization technique has 95% capacity to protect sensitive data compare to other security systems

The Fact-Finding Security Examination in NFC-enabled Mobile Payment System

Contactless payments devised for NFC technology are gaining popularity. Howbeit, with NFC technology permeating concerns about arising security threats and risks to lessen mobile payments is vital. The security analysis of NFC-enabled mobile payment system is precariously imperative due to its widespread ratification. In mobile payments security is a prevalent concern by virtue of the financial value at stave. This paper assays the security of NFC based mobile payment system. It discusses the security requirements, threats and attacks that could occur in mobile payment system and the countermeasures to be taken to secure pursuance suitability

Analysis and evaluation of security developments in electronic payment methods

This master thesis with the name "Analysis and Evaluation of Security Developments in Electronic Payment Methods," aims to make a compendium of the technologies and standards used on today's payment card transactions since there is no such compendium available today. This thesis also evaluates the security of the technologies used and the amount of effort required by merchants for the compliance of the Payment Card Industry Data Security Standard (PCI DSS). With the results of these evaluations, it was possible to make recommendations to the merchants using payment cards as a form of payment and to the manufacturers of payment cards. Recommendations that its intention is to increase the security of the card payment transactions