Trade in financial services : mobile banking in Southern Africa

The report will be discussed at a policy discussion workshop that will being together a select group of policy champions from each of the focus countries to discuss appropriate incentives that encourage innovative bank and non-bank led domestic and international m-banking solutions. In this Introduction, the authors summarize the layout of the report, and then touch upon two over-arching issues that need to be taken into account in reading the report. To set the context for m-banking services in the focus countries, chapter two reviews the demand for m-banking services in Southern Africa, particularly in relation to migrant remittances and cross-border payments of trade-related transactions. This analysis is complemented by some international comparisons set out in annex C. On the supply side, chapter three briefly describes the financial and telecommunications landscape in which the development of m-banking is set. The heart of this study is the country diagnostics set out in annex A, which examine, for each country the regulatory issues that are listed in annex B. For ease of reference, the results of the country diagnostics are summarized in chapter four. The country diagnostics include a number of recommendations to overcome the constraints on the development of accessible m-banking in each country and the region, which are developed further in the draft presentation for the workshop in annex D. The main threads of the key recommendations are brought together and summarized in chapter five.Banks&Banking Reform,Emerging Markets,Access to Finance,E-Business,Remittances

Tests for Establishing Security Properties

Ensuring strong security properties in some cases requires participants to carry out tests during the execution of a protocol. A classical example is electronic voting: participants are required to verify the presence of their ballots on a bulletin board, and to verify the computation of the election outcome. The notion of certificate transparency is another example, in which participants in the protocol are required to perform tests to verify the integrity of a certificate log. We present a framework for modelling systems with such `testable properties', using the applied pi calculus. We model the tests that are made by participants in order to obtain the security properties. Underlying our work is an attacker model called ``malicious but cautious'', which lies in between the Dolev-Yao model and the ``honest but curious'' model. The malicious-but-cautious model is appropriate for cloud computing providers that are potentially malicious but are assumed to be cautious about launching attacks that might cause user tests to fail

Distributed Governance: a Principal-Agent Approach to Data Governance -- Part 1 Background & Core Definitions

To address the need for regulating digital technologies without hampering innovation or pre-digital transformation regulatory frameworks, we provide a model to evolve Data governance toward Information governance and precise the relation between these two terms. This model bridges digital and non-digital information exchange. By considering the question of governed data usage through the angle of the Principal-Agent problem, we build a distributed governance model based on Autonomous Principals defined as entities capable of choice, therefore capable of exercising a transactional sovereignty. Extending the legal concept of the privacy sphere to a functional equivalent in the digital space leads to the construction of a digital self to which rights and accountability can be attached. Ecosystems, defined as communities of autonomous principals bound by a legitimate authority, provide the basis of interacting structures of increasing complexity endowed with a self-replicating property that mirrors physical world governance systems. The model proposes a governance concept for multi-stakeholder information systems operating across jurisdictions. Using recent software engineering advances in decentralised authentication and semantics, we provide a framework, Dynamic Data Economy to deploy a distributed governance model embedding checks and balance between human and technological governance. Domain specific governance models are left for further publications. Similarly, the technical questions related to the connection between a digital-self and its physical world controller (e.g biometric binding) will be treated in upcoming publications.Comment: 27 pages, 20 figures, basis of presentation at University of Geneva's lectures on Information Securit

Privacy conscious architecture for personal information transfer from a personal trusted device to an HTTP based service

Modern services request personal information from their customers. The personal information is not needed only for identifying the customer but also for customising the service for each customer. In this paper we first analyse the existing approaches for personal information handling and point out their weaknesses. We desribe an architecture for the delivery of personal information from the customer to the HTTP based service in the Internet. For personal information storing our architecture relies on a mobile device, such as a customer’s mobile phone. The access of the service is conducted with a traditional desktop computer. The information is transmitted to the service on request via a desktop computer that fetches the information from a mobile device over a wireless link. The goal of our approach is to simplify the use of services by helping the customer to provide the required personal information. Furthermore our approach is designed so that existing services require only minor changes. We introduce methods for the customer to control his own privacy by providing notation to define the required security measures for automated data transfer. Finally we discuss the possible security risks of our architecture

Veritaa: A distributed public key infrastructure with signature store

Today, the integrity and authenticity of digital documents and data are often hard to verify. Existing public key infrastructures (PKIs) are capable of certifying digital identities but do not provide solutions to store signatures immutably, and the process of certification is often not transparent. We propose Veritaa, a distributed public key infrastructure with an integrated signature store (DPKISS). The central part of Veritaa is the Graph of Trust that manages identity claims and singed declarations between identity claims and document identifiers. An application-specific distributed ledger is used to store the transactions that form the Graph of Trust immutably. For the distributed certification of identity claims, a reputation system based on signed trust declarations and domain vetting is used. In this work, we have designed and implemented the proposed architecture of Veritaa, created a testbed, and performed several experiments. The experiments show the benefits and the high performance of Veritaa

Network Access Control: Disruptive Technology?

Network Access Control (NAC) implements policy-based access control to the trusted network. It regulates entry to the network by the use of health verifiers and policy control points to mitigate the introduction of malicious software. However the current versions of NAC may not be the universal remedy to endpoint security that many vendors tout. Many organizations that are evaluating the technology, but that have not yet deployed a solution, believe that NAC presents an opportunity for severe disruption of their networks. A cursory examination of the technologies used and how they are deployed in the network appears to support this argument. The addition of NAC components can make the network architecture even more complex and subject to failure. However, one recent survey of organizations that have deployed a NAC solution indicates that the \u27common wisdom\u27 about NAC may not be correct

Assured information sharing for ad-hoc collaboration

Collaborative information sharing tends to be highly dynamic and often ad hoc among organizations. The dynamic natures and sharing patterns in ad-hoc collaboration impose a need for a comprehensive and flexible approach to reflecting and coping with the unique access control requirements associated with the environment. This dissertation outlines a Role-based Access Management for Ad-hoc Resource Shar- ing framework (RAMARS) to enable secure and selective information sharing in the het- erogeneous ad-hoc collaborative environment. Our framework incorporates a role-based approach to addressing originator control, delegation and dissemination control. A special trust-aware feature is incorporated to deal with dynamic user and trust management, and a novel resource modeling scheme is proposed to support fine-grained selective sharing of composite data. As a policy-driven approach, we formally specify the necessary pol- icy components in our framework and develop access control policies using standardized eXtensible Access Control Markup Language (XACML). The feasibility of our approach is evaluated in two emerging collaborative information sharing infrastructures: peer-to- peer networking (P2P) and Grid computing. As a potential application domain, RAMARS framework is further extended and adopted in secure healthcare services, with a unified patient-centric access control scheme being proposed to enable selective and authorized sharing of Electronic Health Records (EHRs), accommodating various privacy protection requirements at different levels of granularity

The Future of the Internet

Presents findings from a survey of technology leaders, scholars, industry officials, and analysts. Evaluates the network infrastructure's vulnerability to attack, and the Internet's impact on various institutions and activities in the coming decade